This question has been flagged
3 Replies
225498 Views

In OpenERP 7 ubuntu SSL Connection:-

  <VirtualHost *:443>
     ServerAdmin webmaster@localhost
     ServerName erp.openerp.com
     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/server.crt
     SSLCertificateKeyFile /etc/apache2/ssl/server.key
     ProxyRequests Off
     <Proxy *>
     Order deny,allow
     Allow from all
     </Proxy>
      ProxyVia On
      ProxyPass / http://192.168.20.60:80/
    <location / >
      ProxyPassReverse /
     </location>
     ProxyPassReverse /  http://192.168.20.60:80/
     RequestHeader set "X-Forwarded-Proto" "https"
     # Fix IE problem (httpapache proxy dav error 408/409)
     SetEnv proxy-nokeepalive 1
  </VirtualHost>

In the web browser typed https://ServerName It show message It Works! but no content has been added, yet.

ProxyPass changed into:- [80 to 8069]

   ProxyPass / http://192.168.20.60:8069/

After changed the above line In the web browser typed https://ServerName its automatic open the browser http://servername

SSL mode Enabled in Linux but it autoredirect http instead of https how to solve this issue?

Avatar
Discard

Why are you using a ProxyPassReverse / on location / ? What do you expect this should do?

Best Answer

You should always read the original documentation and try to understand and adapt it to your special situation:

httpd  apache  org / docs / 2.2 / mod / mod_proxy.html (can not post links)

Why do you have OpenERP listening on 192.168.20.60? Is this a dedicated backend-server that runs openerp-server exclusively and Apache is running on another server that can access this IP? I see no other usecase for this configuration - if you have OpenERP on the same machine as Apache, you most likely would like to have OpenERP listen on 127.0.0.1 only and use Apache for accessing it from the outer world - this is neccessary if you want to encrypt the connection via SSL, what you usually do.

The SSL part in your config looks ok, for the proxy part you can try to do this:

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8069/
ProxyPassReverse / http://127.0.0.1:8069/

I am not 100% sure about the ProxyPassReverse as I do not know if OpenERP emits redirects itself - also there is a proxy_mode setting in openerp-server.conf which should handle rewriting of headers already, but using the ProxyPassReverse directive like above seems to work ok for me.

To make openerp-server listen on 127.0.0.1 (only) in /etc/openerp/openerp-server.conf write:

xmlrpc_interface = 127.0.0.1

To redirect all requests to an unencrypted port on the same domain name (that is port 80) use another VirtualHost that just redirects to https like this:

<VirtualHost *:80>
ServerName openerp.example.com
Redirect 301 / https://openerp.example.com
</VirtualHost>

I hope these bits can help you to figure it out for your own setup.

Avatar
Discard
Best Answer

It looks like you use apache, I have installed NGINX as frontend to get an SSL connection to openERP. I have used the following page to set it up.

The config for NGINX:

upstream webserver {
  server 127.0.0.1:8069 weight=1 fail_timeout=300s;
}

server {
  listen 80;
  server_name    _;

  # Strict Transport Security
  add_header Strict-Transport-Security max-age=2592000;

  rewrite ^/.*$ https://$host$request_uri? permanent;
}

server {
  # server port and name
  listen        443 default;
  server_name   openerpserver.example.com;

  # Specifies the maximum accepted body size of a client request,
  # as indicated by the request header Content-Length.
  client_max_body_size 200m;

  # ssl log files
  access_log    /var/log/nginx/openerp-access.log;
  error_log    /var/log/nginx/openerp-error.log;

  # ssl certificate files
  ssl on;
  ssl_certificate        /etc/ssl/nginx/server.crt;
  ssl_certificate_key    /etc/ssl/nginx/server.key;

  # add ssl specific settings
  keepalive_timeout    60;

  # limit ciphers
  ssl_ciphers            HIGH:!ADH:!MD5;
  ssl_protocols            SSLv3 TLSv1;
  ssl_prefer_server_ciphers    on;

  # increase proxy buffer to handle some OpenERP web requests
  proxy_buffers 16 64k;
  proxy_buffer_size 128k;

  location / {
    proxy_pass    http://webserver;
    # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

    # set headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

    # Let the OpenERP web service know that we're using HTTPS, otherwise
    # it will generate URL using http:// and not https://
    proxy_set_header X-Forwarded-Proto https;

    # by default, do not forward anything
    proxy_redirect off;
  }

  # cache some static data in memory for 60mins.
  # under heavy load this should relieve stress on the OpenERP web interface a bit.
  location ~* /web/static/ {
    proxy_cache_valid 200 60m;
    proxy_buffering    on;
    expires 864000;
    proxy_pass http://webserver;
  }
}

In the file /etc/openerp/openerp-server.conf, I added:

#XML only local, if you have an external app connecting to this
#server, remove the next line
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1

Hopefully you can compare these settings with yours.

Avatar
Discard
Author

Thanks for reply Also Tried NGINX but facing the same problem in the address bar entered https://servername it automatically open the page http://servername

Did you change the name of the server in the NGINX config file (openerpserver.example.com -> your.server.name.or.IP) ?? Just follow the guide on the page I linked to. The only issue I had was that the file .rnd in the home directory was locked by root. Just delete it with su rm .rnd

Author

Thanks for reply Server Name changed based on system In ubuntu server through SSH how to find openerp port no [currently configured default port no 8069] In default openerp-server.conf file port no not mentioned.

If you did not specify any port, openERP should listen on 8069. Are you sure only NGinx is listening on port 80, so Apache is not running cq not installed?

Best Answer

Hi,

Please visit this : http://acespritechblog.wordpress.com/2013/05/29/openerp-7-with-ssl-on-ubuntu-12-04/

Email : info@acespritech.com
Skype : acespritech
Blog : acespritechblog.wordpress.com

Avatar
Discard
Author

Hi thanks for reply uninstalled the apache setup and installed again and followed the steps its shows Service Temporarily Unavailable Server at erp.servername Port 443. In ubuntu server through SSH how to find openerp port no [currently configured default port no 8069]

The info at your link is a little short. After changing config of Apache, you need to restart it, you did not mention it. Also you did not configure openERP to accept only from local host. so it is still possible to access openERP over http.....

The configuration you are linking to triggers a syntax error and will make your apache not start - it should be removed.

</Proxy *> is syntactically wrong, also ProxyVia is most likely not needed, if your next hop is openerp-server itself, and please explain what do you expect ProxyPassReverse / to do in <location />?

Please test your configuration at least three times before posting it somewhere.