Contributors mailing list archives
contributors@odoo-community.org
Browse archives
Re: Odoo 10 letsencrypt nginx
by
MISYL SERVICES., Michael Delvoye
Thanks Robert :-)
2017-03-21 8:52 GMT+01:00 robert@redo2oo.ch <robert@redo2oo.ch>:
This is what I use:<blockquote cite="mid:
# afbsdemo
# -------------------
#_robert_
server {
listen 80;
listen [::]:80;
server_name demo.afbs.ch;
access_log /var/log/nginx/afbsdemo80.access.log combined;
error_log /var/log/nginx/afbsdemo80.error.log;
# location / {
# rewrite ^/(.*) https:/demo.afbs.ch:443/$1 permanent;
# }
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8073;
}
}
server {
listen 443;
listen [::]:443;
server_name demo.afbs.ch;
ssl on;
#rr
ssl_certificate /etc/letsencrypt/live/demo.afbs.ch/fullchain.pem ; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.afbs.ch/privkey.pem ; # managed by Certbot
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM$
access_log /var/log/nginx/afbsdemo443.access.log combined;
error_log /var/log/nginx/afbsdemo443.error.log;
client_max_body_size 128M;
gzip on;
proxy_read_timeout 600s;
index index.html index.htm index.php;
add_header Strict-Transport-Security "max-age=31536000";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
location / {
proxy_pass http://127.0.0.1:8073;
proxy_read_timeout 6h;
proxy_connect_timeout 5s;
proxy_redirect http://127.0.0.1:8073 https://demo.afbs.ch:443;
add_header X-Static no;
proxy_buffer_size 64k;
proxy_buffering off;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_intercept_errors on;
}
location /longpolling/ {
proxy_pass http://127.0.0.1:18073;
}
location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_pass http://127.0.0.1:8073;
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
}
}
rober
On 21.03.2017 08:23, Michael Delvoye wrote:CADMZLWcyMiKF6PskNMaSfEcLTp8Ge " type="cite">wn0xLU7bFSNSCxb71PVuQ@mail. gmail.com Hi everybody,I try to implement letsencrypt on a nginx as a revers proxy but i fail.I have the excellent book ODOO_10_DEVELOPMENT_ESSENTIALS but i turn around with no solution If one of you has an idea so as to help, it would be nice.Here my basic conf fileserver {listen 80 default;server_name xxxx.misyl.net;location / {proxy_pass http://127.0.0.1:9000;#allow xx.xx.xx.xx;#allow xx.xx.xx.xx;#deny all;}}server {listen 443 default;server_name xxxx.misyl.net# ssl settingsssl on;ssl_certificate /etc/letsencrypt/live/xxxx.misyl.net/fullchain.pem ;ssl_certificate_key /etc/letsencrypt/live/xxxx.misyl.net/privkey.pem ;keepalive_timeout 60;# proxy header and settingsproxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_redirect off;location / {proxy_pass http://127.0.0.1:9000;}}thanks for your help.--Michael DelvoyeDirecteur TechniqueMISYL SERVICES______________________________
_________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
______________________________
_________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
Michael Delvoye
Directeur Technique
MISYL SERVICES
