(01-02) odoo8.0_Ubuntu14.04_nginx反代理设置
作者:陈伟明
联系 : QQ 942923305 | 微信 toby942923305
E-mail: cwm.win@hotmail.com
==================================
服务器
操作系统: Ubuntu trusty14.04
nginx 版本: 1.10.1
==================================
修订时间:
15:09 2015-10-20 星期二
17:13 2015-10-23 星期五 修订错误
21:45 2016-06-09 星期四
=======================安装nginx前期准备==============================
安装依赖
# apt-get -y install libpcre3 libpcre3-dev zlib1g-dev libssl-dev build-essential libxml2 libxml2-dev libxslt1.1 libxslt1-dev geoip-database libgeoip-dev freetype* libgd2-xpm-dev
新建要入下载软件的目录
# mkdir /opt/soft
# cd /opt/soft
安装openssl (做ssl 443时会用到)
# wget http://www.openssl.org/source/openssl-1.0.2d.tar.gz
# tar -zxvf openssl-1.0.2d.tar.gz -C /usr/local/src/
# cd /usr/local/src/openssl-1.0.2d/
# ./config
# make
# make install
安装nginx
==========================nginx1.10.x安装============================
# cd /opt/soft
# curl -O http://nginx.org/download/nginx-1.10.1.tar.gz
# useradd www
# mkdir -p /var/log/nginx
# chown -R www:www /var/log/nginx
# tar xzvf nginx-1.10.1.tar.gz
# cd nginx-1.10.1
# mkdir -p /var/tmp/nginx/client
# chown -R www:www /var/tmp/nginx/client
#./configure \
--prefix=/usr/local/nginx\
--conf-path=/etc/nginx/conf/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=www \
--group=www \
--with-openssl=/usr/local/src/openssl-1.0.2d \
--with-http_realip_module\
--with-http_sub_module \
--with-http_dav_module \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-pcre \
--with-file-aio
#make
#make install
说明:
--pid-path=/var/run/nginx/nginx.pid \
这句要和
/etc/nginx/conf/nginx.conf 中的
pid /var/run/nginx/nginx.pid;
要一样,要不然pid还是会以配置文件中的位置为标准
# vi /etc/init.d/nginx #编辑启动文件添加下面内容
-------------------------------
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
DESC=nginx
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
/var/run/$NAME.pid --exec $DAEMON || true
sleep 1
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile \
/var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p /var/run/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0
-----------------------------
# chmod 775 /etc/init.d/nginx #赋予文件执行权限
# update-rc.d nginx defaults #把nginx作为服务随机器启动
# service nginx start
把nginx工具目录加入到环境变量
# vi /etc/profile 最后加一行
PATH=$PATH:/usr/local/nginx/sbin
# source /etc/profile 使其生效
------------------------------------------------------------------------------
配置nginx
# mkdir /etc/nginx/conf/conf.d/
# vi /etc/nginx/conf/nginx.conf 内容如下:
-------------------
user www;
worker_processes 4;
worker_cpu_affinity 00000001 00000010 00000011 00000100 ;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log; #日志
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
include /etc/nginx/conf/mime.types;
include /etc/nginx/conf/gzip.conf;
include /etc/nginx/conf/cache-client.conf;
default_type application/octet-stream;
charset UTF-8;
index index.html index.htm ;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
types_hash_max_size 2048;
include /etc/nginx/conf/conf.d/*.conf;
}
-------------------
# vi /etc/nginx/conf/gzip.conf 内容如下:
----------------------
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
----------------------
# vi /etc/nginx/conf/cache-client.conf 内容如下:
----------------------
#frequently read cache
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
#client cache
client_max_body_size 200m;
client_body_buffer_size 128k;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
#client timeout
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
----------------------
配置完成
================nginx1.10.x安装 结束===============
================配置odoo8与nginx结合 开始===============
对前odoo8 在 ubuntu14.04 是怎么安装的,可以参考前面的一篇文章 《odoo8.0 _Ubuntu14.04源码安装》
已经上传上了空间里,这里我就重复说了
前面一开始安装用的用户是www ,不是官方用的odoo ,这就为采用nginx作反代理,进行了平滑地过度。
生成ssl的证件和key
# mkdir /etc/nginx/ssl
# cd /etc/nginx/ssl
# openssl genrsa -des3 -passout pass:odoo -out server.pass.key 2048 # pass:x 可以换成 pass:hkyejian##@ 这样安全一些
# openssl rsa -passin pass:odoo -in server.pass.key -out server.key
# rm server.pass.key
# openssl req -new -key server.key -out server.csr #这里要添加相关信息,自己按提示写一下就可以
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt #指定证书的有效期 10年
到这里443 ssl 相关做好了
# vi /etc/nginx/conf/conf.d/odoo.conf 内容如下:
---------------------------------
upstream odoo8 {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}
upstream odoo8-im{
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}
server {
listen 443 default;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# add ssl specific settings
keepalive_timeout 60;
# increase proxy buffer to handle some Odoo web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
underscores_in_headers on;
location / {
proxy_pass http://odoo8;
# Force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# set headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Let the Odoo web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
proxy_cache_bypass $http_upgrade;
# By default, do not forward anything
proxy_buffering off;
proxy_redirect http:// https://;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
# Set timeouts
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
send_timeout 3600s;
}
location /longpolling/ {
proxy_pass http://odoo8-im;
# Force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# set headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Let the Odoo web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
proxy_cache_bypass $http_upgrade;
# By default, do not forward anything
proxy_buffering off;
proxy_redirect http:// https://;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
# Set timeouts
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
send_timeout 3600s;
}
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo8;
}
access_log /log/nginx/odoo-ssl.access.log;
error_log /log/nginx/odoo-ssl.error.log;
}
server {
listen 80;
server_name localhost;
underscores_in_headers on;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
error_log /log/nginx/odoo.error.log;
}
----------------------------------------------
# service nginx start
ok了,可以直接用ip访问,不要再加端口8069 ,有nginx反代理,也解了配置文件 使用workers 这个参数大于1的情况的错误
================配置odoo8与nginx结合 结束===============