Contributors mailing list archives
contributors@odoo-community.org
Browse archives
Re: Odoo 10 letsencrypt nginx
by "robert@redo2oo.ch" <robert@redo2oo.ch> - 21/03/2017 08:42:17This is what I use:
# afbsdemo
# -------------------
#_robert_
server {
listen 80;
listen [::]:80;
server_name demo.afbs.ch;
access_log /var/log/nginx/afbsdemo80.access.log combined;
error_log /var/log/nginx/afbsdemo80.error.log;
# location / {
# rewrite ^/(.*) https:/demo.afbs.ch:443/$1 permanent;
# }
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8073;
}
}
server {
listen 443;
listen [::]:443;
server_name demo.afbs.ch;
ssl on;
#rr
ssl_certificate /etc/letsencrypt/live/demo.afbs.ch/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.afbs.ch/privkey.pem; # managed by Certbot
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM$
access_log /var/log/nginx/afbsdemo443.access.log combined;
error_log /var/log/nginx/afbsdemo443.error.log;
client_max_body_size 128M;
gzip on;
proxy_read_timeout 600s;
index index.html index.htm index.php;
add_header Strict-Transport-Security "max-age=31536000";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
location / {
proxy_pass http://127.0.0.1:8073;
proxy_read_timeout 6h;
proxy_connect_timeout 5s;
proxy_redirect http://127.0.0.1:8073 https://demo.afbs.ch:443;
add_header X-Static no;
proxy_buffer_size 64k;
proxy_buffering off;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_intercept_errors on;
}
location /longpolling/ {
proxy_pass http://127.0.0.1:18073;
}
location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_pass http://127.0.0.1:8073;
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
}
}
rober
On 21.03.2017 08:23, Michael Delvoye wrote:
<blockquote
cite="mid:CADMZLWcyMiKF6PskNMaSfEcLTp8Gewn0xLU7bFSNSCxb71PVuQ@mail.gmail.com"
type="cite">
# afbsdemo
# -------------------
#_robert_
server {
listen 80;
listen [::]:80;
server_name demo.afbs.ch;
access_log /var/log/nginx/afbsdemo80.access.log combined;
error_log /var/log/nginx/afbsdemo80.error.log;
# location / {
# rewrite ^/(.*) https:/demo.afbs.ch:443/$1 permanent;
# }
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8073;
}
}
server {
listen 443;
listen [::]:443;
server_name demo.afbs.ch;
ssl on;
#rr
ssl_certificate /etc/letsencrypt/live/demo.afbs.ch/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.afbs.ch/privkey.pem; # managed by Certbot
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM$
access_log /var/log/nginx/afbsdemo443.access.log combined;
error_log /var/log/nginx/afbsdemo443.error.log;
client_max_body_size 128M;
gzip on;
proxy_read_timeout 600s;
index index.html index.htm index.php;
add_header Strict-Transport-Security "max-age=31536000";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
location / {
proxy_pass http://127.0.0.1:8073;
proxy_read_timeout 6h;
proxy_connect_timeout 5s;
proxy_redirect http://127.0.0.1:8073 https://demo.afbs.ch:443;
add_header X-Static no;
proxy_buffer_size 64k;
proxy_buffering off;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_intercept_errors on;
}
location /longpolling/ {
proxy_pass http://127.0.0.1:18073;
}
location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_pass http://127.0.0.1:8073;
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
}
}
rober
On 21.03.2017 08:23, Michael Delvoye wrote:
Hi everybody,
--
I try to implement letsencrypt on a nginx as a revers proxy
but i fail.
I have the excellent book ODOO_10_DEVELOPMENT_ESSENTIALS
but i turn around with no solution
If one of you has an idea so as to help, it would be nice.
Here my basic conf file
server {
listen 80 default;
server_name xxxx.misyl.net;
location / {
proxy_pass http://127.0.0.1:9000;
#allow xx.xx.xx.xx;
#allow xx.xx.xx.xx;
#deny all;
}
}
server {
listen 443 default;
server_name xxxx.misyl.net
# ssl settings
ssl on;
ssl_certificate /etc/letsencrypt/live/xxxx.misyl.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxx.misyl.net/privkey.pem;
keepalive_timeout 60;
# proxy header and settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
location / {
proxy_pass http://127.0.0.1:9000;
}
}
thanks for your help.
Michael Delvoye
Directeur Technique
MISYL SERVICES
_______________________________________________
Mailing-List:
https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
