-
-
Save dmattosr/b57bb8f9d4dbf7e43b779b2ec8cfdbd1 to your computer and use it in GitHub Desktop.
Sample Odoo/Nginx Config (with dbfilter_from_header support)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: Ryan Cole | |
# Website: https://ryanc.me | |
# GitHub: https://github.com/MGinshe | |
# Usage: | |
# Place this file in /etc/nginx/sites-enabled/ | |
# Make sure you edit the DOMAIN_HERE and SSL_CERTIFICATE, and DB_FILTER sections | |
# | |
# Note: This config file is designed to be used with the Odoo dbfilter_from_header module | |
# https://apps.openerp.com/apps/modules/9.0/dbfilter_from_header/ | |
# workaround for nginx's inability to escape the $ character. see: | |
# https://openresty.org/download/agentzh-nginx-tutorials-en.html#nginx-variables-escaping-dollar | |
geo $dollar { | |
default "$"; | |
} | |
# upstreams | |
upstream odoo { | |
server 127.0.0.1:8069 weight=1 fail_timeout=0; | |
} | |
upstream odoo-longpolling { | |
server 127.0.0.1:8072 weight=1 fail_timeout=0; | |
} | |
# main server block | |
server { | |
listen 80; | |
server_name DOMAIN_HERE; | |
return 301 https://DOMAIN_HERE$request_uri | |
# make sure to preserve the '$request_uri' portion of the above line | |
# e.g. https://mydomain.com$request_uri | |
} | |
server { | |
listen 443 ssl; | |
server_name DOMAIN_HERE; | |
# increase maximum accepted body size | |
client_max_body_size 200m; | |
# increase proxy buffer to handle large Odoo web requests | |
proxy_buffers 16 64k; | |
proxy_buffer_size 128k; | |
# general proxy config | |
proxy_connect_timeout 600s; | |
proxy_send_timeout 600s; | |
proxy_read_timeout 600s; | |
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
# proxy headers | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
# for the dbfilter_from_header module | |
# see: https://apps.openerp.com/apps/modules/9.0/dbfilter_from_header/ | |
# make sure you _only_ replace the `DB_FILTER` section (leave the ^ and $dollar portions) | |
#proxy_set_header X-Odoo-dbfilter ^DB_FILTER$dollar | |
# default settings | |
proxy_redirect off; | |
proxy_buffering off; | |
# enable ssl | |
ssl on; | |
ssl_certificate SSL_CERTIFICATE; | |
ssl_certificate_key SSL_CERTIFICATE_KEY; | |
ssl_session_timeout 30m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; | |
# uncomment if you're using cloudflare's "Full" SSl option | |
#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; | |
ssl_prefer_server_ciphers on; | |
# log file locations | |
access_log /var/log/nginx/odoo-access.log; | |
error_log /var/log/nginx/odoo-error.log; | |
# enable gzip | |
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript; | |
gzip on; | |
# proxy requests to the appropriate upstream | |
location / { | |
proxy_redirect off; | |
proxy_pass http://odoo; | |
} | |
location /longpolling { | |
proxy_redirect off; | |
proxy_pass http://odoo-longpolling; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment