Skip to content

Instantly share code, notes, and snippets.

@dmattosr
Forked from ryanc-me/odoo.conf
Created January 8, 2017 13:15
Show Gist options
  • Save dmattosr/b57bb8f9d4dbf7e43b779b2ec8cfdbd1 to your computer and use it in GitHub Desktop.
Save dmattosr/b57bb8f9d4dbf7e43b779b2ec8cfdbd1 to your computer and use it in GitHub Desktop.
Sample Odoo/Nginx Config (with dbfilter_from_header support)
# Author: Ryan Cole
# Website: https://ryanc.me
# GitHub: https://github.com/MGinshe
# Usage:
# Place this file in /etc/nginx/sites-enabled/
# Make sure you edit the DOMAIN_HERE and SSL_CERTIFICATE, and DB_FILTER sections
#
# Note: This config file is designed to be used with the Odoo dbfilter_from_header module
# https://apps.openerp.com/apps/modules/9.0/dbfilter_from_header/
# workaround for nginx's inability to escape the $ character. see:
# https://openresty.org/download/agentzh-nginx-tutorials-en.html#nginx-variables-escaping-dollar
geo $dollar {
default "$";
}
# upstreams
upstream odoo {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}
upstream odoo-longpolling {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}
# main server block
server {
listen 80;
server_name DOMAIN_HERE;
return 301 https://DOMAIN_HERE$request_uri
# make sure to preserve the '$request_uri' portion of the above line
# e.g. https://mydomain.com$request_uri
}
server {
listen 443 ssl;
server_name DOMAIN_HERE;
# increase maximum accepted body size
client_max_body_size 200m;
# increase proxy buffer to handle large Odoo web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
# general proxy config
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# proxy headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# for the dbfilter_from_header module
# see: https://apps.openerp.com/apps/modules/9.0/dbfilter_from_header/
# make sure you _only_ replace the `DB_FILTER` section (leave the ^ and $dollar portions)
#proxy_set_header X-Odoo-dbfilter ^DB_FILTER$dollar
# default settings
proxy_redirect off;
proxy_buffering off;
# enable ssl
ssl on;
ssl_certificate SSL_CERTIFICATE;
ssl_certificate_key SSL_CERTIFICATE_KEY;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
# uncomment if you're using cloudflare's "Full" SSl option
#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# log file locations
access_log /var/log/nginx/odoo-access.log;
error_log /var/log/nginx/odoo-error.log;
# enable gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
# proxy requests to the appropriate upstream
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
location /longpolling {
proxy_redirect off;
proxy_pass http://odoo-longpolling;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment