Last active
July 28, 2019 12:33
-
-
Save yk2kus/5418f90d2f2ae37521d2d9775ffa88c6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ################################################################################ | |
| # Script for Reverse proxy in Odoo | |
| # Author: Yogesh Kushwaha, 25-December-2015 | |
| #------------------------------------------------------------------------------- | |
| # | |
| # This script will install ODOO Server on | |
| # clean Ubuntu 14.04 Server | |
| #------------------------------------------------------------------------------- | |
| # USAGE: | |
| # | |
| # | |
| # save the file as odoo-reverse-proxy | |
| # Run: | |
| # ./odoo-reverse-proxy | |
| # | |
| ################################################################################ | |
| ##fixed parameters (Note : update Static IP of your system before running Script) | |
| SYS_IP="54.94.153.46" | |
| #-------------------------------------------------- | |
| # Install Nginx | |
| #-------------------------------------------------- | |
| echo -e "\n---- Install Nginx Server ----" | |
| sudo apt-get install nginx | |
| #-------------------------------------------------- | |
| # Generate a new key, you will be asked to enter a passphrase and confirm: | |
| #-------------------------------------------------- | |
| echo -e "\n---- Generating Key ----" | |
| mkdir temp | |
| cd temp | |
| openssl genrsa -des3 -out server.pkey 1024 | |
| #-------------------------------------------------- | |
| # Remove the passphrase by doing this, we do this because we don’t won’t to have to type this passphrase after every restart. | |
| #-------------------------------------------------- | |
| echo -e "\n---- Remove Passphrase from Key ----" | |
| openssl rsa -in server.pkey -out server.key | |
| openssl req -new -key server.key -out server.csr | |
| openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |
| sudo chown root:www-data server.crt server.key | |
| sudo chmod 640 server.crt server.key | |
| sudo mkdir /etc/ssl/nginx | |
| sudo chown www-data:root /etc/ssl/nginx | |
| sudo chmod 710 /etc/ssl/nginx | |
| sudo mv server.crt server.key /etc/ssl/nginx/ | |
| #-------------------------------------------------- | |
| # Create the nginx site configuration file | |
| #-------------------------------------------------- | |
| echo -e "\n---- Creating Nginx Configuration File in /tmp----" | |
| sudo echo "upstream webserver { | |
| server 127.0.0.1:8069 weight=1 fail_timeout=300s; | |
| } | |
| server { | |
| listen 80; | |
| server_name $SYS_IP; | |
| # Strict Transport Security | |
| add_header Strict-Transport-Security max-age=2592000; | |
| rewrite ^/.*$ https://\$host\$request_uri? permanent; | |
| } | |
| server { | |
| # server port and name | |
| listen 443 default; | |
| server_name $SYS_IP; | |
| # Specifies the maximum accepted body size of a client request, | |
| # as indicated by the request header Content-Length. | |
| client_max_body_size 200m; | |
| # ssl log files | |
| access_log /var/log/nginx/odoo-access.log; | |
| error_log /var/log/nginx/odoo-error.log; | |
| # ssl certificate files | |
| ssl on; | |
| ssl_certificate /etc/ssl/nginx/server.crt; | |
| ssl_certificate_key /etc/ssl/nginx/server.key; | |
| # add ssl specific settings | |
| keepalive_timeout 60; | |
| # limit ciphers | |
| ssl_ciphers HIGH:!ADH:!MD5; | |
| ssl_protocols SSLv3 TLSv1; | |
| ssl_prefer_server_ciphers on; | |
| # increase proxy buffer to handle some odoo web requests | |
| proxy_buffers 16 64k; | |
| proxy_buffer_size 128k; | |
| location / { | |
| proxy_pass http://webserver; | |
| # force timeouts if the backend dies | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
| # set headers | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for; | |
| # Let the odoo web service know that we're using HTTPS, otherwise | |
| # it will generate URL using http:// and not https:// | |
| proxy_set_header X-Forwarded-Proto https; | |
| # by default, do not forward anything | |
| proxy_redirect off; | |
| } | |
| # cache some static data in memory for 60mins. | |
| # under heavy load this should relieve stress on the odoo web interface a bit. | |
| location ~* /web/static/ { | |
| proxy_cache_valid 200 60m; | |
| proxy_buffering on; | |
| expires 864000; | |
| proxy_pass http://webserver; | |
| } | |
| }" > /tmp/odoo | |
| echo -e "\n---- Creating Nginx Configuration File in /etc/nginx/sites-available/----" | |
| sudo mv /tmp/odoo /etc/nginx/sites-available/odoo | |
| echo -e "\n---- Creating soft link to odoo ----" | |
| sudo ln -s /etc/nginx/sites-available/odoo /etc/nginx/sites-enabled/odoo | |
| #-------------------------------------------------- | |
| # Change the odoo server configuration file | |
| #-------------------------------------------------- | |
| echo -e "\n---- Updating odoo Configuration File ----" | |
| sudo echo "xmlrpc_interface = 127.0.0.1" >> sudo /etc/odoo-server.conf | |
| sudo echo "netrpc_interface = 127.0.0.1" >> sudo /etc/odoo-server.conf | |
| #-------------------------------------------------- | |
| # Restart odoo server and Nginx Server | |
| #-------------------------------------------------- | |
| echo -e "\n---- Restarting odoo ----" | |
| sudo service odoo-server restart | |
| echo -e "\n---- Restarting Nginx ----" | |
| sudo service nginx restart | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment