[ASK] Configurasi nginx pada OdooERP 12 + Ubuntu Bionic 18.04 + Reverse proxy

Gaes gaes…

Kebetulan ane lg iseng pingin nyobain salah satu aplikasi opensource Odoo ERP, kalau dari review nya sih lumayan bagus dan simple karena udah ada eCommer dan Web Builder bawaan nya, yah paling gak klo bini ane jualan gak susah buat dia oprasiin, nah tapi ini ane ada kendala nih buat config ( nginx ) Engine X nya, kalau temen temen ada yang pernah deploy boleh di share donk tips nya, btw ane udah ikutin beberapa tutorial dr official dan dari google cuma masih ada kegagalann dalam config nya, karena port 8069 nya masih harus di sertakan dalam browser, sebelumnya trims atas pencerahannya. :mohon:

Spek VM

  • Ubuntu 10.8-0ubuntu0.18.04.1
  • PostgreSQL 10.8
  • nginx version: nginx/1.14.0

=============================================================================
Configurasi nginx.conf pada nginx (default)

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

=============================================================================
Configurasi odoo pada nginx (default)

# Odoo servers
upstream odoo {
 server 127.0.0.1:8069;
}

upstream odoochat {
 server 127.0.0.1:8072;
}

# HTTP -> HTTPS
server {
    listen 80;
    server_name 10.1.1.18;
    rewrite ^(.*) https://$host$1 permanent;
    include snippets/letsencrypt.conf;
    return 301 https://example.com$request_uri;
}

# WWW -> NON WWW

server {
    listen 443 ssl http2;
    server_name 10.1.1.18;
    return 301 https://example.com$request_uri;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Proxy headers
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # SSL parameters
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    include snippets/ssl.conf;

    # log files
    access_log /var/log/nginx/odoo.access.log;
    error_log /var/log/nginx/odoo.error.log;

    # Handle longpoll requests
    location /longpolling {
        proxy_pass http://odoochat;
    }

    # Handle / requests
    location / {
       proxy_redirect off;
       proxy_pass http://odoo;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

=============================================================================
Configurasi /etc/odoo.conf default hanya dirubah

- proxy_mode = True

Mohon bantuan gaes buat biar port 8069 bisa redirect ke port 80

Terima kasih

:please: :please: :please: :please: :please:

dipastikan dulu aja om, si oddo udah jalan di port ‘8069’ belum?

kl udah jalan, ya berarti tinggal cari config Nginx reverse proxy yg sesuai.
kl belum jalan ya berarti ada yg salah di konfigurasi Odoonya.

trus jangan lupa juga, kl mau jadiin nginx as reverse proxy, mending si odoonya di bind ke localhost address aja.

cmiiw

sudah jalan om… smoot di port 8069…

Setuju, kalau pake reverse proxy, odoo nya ke localhost aja. Biar nginx didepan yang nerusin ke localhost port 8069

10.1.1.18 < Akses ke sini pake browser jalan ga om?

* Edit:
Btw nginx confignya agak ngaco itu di server httpsnya return 301 https://example.com$request_uri; bakal redirect ke https://example.com

Coba ini

# Odoo servers
upstream odoo {
 server 127.0.0.1:8069;
}

upstream odoochat {
 server 127.0.0.1:8072;
}

# HTTP -> HTTPS
server {
    listen 80;
    server_name 10.1.1.18;
    rewrite ^(.*) https://$host$1 permanent;
    # include snippets/letsencrypt.conf; 80 ga perlu ssl cert
    # return 301 https://example.com$request_uri; ini udah di rewrite diatas
}

# WWW -> NON WWW

server {
    listen 443 ssl http2;
    server_name 10.1.1.18;
    # return 301 https://example.com$request_uri; hapus

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Proxy headers
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # SSL parameters
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    include snippets/ssl.conf;

    # log files
    access_log /var/log/nginx/odoo.access.log;
    error_log /var/log/nginx/odoo.error.log;

    # Handle longpoll requests
    location /longpolling {
        proxy_pass http://odoochat;
    }

    # Handle / requests
    location / {
       proxy_redirect off;
       proxy_pass http://odoo;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

Klo masih belum bisa coba bantu output

ss -ant | grep :8069

trus coba cek pake header http servernya curl -I https://10.1.1.18/ respondnya apa.

Jangan lupa restart nginxnya.

ok ane coba tambahin ini di /etc/odoo-server.conf

xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1

akses ke 10.1.1.18 bisa om

emang sengaja pake example.com om buat dumy doank… sebelum pake doamin beneran… soalnya biar sekalian test port 443 nya

return 301 https://example.com$request_uri; di server https directivenya kynya yg bikin redirect loop. Coba uncomment return 301 di server httpsnya trus servernamenya diubah jadi domain realnya.

server {
    listen 443 ssl http2;
    server_name dummy.domain.com;
    # return 301 https://example.com$request_uri; hapus
    # dan seterusnya
2 Likes

Done om Dita…

return 301 https://example.com$request_uri;

Disitu masalahnya… sip terima kasih :mohon:

Jadi begini confignya :

server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name example.com www.example.com 10.1.1.18;
    return 404; # managed by Certbot
}


# Odoo servers
upstream odoo {
 server 127.0.0.1:8069;
}

upstream odoochat {
 server 127.0.0.1:8072;
}

# HTTP -> HTTPS
server {
    server_name example.com www.example.com 10.1.1.18;
    rewrite ^(.*) https://$host$1 permanent;
    #include snippets/letsencrypt.conf;
    #return 301 https://example.com$request_uri;

    #listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

# WWW -> NON WWW

server {
    listen 443 ssl http2;
    server_name example.com www.example.com 10.1.1.18;
    #return 301 https://example.com$request_uri;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Proxy headers
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # SSL parameters
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot;
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    #ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    #include snippets/ssl.conf;

    # log files
    access_log /var/log/nginx/odoo.access.log;
    error_log /var/log/nginx/odoo.error.log;

    # Handle longpoll requests
    location /longpolling {
        proxy_pass http://odoochat;
    }

    # Handle / requests
    location / {
       proxy_redirect off;
       proxy_pass http://odoo;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

mantap dah… terima kasih… akhirnya bisa kasih bini kesibukan dirumah… :cerdas:

1 Like

:mantap: Btw, gue dulu pernah coba2 odoo dan menurut gue powerful bgt. Dia multi-tenant system yang artinya 1 sistem odoo bisa untuk sharing multiple site cuma dengan mainin config db-filter nya dia. https://www.odoo.com/documentation/12.0/setup/deploy.html#dbfilter

siap kakak… :mohon:

terima kasih atas FR nya suhu… :mohon: