• (01-02) odoo8.0_Ubuntu14.04_nginx反代理设置


    作者:陈伟明
    联系 :  QQ 942923305 | 微信 toby942923305
    E-mail: cwm.win@hotmail.com
    ==================================
    服务器
    操作系统: Ubuntu trusty14.04
    nginx 版本: 1.10.1

    ==================================
    修订时间:
    15:09 2015-10-20 星期二
    17:13 2015-10-23 星期五 修订错误
    21:45 2016-06-09 星期四

    =======================安装nginx前期准备==============================
    安装依赖
    # apt-get -y install libpcre3 libpcre3-dev zlib1g-dev libssl-dev build-essential libxml2 libxml2-dev  libxslt1.1 libxslt1-dev geoip-database libgeoip-dev  freetype* libgd2-xpm-dev

    新建要入下载软件的目录
    # mkdir /opt/soft
    # cd /opt/soft
    安装openssl (做ssl 443时会用到)
    # wget http://www.openssl.org/source/openssl-1.0.2d.tar.gz
    # tar -zxvf openssl-1.0.2d.tar.gz -C /usr/local/src/
    # cd /usr/local/src/openssl-1.0.2d/
    # ./config
    # make
    # make install

    安装nginx
    ==========================nginx1.10.x安装============================
    # cd /opt/soft
    # curl -O http://nginx.org/download/nginx-1.10.1.tar.gz
    # useradd www
    # mkdir -p /var/log/nginx
    # chown -R www:www /var/log/nginx
    # tar xzvf nginx-1.10.1.tar.gz
    # cd nginx-1.10.1
    # mkdir -p /var/tmp/nginx/client
    # chown -R www:www  /var/tmp/nginx/client
    #./configure
      --prefix=/usr/local/nginx
      --conf-path=/etc/nginx/conf/nginx.conf
      --error-log-path=/var/log/nginx/error.log
      --http-log-path=/var/log/nginx/access.log
      --pid-path=/var/run/nginx/nginx.pid 
      --lock-path=/var/lock/nginx.lock
      --user=www
      --group=www
      --with-openssl=/usr/local/src/openssl-1.0.2d
      --with-http_realip_module
      --with-http_sub_module
      --with-http_dav_module
      --with-http_ssl_module
      --with-http_flv_module
      --with-http_mp4_module
      --with-http_stub_status_module
      --with-http_gzip_static_module
      --with-http_image_filter_module
      --http-client-body-temp-path=/var/tmp/nginx/client/
      --http-proxy-temp-path=/var/tmp/nginx/proxy/
      --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/
      --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi
      --http-scgi-temp-path=/var/tmp/nginx/scgi
      --with-pcre
      --with-file-aio 

     
    #make
    #make install

    说明:
    --pid-path=/var/run/nginx/nginx.pid 
    这句要和
    /etc/nginx/conf/nginx.conf 中的
    pid        /var/run/nginx/nginx.pid;
    要一样,要不然pid还是会以配置文件中的位置为标准


    # vi /etc/init.d/nginx #编辑启动文件添加下面内容

    -------------------------------
    #!/bin/sh

    ### BEGIN INIT INFO
    # Provides:          nginx
    # Required-Start:    $local_fs $remote_fs $network $syslog
    # Required-Stop:    $local_fs $remote_fs $network $syslog
    # Default-Start:    2 3 4 5
    # Default-Stop:      0 1 6
    # Short-Description: starts the nginx web server
    # Description:      starts nginx using start-stop-daemon
    ### END INIT INFO

    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    NAME=nginx
    DESC=nginx

