Odoo 的 CI/CD Nginx 配置 [英] Nginx configuration for CI/CD for Odoo
本文介绍了Odoo 的 CI/CD Nginx 配置的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在为运行 Odoo 的 Web 服务器配置 nginx.我的第一个 nginx 服务器(以 root 身份运行)的配置是:
I am configuring nginx for a web server running Odoo. My configuration for the first nginx server (running as root) is:
#odoo server
upstream runbot_odoo {
server 127.0.0.1:8080;
}
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# http -> https
server {
listen 80;
server_name runbot.mydomain.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name runbot.mydomain.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://odoochat;
}
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
基本上是将 80 重定向到 443,然后反向代理以更正端口 8069 和 8072
Basically it is redirecting 80 to 443, then reverse proxy to correct port 8069 and 8072
然后我有另一个nginx服务器(以普通用户身份运行),配置如下:
Then I have another nginx server (running as normal user), with the following configuration:
pid /home/odoo/src/runbot/runbot/static/nginx/nginx.pid;
error_log /home/odoo/src/runbot/runbot/static/nginx/error.log;
worker_processes 1;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
server_names_hash_max_size 512;
server_names_hash_bucket_size 256;
client_max_body_size 10M;
index index.html;
log_format full '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time';
access_log /home/odoo/src/runbot/runbot/static/nginx/access.log full;
error_log /home/odoo/src/runbot/runbot/static/nginx/error.log;
client_body_temp_path /home/odoo/src/runbot/runbot/static/nginx;
fastcgi_temp_path /home/odoo/src/runbot/runbot/static/nginx;
autoindex on;
gzip on;
gzip_types text/css text/plain application/xml application/json application/javascript;
proxy_temp_path /home/odoo/src/runbot/runbot/static/nginx;
proxy_read_timeout 600;
proxy_connect_timeout 600;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
server {
listen 8080 default;
location / { proxy_pass http://127.0.0.1:8069; }
location /longpolling/im/poll { return 404; }
location /longpolling/poll { return 404; }
location /runbot/static/ {
alias /home/odoo/src/runbot/runbot/static/;
autoindex off;
location ~ /runbot/static/build/[^/]+/(logs|tests)/ {
autoindex on;
}
}
}
server {
# this is for testing master branch
# you can see it in the server_name
# the first part 00058 is the incremental number of the build, so this is the 58'th build
# the second part master-d9d6e8 is the name of the branch, and I think a random number
# the last part runbot.mydomain.com, is the domain.
listen 8080;
server_name ~^00058\-master\-d9d6e8(-[a-z0-9]+)?\.runbot\.mydomain\.com$;
location / { proxy_pass http://127.0.0.1:2000; }
location /longpolling { proxy_pass http://127.0.0.1:2001; }
}
server {
# another build
listen 8080;
server_name ~^00057\-dev\-hr\-operations\-d64c8d(-[a-z0-9]+)?\.runbot\.mydomain\.com$;
location / { proxy_pass http://127.0.0.1:2003; }
location /longpolling { proxy_pass http://127.0.0.1:2004; }
}
server {
# another build
listen 8080;
server_name ~^00056\-dev\-returns\-68ca49(-[a-z0-9]+)?\.runbot\.mydomain\.com$;
location / { proxy_pass http://127.0.0.1:2006; }
location /longpolling { proxy_pass http://127.0.0.1:2007; }
}
server {
# another build
listen 8080;
server_name ~^00055\-dev\-56c2e4(-[a-z0-9]+)?\.runbot\.mydomain\.com$;
location / { proxy_pass http://127.0.0.1:2009; }
location /longpolling { proxy_pass http://127.0.0.1:2010; }
}
server {
# another build
listen 8080;
server_name ~^00054\-master\-06503a(-[a-z0-9]+)?\.runbot\.mydomain\.com$;
location / { proxy_pass http://127.0.0.1:2012; }
location /longpolling { proxy_pass http://127.0.0.1:2013; }
}
server {
listen 8080;
server_name ~.+\.runbot\.mydomain\.com$;
location / { return 404; }
}
}
关于第二个配置文件的说明:
notes on the second config file:
第一个服务器块是默认的,它反向代理到主服务器.除最后一个之外的其他服务器块用于要测试的每个构建.每个构建都在 docker 容器上运行,并公开两个 http 端口(例如:2012 和 2013).
The first server block is the default which reverse proxy to the main server. The other server blocks except last one are for each build to be tested. Each build is running on a docker container, and exposing two http ports (e.g: 2012, and 2013).
