nginx Odoo

[tarta]

Hi,
I have a server (debian 11) with apache+nginx hosting multiple domains/sites and wanted to install Odoo.
Followed the guides

How to Install Odoo 16 ERP Software on Ubuntu 22.04

Odoo (formerly known as OpenERP) is a self-hosted suite of over 10,000 open Odoo is a free and open-source ERP solution for multiple types of business...

www.howtoforge.com

Installing Odoo — Odoo 16.0 documentation

www.odoo.com

and got stuck on nginx configuration setting it up.

how can enable odoo to be accessible under server IP/hostname:8069 or odoo.server.com?

 

[zEitEr]

Hello,

While instructing on how to make the Odoo be accessible via IP/hostname:8069 goes out of the forums scope. We might help you to configure it to be accessible via odoo.server.com. For this you will need to configure Nginx to proxy requests to 127.0.0.1:8069 (assuming you've already made it running and bind to 127.0.0.1:8069).

To make it work you will need to add custom code:

|?PROXY_IP=127.0.0.1|
|?PORT_8080=8069|
|?PORT_8081=8069|

for Nginx for odoo.server.com in DirectAdmin at admin level. It's a Custom HTTPD Configurations page in DirectAdmin.

And click "Save". Give a minute or so for changes to take an effect.

 

[tarta]

Thanks zEitEr

1) created new subdomain
oddo.domain.com

2) added
|?PROXY_IP=127.0.0.1|
|?PORT_8080=8069|
|?PORT_8081=8069|

3) I've managed to start Odoo under http://<IP>:8069
Odoo is accessible under every domain hosted on the server under http://<domain>:8069

4) How to move Oddo under odoo.selecteddomain. only?

 

[MaXi32]

@tarta This is a good topic that I was searching for a few years back. I use Odoo too for my company and the last time I try on an existing panel (not sure if it was either DA or Cpanel) but it conflicted with existing python dependencies in my server as Odoo required a lot of python packages. Please keep this post updated if you have successfully made it run without issue on the existing DA panel. Currently, I only run it on a standalone server. Thank you.

 

[zEitEr]

added

If you added the code into templates, then that's expected. The code should be added for a single domain only. It's a Custom HTTPD Configurations page in DirectAdmin.

See https://docs.directadmin.com/webser...ing-custom-httpd-conf-code-to-the-virtualhost for more details.

 

[tarta]

If you added the code into templates, then that's expected. The code should be added for a single domain only. It's a Custom HTTPD Configurations page in DirectAdmin.

See https://docs.directadmin.com/webser...ing-custom-httpd-conf-code-to-the-virtualhost for more details.

1) I've added it to only one selected domain:



yet, Odoo is accessible under every domain hosted on the server under http://<domain>:8069
(via http only, I cannot access Oddo via https)


2) I ran a test - removed
|?PROXY_IP=127.0.0.1|
|?PORT_8080=8069|
|?PORT_8081=8069|
from the Custom HTTPD Configurations and ... I can still access Odoo http://<domain>:8069

 

[zEitEr]

1. The custom code I've mentioned is for Nginx only, it's not usable for Apache.
2. The custom code makes Oddo accessible on http://<domain>/ and https://<domain>/, i.e. default ports HTTP:80 HTTPS:443.
3. In order to disable access to the port :8069, you should use a firewall. That might be so that your personal IP is added into firewall as trusted, and you might be the only person who has an access to the port :8069. Anyway my instructions does not cover the case if you need only one domain to serve the port :8069.

 

[tarta]

@tarta This is a good topic that I was searching for a few years back. I use Odoo too for my company and the last time I try on an existing panel (not sure if it was either DA or Cpanel) but it conflicted with existing python dependencies in my server as Odoo required a lot of python packages. Please keep this post updated if you have successfully made it run without issue on the existing DA panel. Currently, I only run it on a standalone server. Thank you.

as you've decided to run it on a separate server - how did you harden it? I want to limit the complete access to certain IPs only.
I found a module https://apps.odoo.com/apps/modules/13.0/access_restriction_by_ip/ but it restricts user logond to IPs whereas I want to avoid access even to a Odoo logon screen

 

[tarta]

1. The custom code I've mentioned is for Nginx only, it's not usable for Apache.
I'm using apache_nginx setup

2. The custom code makes Oddo accessible on http://<domain>/ and https://<domain>/, i.e. default ports HTTP:80 HTTPS:443.
https keeps failing. Odoo log shows:

