Is possible to use SSL in Odoo with NginX avoiding the standard ports (80 and 443)?

By | December 24, 2017
Questions:

Following this tutorial I configured my Nginx like this:

upstream odoo8 {
    server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im {
    server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

server {
    # server port and name (instead of 443 port)
    listen 22443;
    server_name _;

    # Specifies the maximum accepted body size of a client request,
    # as indicated by the request header Content-Length.
    client_max_body_size 2000m;

    # add ssl specific settings
    keepalive_timeout 60;
    ssl on;
    ssl_certificate        /etc/ssl/nginx/server.crt;
    ssl_certificate_key    /etc/ssl/nginx/server.key;

    error_page 497 https://$host:22443$request_uri;

    # limit ciphers
    ssl_ciphers HIGH:!ADH:!MD5;
    ssl_protocols SSLv3 TLSv1;
    ssl_prefer_server_ciphers on;

    # increase proxy buffer to handle some Odoo web requests
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    # general proxy settings
    # force timeouts if the backend dies
    proxy_connect_timeout 3600s;
    proxy_send_timeout 3600s;
    proxy_read_timeout 3600s;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

    # set headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

    # Let the Odoo web service know that we’re using HTTPS, otherwise
    # it will generate URL using http:// and not https://
    proxy_set_header X-Forwarded-Proto https;

    # by default, do not forward anything
    proxy_redirect off;
    proxy_buffering off;

    location / {
        proxy_pass http://odoo8;
    }

    location /longpolling {
        proxy_pass http://odoo8-im;
    }

    # cache some static data in memory for 60mins.
    # under heavy load this should relieve stress on the Odoo web interface a bit.
    location /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo8;
    }
}

And I have this ports in my Odoo configuration

longpolling_port = 8072
xmlrpc_port = 8069
xmlrpcs_port = 22443
proxy_mode = True

When I load https://my_domain:22443/web/database/selector in the browser it loads well. But when I choose a database or I make any action, the address loses the https and the port, so it’s loaded through the port 80. Then I would need to add this to the NginX configuration and the port 80 should be open

## http redirects to https ##
server {
    listen 80;
    server_name _;

    # Strict Transport Security
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host:22443$request_uri? permanent;
}

Is there a way to avoid this redirection? Like that I could keep the port 80 closed in order to avoid spoofing

Update

I can open the login screen with the address https://my_domain:22443/web/login?db=dabatase_name and I can work well inside, but if I log out in order to choose another database in the droplist, it loses again the port and the ssl

Answers:

Please, try to use this construction:

## http redirects to https ##
server
{
listen 80;
server_name _;
if ($http_x_forwarded_proto = 'http')
    {
    return 301 https://my_domain.com$request_uri;
    }
}

Leave a Reply

Your email address will not be published. Required fields are marked *