    # Include nginx defaults if available
    if [ -f /etc/default/nginx ]; then
      . /etc/default/nginx
    fi

    test -x $DAEMON || exit 0

    set -e

    . /lib/lsb/init-functions

    test_nginx_config() {
      if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
          return 0
      else
          $DAEMON -t $DAEMON_OPTS
          return $?
      fi
    }

    case "$1" in
      start)
          echo -n "Starting $DESC: "
          test_nginx_config
          # Check if the ULIMIT is set in /etc/default/nginx
          if [ -n "$ULIMIT" ]; then
            # Set the ulimits
            ulimit $ULIMIT
          fi
          start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid
              --exec $DAEMON -- $DAEMON_OPTS || true
          echo "$NAME."
          ;;

      stop)
          echo -n "Stopping $DESC: "
          start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid
              --exec $DAEMON || true
          echo "$NAME."
          ;;

      restart|force-reload)
          echo -n "Restarting $DESC: "
          start-stop-daemon --stop --quiet --pidfile
              /var/run/$NAME.pid --exec $DAEMON || true
          sleep 1
          test_nginx_config
          # Check if the ULIMIT is set in /etc/default/nginx
          if [ -n "$ULIMIT" ]; then
            # Set the ulimits
            ulimit $ULIMIT
          fi
          start-stop-daemon --start --quiet --pidfile
              /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true
          echo "$NAME."
          ;;

      reload)
          echo -n "Reloading $DESC configuration: "
          test_nginx_config
          start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid
              --exec $DAEMON || true
          echo "$NAME."
          ;;

      configtest|testconfig)
          echo -n "Testing $DESC configuration: "
          if test_nginx_config; then
            echo "$NAME."
          else
            exit $?
          fi
          ;;

      status)
          status_of_proc -p /var/run/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?
          ;;
      *)
          echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
          exit 1
          ;;
    esac

    exit 0

    -----------------------------


    # chmod 775 /etc/init.d/nginx   #赋予文件执行权限

    # update-rc.d nginx defaults  #把nginx作为服务随机器启动

    # service nginx start

    把nginx工具目录加入到环境变量
    # vi /etc/profile    最后加一行
    PATH=$PATH:/usr/local/nginx/sbin
    # source /etc/profile   使其生效

    ------------------------------------------------------------------------------
    配置nginx

    # mkdir /etc/nginx/conf/conf.d/
    # vi /etc/nginx/conf/nginx.conf  内容如下:
    -------------------
    user              www;
    worker_processes  4;
    worker_cpu_affinity 00000001 00000010 00000011 00000100 ;
    worker_rlimit_nofile 65535;

    error_log  /var/log/nginx/error.log;  #日志
    pid        /var/run/nginx.pid;

    events {
        use epoll;
        worker_connections  65535;
        multi_accept on;
    }

    http {
        include      /etc/nginx/conf/mime.types;
        include      /etc/nginx/conf/gzip.conf;
        include      /etc/nginx/conf/cache-client.conf;

        default_type  application/octet-stream;
        charset UTF-8;
        index        index.html index.htm ; 

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"'; 

        types_hash_max_size 2048;             
     
        include /etc/nginx/conf/conf.d/*.conf;
    }
    -------------------


    # vi /etc/nginx/conf/gzip.conf 内容如下:
    ----------------------

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    ----------------------

    # vi /etc/nginx/conf/cache-client.conf 内容如下:
    ----------------------
    #frequently read cache
    open_file_cache max=200000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    #client cache
    client_max_body_size 200m;
    client_body_buffer_size 128k;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;

    #client timeout
    sendfile          on;
    tcp_nopush        on;
    tcp_nodelay        on;
    server_tokens      off;

    ----------------------

    配置完成

    ================nginx1.10.x安装 结束===============

    ================配置odoo8与nginx结合 开始===============
    对前odoo8 在 ubuntu14.04 是怎么安装的,可以参考前面的一篇文章 《odoo8.0 _Ubuntu14.04源码安装》
    已经上传上了空间里,这里我就重复说了
    前面一开始安装用的用户是www ,不是官方用的odoo ,这就为采用nginx作反代理,进行了平滑地过度。


    生成ssl的证件和key

    # mkdir /etc/nginx/ssl 
    # cd /etc/nginx/ssl
    # openssl genrsa -des3 -passout pass:odoo -out server.pass.key 2048    # pass:x 可以换成 pass:hkyejian##@  这样安全一些
    # openssl rsa -passin pass:odoo -in server.pass.key -out server.key
    # rm server.pass.key
    # openssl req -new -key server.key -out server.csr  #这里要添加相关信息,自己按提示写一下就可以
    # openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt  #指定证书的有效期 10年

