，01-02 odoo8.0_Ubuntu14.04_nginx反代理设置

作者：陈伟明

联系 : QQ 942923305 | 微信 toby942923305

E-mail: cwm.win@hotmail.com

==================================

服务器

操作系统： Ubuntu trusty14.04

nginx 版本： 1.10.1

==================================

修订时间：

15:09 2015-10-20 星期二

17:13 2015-10-23 星期五 修订错误

21:45 2016-06-09 星期四

=======================安装nginx前期准备==============================

安装依赖

# apt-get -y install libpcre3 libpcre3-dev zlib1g-dev libssl-dev build-essential libxml2 libxml2-dev libxslt1.1 libxslt1-dev geoip-database libgeoip-dev freetype* libgd2-xpm-dev

新建要入下载软件的目录

# mkdir /opt/soft

# cd /opt/soft

安装openssl （做ssl 443时会用到）

# wget http://www.openssl.org/source/openssl-1.0.2d.tar.gz

# tar -zxvf openssl-1.0.2d.tar.gz -C /usr/local/src/

# cd /usr/local/src/openssl-1.0.2d/

# ./config

# make

# make install

安装nginx

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝nginx1.10.x安装＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

# cd /opt/soft

# curl -O http://nginx.org/download/nginx-1.10.1.tar.gz

# useradd www

# mkdir -p /var/log/nginx

# chown -R www:www /var/log/nginx

# tar xzvf nginx-1.10.1.tar.gz

# cd nginx-1.10.1

# mkdir -p /var/tmp/nginx/client

# chown -R www:www /var/tmp/nginx/client

#./configure \

--prefix=/usr/local/nginx\

--conf-path=/etc/nginx/conf/nginx.conf \

--error-log-path=/var/log/nginx/error.log \

--http-log-path=/var/log/nginx/access.log \

--pid-path=/var/run/nginx/nginx.pid \

--lock-path=/var/lock/nginx.lock \

--user=www \

--group=www \

--with-openssl=/usr/local/src/openssl-1.0.2d \

--with-http_realip_module\

--with-http_sub_module \

--with-http_dav_module \

--with-http_ssl_module \

--with-http_flv_module \

--with-http_mp4_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--with-http_image_filter_module \

--http-client-body-temp-path=/var/tmp/nginx/client/ \

--http-proxy-temp-path=/var/tmp/nginx/proxy/ \

--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \

--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \

--http-scgi-temp-path=/var/tmp/nginx/scgi \

--with-pcre \

--with-file-aio

#make

#make install

说明：

--pid-path=/var/run/nginx/nginx.pid \

这句要和

/etc/nginx/conf/nginx.conf 中的

pid /var/run/nginx/nginx.pid;

要一样，要不然pid还是会以配置文件中的位置为标准

# vi /etc/init.d/nginx #编辑启动文件添加下面内容

-------------------------------

#!/bin/sh

### BEGIN INIT INFO

# Provides: nginx

# Required-Start: $local_fs $remote_fs $network $syslog

# Required-Stop: $local_fs $remote_fs $network $syslog

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: starts the nginx web server

# Description: starts nginx using start-stop-daemon

### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

NAME=nginx

DESC=nginx

# Include nginx defaults if available

if [ -f /etc/default/nginx ]; then

. /etc/default/nginx

fi

test -x $DAEMON || exit 0

set -e

. /lib/lsb/init-functions

test_nginx_config() {

if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then

return 0

else

$DAEMON -t $DAEMON_OPTS

return $?

fi

}

case "$1" in

start)

echo -n "Starting $DESC: "

test_nginx_config

# Check if the ULIMIT is set in /etc/default/nginx

if [ -n "$ULIMIT" ]; then

# Set the ulimits

ulimit $ULIMIT

fi

start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \

--exec $DAEMON -- $DAEMON_OPTS || true

echo "$NAME."

;;

stop)

echo -n "Stopping $DESC: "

start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \

--exec $DAEMON || true

echo "$NAME."

;;

restart|force-reload)

echo -n "Restarting $DESC: "

start-stop-daemon --stop --quiet --pidfile \

/var/run/$NAME.pid --exec $DAEMON || true

sleep 1

test_nginx_config

# Check if the ULIMIT is set in /etc/default/nginx

if [ -n "$ULIMIT" ]; then

# Set the ulimits

ulimit $ULIMIT

fi

start-stop-daemon --start --quiet --pidfile \

/var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true

echo "$NAME."

;;

reload)

echo -n "Reloading $DESC configuration: "

test_nginx_config

start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid \

--exec $DAEMON || true

echo "$NAME."

;;

configtest|testconfig)

echo -n "Testing $DESC configuration: "

if test_nginx_config; then

echo "$NAME."

else

exit $?

fi

;;

status)

status_of_proc -p /var/run/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?

;;

*)

echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2

exit 1

;;

esac

exit 0

-----------------------------

# chmod 775 /etc/init.d/nginx #赋予文件执行权限

# update-rc.d nginx defaults #把nginx作为服务随机器启动

# service nginx start

把nginx工具目录加入到环境变量

# vi /etc/profile 最后加一行

PATH=$PATH:/usr/local/nginx/sbin

# source /etc/profile 使其生效

------------------------------------------------------------------------------

配置nginx

# mkdir /etc/nginx/conf/conf.d/

# vi /etc/nginx/conf/nginx.conf 内容如下:

-------------------

user www;

worker_processes 4;

worker_cpu_affinity 00000001 00000010 00000011 00000100 ;

worker_rlimit_nofile 65535;

error_log /var/log/nginx/error.log; #日志

pid /var/run/nginx.pid;

events {

use epoll;

worker_connections 65535;

multi_accept on;

}

http {

include /etc/nginx/conf/mime.types;

include /etc/nginx/conf/gzip.conf;

include /etc/nginx/conf/cache-client.conf;

default_type application/octet-stream;

charset UTF-8;

index index.html index.htm ;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

types_hash_max_size 2048;

include /etc/nginx/conf/conf.d/*.conf;

}

-------------------

# vi /etc/nginx/conf/gzip.conf 内容如下：

----------------------

gzip on;

gzip_disable "msie6";

gzip_vary on;

gzip_proxied any;

gzip_comp_level 6;

gzip_min_length 1100;

gzip_buffers 16 8k;

gzip_http_version 1.1;

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

----------------------

# vi /etc/nginx/conf/cache-client.conf 内容如下：

----------------------

#frequently read cache

open_file_cache max=200000 inactive=20s;

open_file_cache_valid 30s;

open_file_cache_min_uses 2;

open_file_cache_errors on;

#client cache

client_max_body_size 200m;

client_body_buffer_size 128k;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

#client timeout

sendfile on;

tcp_nopush on;

tcp_nodelay on;

server_tokens off;

----------------------

配置完成

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝nginx1.10.x安装 结束＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝配置odoo8与nginx结合 开始＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

对前odoo8 在 ubuntu14.04 是怎么安装的，可以参考前面的一篇文章 《odoo8.0 _Ubuntu14.04源码安装》

已经上传上了空间里，这里我就重复说了

前面一开始安装用的用户是www ,不是官方用的odoo ，这就为采用nginx作反代理，进行了平滑地过度。

生成ssl的证件和key

# mkdir /etc/nginx/ssl

# cd /etc/nginx/ssl

# openssl genrsa -des3 -passout pass:odoo -out server.pass.key 2048 # pass:x 可以换成 pass:hkyejian##@ 这样安全一些

# openssl rsa -passin pass:odoo -in server.pass.key -out server.key

# rm server.pass.key

# openssl req -new -key server.key -out server.csr #这里要添加相关信息,自己按提示写一下就可以

# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt #指定证书的有效期 10年

到这里443 ssl 相关做好了

# vi /etc/nginx/conf/conf.d/odoo.conf 内容如下：

---------------------------------

upstream odoo8 {

server 127.0.0.1:8069 weight=1 fail_timeout=0;

}

upstream odoo8-im{

server 127.0.0.1:8072 weight=1 fail_timeout=0;

}

server {

listen 443 default;

server_name localhost;

ssl on;

ssl_certificate /etc/nginx/ssl/server.crt;

ssl_certificate_key /etc/nginx/ssl/server.key;

ssl_ciphers HIGH:!ADH:!MD5;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

# add ssl specific settings

keepalive_timeout 60;

# increase proxy buffer to handle some Odoo web requests

proxy_buffers 16 64k;

proxy_buffer_size 128k;

underscores_in_headers on;

location / {

proxy_pass http://odoo8;

# Force timeouts if the backend dies

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

# set headers

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection 'upgrade';

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Let the Odoo web service know that we're using HTTPS, otherwise

# it will generate URL using http:// and not https://

proxy_set_header X-Forwarded-Proto https;

proxy_cache_bypass $http_upgrade;

# By default, do not forward anything

proxy_buffering off;

proxy_redirect http:// https://;

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

# Set timeouts

proxy_connect_timeout 3600s;

proxy_send_timeout 3600s;

proxy_read_timeout 3600s;

send_timeout 3600s;

}

location /longpolling/ {

proxy_pass http://odoo8-im;

# Force timeouts if the backend dies

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

# set headers

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection 'upgrade';

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Let the Odoo web service know that we're using HTTPS, otherwise

# it will generate URL using http:// and not https://

proxy_set_header X-Forwarded-Proto https;

proxy_cache_bypass $http_upgrade;

# By default, do not forward anything

proxy_buffering off;

proxy_redirect http:// https://;

proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

# Set timeouts

proxy_connect_timeout 3600s;

proxy_send_timeout 3600s;

proxy_read_timeout 3600s;

send_timeout 3600s;

}

location ~* /web/static/ {

proxy_cache_valid 200 60m;

proxy_buffering on;

expires 864000;

proxy_pass http://odoo8;

}

access_log /log/nginx/odoo-ssl.access.log;

error_log /log/nginx/odoo-ssl.error.log;

}

server {

listen 80;

server_name localhost;

underscores_in_headers on;

add_header Strict-Transport-Security max-age=2592000;

rewrite ^/.*$ https://$host$request_uri? permanent;

error_log /log/nginx/odoo.error.log;

}

----------------------------------------------

# service nginx start

ok了，可以直接用ip访问，不要再加端口8069 ，有nginx反代理，也解了配置文件 使用workers 这个参数大于1的情况的错误

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝配置odoo8与nginx结合 结束＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