帮助理解我的结构的图:
A drawing to help understand my structure:
我的问题是如何使用这样的域发出所有请求 *.runbot.mydomain.com例如 build-01.runbot.mydomain.com 被正确地代理"到端口 8080 上的第二个 nginx 服务器,这将根据子域名将它们代理到正确的端口.我已经有第二个 nginx 服务器正确重定向子域,但我无法让第一个 nginx(以 root 身份运行)代理到第二个.l
My question is how to make all requests with a domain like this *.runbot.mydomain.com for example build-01.runbot.mydomain.com be correctly "proxied" to the second nginx server on port 8080 which will proxy them to the correct port depending on the subdomain name. I already have the second nginx server correctly redirecting subdomains, but I can't get the first nginx (running as root) to proxy to the second one.l
我最好的尝试是将以下配置添加到主 nginx:
My best try was adding the following configuration to the main nginx:
upstream runbot_odoo {
#this upstream is the second nginx server
server 127.0.0.1:8080;
}
......
server {
# a copy from the first config file above with few edits (not the entire file just the 443 server block)
# 1. changed server_name to *.runbot.gsk-erp.com I inteded to catch all subdomains and proxy them to 8080 which can then proxy them to then correct port (2012 for example)
# 2. the location block which now proxy to 8080 instead of 8069
listen 443;
server_name *.runbot.gsk-erp.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/instances.odoo.access.log;
error_log /var/log/nginx/instances.odoo.error.log;
# Redirect requests to runbot config file
location / { proxy_pass http://runbot_odoo; }
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
写http://00058-master-d9d6e8.runbot.mydomain.com时 请求由运行在 8069 上的主服务器处理,而不是 8080,这意味着第一个 443 服务器块仍在处理请求,而不是使用 *.runbot.mydomain.com 作为 server_name 的新请求
When writing http://00058-master-d9d6e8.runbot.mydomain.com the request gets handled by the main server running on 8069, instead of 8080, this means that the first 443 server block is still handling the requests instead of the new one with *.runbot.mydomain.com for server_name
再试一次:
我在第一个之前用 *.runbot.mydomain.com 移动了 443 服务器块.现在它正在处理子域请求,但浏览器上的 url 更改为 https://runbot_odoo(而不是反向代理它正在重定向)
I moved the 443 server block with *.runbot.mydomain.com before the first one. Now it is handling the subdomain requests, but the url on the browser is changed to https://runbot_odoo (Instead of reverse proxy it is redirecting)
推荐答案
在这个答案中找到了解决方案.
将此行添加到位置块
proxy_set_header HOST $host;
完整的 nginx 配置文件:主 nginx(以 root 身份运行)
Full nginx config files: main nginx (running as root)
#odoo server
upstream odoorunbot {
server 127.0.0.1:8080;
}
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# http -> https
server {
listen 80;
server_name runbot.mydomain.com;
rewrite ^(.*) https://$host$1 permanent;
}
# runbot build instances
server {
listen 443;
server_name *.runbot.mydomain.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/instances.odoo.access.lo full;
error_log /var/log/nginx/instances.odoo.error.log;
# Redirect requests to runbot config file
#location / { proxy_pass http://odoorunbot; }
location /longpolling {
proxy_pass http://odoorunbot;
}
# Redirect requests to odoo backend server
location / {
#proxy_redirect off;
proxy_pass http://odoorunbot;
proxy_set_header HOST $host;
}
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
server {
listen 443;
server_name runbot.mydomain.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://odoochat;
}
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
其他nginx以普通用户(runbot用户)运行
The other nginx running as normal user (runbot user)
pid /home/odoo/src/runbot/runbot/static/nginx/nginx.pid;
error_log /home/odoo/src/runbot/runbot/static/nginx/error.log;
worker_processes 1;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
server_names_hash_max_size 512;
server_names_hash_bucket_size 256;
client_max_body_size 10M;
index index.html;
log_format full '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time';
access_log /home/odoo/src/runbot/runbot/static/nginx/access.log full;
error_log /home/odoo/src/runbot/runbot/static/nginx/error.log;
client_body_temp_path /home/odoo/src/runbot/runbot/static/nginx;
fastcgi_temp_path /home/odoo/src/runbot/runbot/static/nginx;
autoindex on;
gzip on;
gzip_types text/css text/plain application/xml application/json application/javascript;
proxy_temp_path /home/odoo/src/runbot/runbot/static/nginx;
proxy_read_timeout 600;
proxy_connect_timeout 600;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
server {
listen 8081 default;
location / { proxy_pass http://127.0.0.1:8069; }
location /longpolling/im/poll { return 404; }
location /longpolling/poll { return 404; }
location /runbot/static/ {
alias /home/odoo/src/runbot/runbot/static/;
autoindex off;
location ~ /runbot/static/build/[^/]+/(logs|tests)/ {
autoindex on;
}
}
}
server {
listen 8080;
server_name ~^00066\-master\-d9d6e8(-[a-z0-9]+)?\.runbot\.mydomain\.com$;
location / { proxy_redirect off; proxy_pass http://127.0.0.1:2000; }
location /longpolling { proxy_pass http://127.0.0.1:2001; }
}
server {
listen 8080;
server_name ~.+\.runbot\.mydomain\.com$;
location / { return 404; }
}
}
在另一个文件中,我只将第一个服务器块更改为侦听 8081 而不是 8080,因为我认为它会导致问题,但它可能不是.所以我建议保持runbot的nginx文件不变.
On the other file I only changed the first server block to listen to 8081 instead of 8080 because I thought it was causing problems, but it is probably isn't. So I recommend to keep the runbot's nginx file unchanged.
这篇关于Odoo 的 CI/CD Nginx 配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