    到这里443 ssl 相关做好了

    # vi /etc/nginx/conf/conf.d/odoo.conf  内容如下:

    ---------------------------------

    upstream odoo8 {
            server 127.0.0.1:8069 weight=1 fail_timeout=0;
    }

    upstream odoo8-im{
            server 127.0.0.1:8072 weight=1 fail_timeout=0;
    }

    server {
            listen    443 default;
            server_name localhost;

            ssl on;
            ssl_certificate  /etc/nginx/ssl/server.crt;
            ssl_certificate_key /etc/nginx/ssl/server.key;

            ssl_ciphers               HIGH:!ADH:!MD5;
            ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;

            # add ssl specific settings
            keepalive_timeout      60;

            # increase proxy buffer to handle some Odoo web requests
            proxy_buffers 16 64k;
            proxy_buffer_size 128k;
           
            underscores_in_headers on;

            location / {
                    proxy_pass  http://odoo8;

                    # Force timeouts if the backend dies
                    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                    # set headers
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                    # Let the Odoo web service know that we're using HTTPS, otherwise
                    # it will generate URL using http:// and not https://

                    proxy_set_header X-Forwarded-Proto https;
                    proxy_cache_bypass $http_upgrade;

                    # By default, do not forward anything
                    proxy_buffering off;
                    proxy_redirect http:// https://;

                    proxy_headers_hash_max_size 51200;
                    proxy_headers_hash_bucket_size 6400;

                    # Set timeouts
                    proxy_connect_timeout   3600s;
                    proxy_send_timeout      3600s;
                    proxy_read_timeout      3600s;
                    send_timeout            3600s;
            }


            location /longpolling/ {

                    proxy_pass  http://odoo8-im;
                    # Force timeouts if the backend dies
                    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                    # set headers
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                    # Let the Odoo web service know that we're using HTTPS, otherwise
                    # it will generate URL using http:// and not https://

                    proxy_set_header X-Forwarded-Proto https;
                    proxy_cache_bypass $http_upgrade;

                    # By default, do not forward anything
                    proxy_buffering off;
                    proxy_redirect http:// https://;

                    proxy_headers_hash_max_size 51200;
                    proxy_headers_hash_bucket_size 6400;

                    # Set timeouts
                    proxy_connect_timeout   3600s;
                    proxy_send_timeout      3600s;
                    proxy_read_timeout      3600s;
                    send_timeout            3600s;
            }

            location ~* /web/static/ {
                    proxy_cache_valid 200 60m;
                    proxy_buffering on;
                    expires 864000;
                    proxy_pass http://odoo8;

            }
            access_log  /log/nginx/odoo-ssl.access.log;
            error_log   /log/nginx/odoo-ssl.error.log;       

    }

    server {
            listen    80;
            server_name localhost;

            underscores_in_headers on;
            add_header Strict-Transport-Security max-age=2592000;
            rewrite ^/.*$ https://$host$request_uri? permanent;
            error_log   /log/nginx/odoo.error.log;
    }
    ----------------------------------------------

    # service nginx start

    ok了,可以直接用ip访问,不要再加端口8069 ,有nginx反代理,也解了配置文件 使用workers 这个参数大于1的情况的错误

    ================配置odoo8与nginx结合 结束===============

  • 相关阅读:
    Redis Java API
    怎样测试TCP&UDP端口
    [转]太阳致敬式瑜伽
    [转]你所不知道的超级瘦腿运动——空中蹬自行车
    Oracle 存储过程学习
    hive Java API
    [转]骨盆操
    [转]HDFS客户端的权限错误:Permission denied
    【转】拇指拇外翻的纠正训练
    [转]shell 变量替换
  • 原文地址:https://www.cnblogs.com/toby2chen/p/5884251.html
Copyright © 2020-2023  润新知