2022-12-01 15:44:02,700 265510 ERROR ? werkzeug: 109.173.228.179 - - [01/Dec/2022 15:44:02] code 400, message Bad request version ('qH\x00"\x13\x01\x13\x03\x13\x02À+À/̨̩À,À0À') - - -
2022-12-01 15:44:02,701 265510 INFO ? werkzeug: 109.173.228.179 - - [01/Dec/2022 15:44:02] "ü®H�pÍXõz¯Eê{òYÛ�Ë:f+çBh×PÓCh]uï±öàâ]O¨� �9HM³ÞÅÇ qH"À+À/̨̩À,À0À" HTTPStatus.BAD_REQUEST - - - -
2022-12-01 15:44:45,711 265510 ERROR ? werkzeug: 127.0.0.1 - - [01/Dec/2022 15:44:45] code 400, message Bad request version ('\x00\x04\x03\x00\x01\x02\x00') - - -
PðG���/��³W0UlfáòDþrEÀ+À/À,À0̨̩��ÿ�werkzeug: 127.0.0.1 - - [01/Dec/2022 15:44:45] "ðìÿ³�˪Râ�h�S]��~c×Âô¿øf¶ÊéÀ£Õ¹í KÀìÇ9¶
" HTTPStatus.BAD_REQUEST - - - -



3. In order to disable access to the port :8069, you should use a firewall. That might be so that your personal IP is added into firewall as trusted, and you might be the only person who has an access to the port :8069. Anyway my instructions does not cover the case if you need only one domain to serve the port :8069.

found https://help.liquidweb.com/s/article/Allowing-Port-Access-by-IP-Address-in-CSF and I'll use

protocol:in:d=8069:s=IP

 

[zEitEr]

I see. Try http://<domain>/ then
For HTTPS you might need first enable SSL in Oddo, or another changes are required.

 

[tarta]

2) https
I'll continue digging into it and will paste the solution, If found


3) found https://help.liquidweb.com/s/article/Allowing-Port-Access-by-IP-Address-in-CSF and I'll use
protocol:in:d=8069:s=IP

that works lovely. I've limited access to Odoo to selected IPs only

 

[MaXi32]

as you've decided to run it on a separate server - how did you harden it? I want to limit the complete access to certain IPs only.
I found a module https://apps.odoo.com/apps/modules/13.0/access_restriction_by_ip/ but it restricts user logond to IPs whereas I want to avoid access even to a Odoo logon screen

I don't limit IP as the public one has a live ecommerce module but I do add another extra httpd password on the login screen including the database selector. I have another Odoo server set up as an intranet server (so only employees can access them inside the premise not from public IP; useful for attendance kiosk mode where they can only take attendance inside that kiosk mode). Never use that module u posted. will try to use it.

 

[tarta]

but I do add another extra httpd password on the login screen including the database selector.

where ca set it up?

 

[tarta]

2) I ran a test - removed
|?PROXY_IP=127.0.0.1|
|?PORT_8080=8069|
|?PORT_8081=8069|
from the Custom HTTPD Configurations and ... I can still access Odoo http://<domain>:8069

I still did not manage to run Odoo on port 80/443 instead of 8069


any more hints?

 

[zEitEr]

I want Nginx to proxy request to my application

Running Nginx + Apache on a Directadmin server, you can still configure Nginx to proxy requests to your Node.JS or Python application for your domain. And here is how can you do it.

help.poralix.com

 

[tarta]

o wow! freshly added - superb! I will check it tomorrow morning (CET) as I'm traveling now.

 

[tarta]

o wow! freshly added - superb! I will check it tomorrow morning (CET) as I'm traveling now.

I was too tempted not to test it.
it works flawlessly including HTTPS

big thanks zEitEr for your help! much appreciated

case closed

 

[tarta]

reopening this topic as I came across errors.

1) I wanted to set the nginx as per https://help.poralix.com/articles/nginx-to-proxy-requests-to-custom-port-in-directadmin but in Custom HTTPD Configurations / nginxPproxy I see errors:

nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/nginx-vhosts.conf:40
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/nginx-vhosts.conf:41
nginx: [emerg] invalid URL prefix in /usr/local/directadmin/data/users/residual/nginx.conf:30
nginx: configuration file /etc/nginx/nginx.conf test failed

within nginx-vhosts.conf on lines 40/41 I assume https2 is causing an issue
listen 185.188.249.45:443 ssl http2;
listen 127.0.0.1:443 ssl http2;

how to fix it? removing http2?


2) file /usr/local/directadmin/data/users/residual/nginx.conf - line 30
proxy_pass |PROXY_PASS|;
that repeats within the file

what's wrong here?

regards,

ps. all websites on that server are running OK

 

[Active8 (standby mode)]

nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/nginx-vhosts.conf:40
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/nginx-vhosts.conf:41

is not really an error (for now) happend after updating nginx to the latest version, DA nginx templates has to be changed by staff I assume for now you can ignore it

 

[zEitEr]

Yes, that's not an error, just a warning coming from NGINX 1.25.1 and newer. We have a fix, since it is not critical, it would be more correct to get a fix from DirectAdmin. Should you still want it, feel free to contact me for a private assistance.

2) file /usr/local/directadmin/data/users/residual/nginx.conf - line 30
proxy_pass |PROXY_PASS|;
that repeats within the file

what's wrong here?

I am not sure what you mean here. May you provide the whole config file for the user? You might mask your real domain name.