Contributors mailing list archives

contributors@odoo-community.org

Browse archives

Avatar

Re: Odoo 10 letsencrypt nginx

by
MISYL SERVICES., Michael Delvoye
- 21/03/2017 10:05:23
Thanks Robert :-)

2017-03-21 8:52 GMT+01:00 robert@redo2oo.ch <robert@redo2oo.ch>:
This is what I use:


# afbsdemo
# -------------------
#_robert_
server {
    listen 80;
    listen [::]:80;
    server_name           demo.afbs.ch;
    access_log            /var/log/nginx/afbsdemo80.access.log combined;
    error_log             /var/log/nginx/afbsdemo80.error.log;
#    location / {
#      rewrite ^/(.*) https:/demo.afbs.ch:443/$1 permanent;
#    }
    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8073;
    }
}


server {
    listen 443;
    listen [::]:443;
    server_name  demo.afbs.ch;
    ssl on;

    #rr
    ssl_certificate /etc/letsencrypt/live/demo.afbs.ch/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/demo.afbs.ch/privkey.pem; # managed by Certbot
    ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
    ssl_session_timeout 1440m; # managed by Certbot

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
    ssl_prefer_server_ciphers on; # managed by Certbot

    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM$


    access_log           /var/log/nginx/afbsdemo443.access.log combined;
    error_log            /var/log/nginx/afbsdemo443.error.log;
    client_max_body_size 128M;
    gzip                 on;
    proxy_read_timeout   600s;
    index  index.html    index.htm index.php;

    add_header Strict-Transport-Security "max-age=31536000";
    proxy_set_header         Host $http_host;
    proxy_set_header         X-Real-IP $remote_addr;
    proxy_set_header         X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header         X-Forwarded-Proto https;
    proxy_set_header         X-Forwarded-Host $http_host;

    location / {
        proxy_pass              http://127.0.0.1:8073;
        proxy_read_timeout      6h;
        proxy_connect_timeout   5s;
        proxy_redirect          http://127.0.0.1:8073 https://demo.afbs.ch:443;
        add_header X-Static     no;
        proxy_buffer_size       64k;
        proxy_buffering         off;
        proxy_buffers           4 64k;
        proxy_busy_buffers_size 64k;
        proxy_intercept_errors  on;
    }

    location /longpolling/ {
      proxy_pass              http://127.0.0.1:18073;
    }

    location ~ /[a-zA-Z0-9_-]*/static/ {
        proxy_pass              http://127.0.0.1:8073;
        proxy_cache_valid       200 60m;
        proxy_buffering         on;
        expires                 864000;
    }
}

rober


On 21.03.2017 08:23, Michael Delvoye wrote:
<blockquote cite="mid:CADMZLWcyMiKF6PskNMaSfEcLTp8Gewn0xLU7bFSNSCxb71PVuQ@mail.gmail.com" type="cite">
Hi everybody,
I try to implement letsencrypt on a nginx as a revers proxy but i fail.

I have the excellent book ODOO_10_DEVELOPMENT_ESSENTIALS but i turn around with no solution


If one of you has an idea so as to help, it would be nice.
Here my basic conf file


server {
        listen 80 default;
        server_name  xxxx.misyl.net;

        location / {
                proxy_pass      http://127.0.0.1:9000;
                #allow   xx.xx.xx.xx;
                #allow  xx.xx.xx.xx;
                #deny    all;
        }

}

server {
        listen 443 default;
        server_name xxxx.misyl.net

        # ssl settings
        ssl on;
        ssl_certificate /etc/letsencrypt/live/xxxx.misyl.net/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xxxx.misyl.net/privkey.pem;

        keepalive_timeout 60;

        # proxy header and settings
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;

        location / {
                proxy_pass http://127.0.0.1:9000;
        }
}

thanks for your help.



--
Michael Delvoye
Directeur Technique
MISYL SERVICES

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe


_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe




--
Michael Delvoye
Directeur Technique
MISYL SERVICES

Reference