Question

关注this tutorial我按照以下方式配置了我的Nginx：

upstream odoo8 {
    server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im {
    server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

server {
    # server port and name (instead of 443 port)
    listen 22443;
    server_name _;

    # Specifies the maximum accepted body size of a client request,
    # as indicated by the request header Content-Length.
    client_max_body_size 2000m;

    # add ssl specific settings
    keepalive_timeout 60;
    ssl on;
    ssl_certificate        /etc/ssl/nginx/server.crt;
    ssl_certificate_key    /etc/ssl/nginx/server.key;

    error_page 497 https://$host:22443$request_uri;

    # limit ciphers
    ssl_ciphers HIGH:!ADH:!MD5;
    ssl_protocols SSLv3 TLSv1;
    ssl_prefer_server_ciphers on;

    # increase proxy buffer to handle some Odoo web requests
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    # general proxy settings
    # force timeouts if the backend dies
    proxy_connect_timeout 3600s;
    proxy_send_timeout 3600s;
    proxy_read_timeout 3600s;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

    # set headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

    # Let the Odoo web service know that we’re using HTTPS, otherwise
    # it will generate URL using http:// and not https://
    proxy_set_header X-Forwarded-Proto https;

    # by default, do not forward anything
    proxy_redirect off;
    proxy_buffering off;

    location / {
        proxy_pass http://odoo8;
    }

    location /longpolling {
        proxy_pass http://odoo8-im;
    }

    # cache some static data in memory for 60mins.
    # under heavy load this should relieve stress on the Odoo web interface a bit.
    location /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo8;
    }
}

我的Odoo配置中有这个端口

longpolling_port = 8072
xmlrpc_port = 8069
xmlrpcs_port = 22443
proxy_mode = True

当我在浏览器中加载https://my_domain:22443/web/database/selector时，它加载得很好。但是当我选择一个数据库或者我做了任何动作时，地址丢失了https和端口，所以它通过端口80加载。然后我需要将它添加到NginX配置中，端口80应该是开

## http redirects to https ##
server {
    listen 80;
    server_name _;

    # Strict Transport Security
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host:22443$request_uri? permanent;
}

有没有办法避免这种重定向？就像我可以保持端口80关闭以避免欺骗

更新

我可以打开地址为https://my_domain:22443/web/login?db=dabatase_name的登录界面，我可以在里面工作，但如果我退出以便在下拉列表中选择另一个数据库，它会再次失去端口和ssl

Answer 1

请尝试使用这种结构：

## http redirects to https ##
server
{
listen 80;
server_name _;
if ($http_x_forwarded_proto = 'http')
    {
    return 301 https://my_domain.com$request_uri;
    }
}

是否可以在Odoo中使用SSL与NginX避开标准端口（80和443）？

1 个答案: