(01-02) odoo8.0_Ubuntu14.04_nginx反代理设置

作者：陈伟明
联系 :  QQ 942923305 | 微信 toby942923305
E-mail: cwm.win@hotmail.com
==================================
服务器
操作系统： Ubuntu trusty14.04
nginx 版本： 1.10.1

==================================
修订时间：
15:09 2015-10-20 星期二
17:13 2015-10-23 星期五 修订错误
21:45 2016-06-09 星期四

=======================安装nginx前期准备==============================
安装依赖
# apt-get -y install libpcre3 libpcre3-dev zlib1g-dev libssl-dev build-essential libxml2 libxml2-dev  libxslt1.1 libxslt1-dev geoip-database libgeoip-dev  freetype* libgd2-xpm-dev

新建要入下载软件的目录
# mkdir /opt/soft
# cd /opt/soft
安装openssl （做ssl 443时会用到）
# wget http://www.openssl.org/source/openssl-1.0.2d.tar.gz
# tar -zxvf openssl-1.0.2d.tar.gz -C /usr/local/src/
# cd /usr/local/src/openssl-1.0.2d/
# ./config
# make
# make install

安装nginx
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝nginx1.10.x安装＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
# cd /opt/soft
# curl -O http://nginx.org/download/nginx-1.10.1.tar.gz
# useradd www
# mkdir -p /var/log/nginx
# chown -R www:www /var/log/nginx
# tar xzvf nginx-1.10.1.tar.gz
# cd nginx-1.10.1
# mkdir -p /var/tmp/nginx/client
# chown -R www:www  /var/tmp/nginx/client
#./configure \
  --prefix=/usr/local/nginx\
  --conf-path=/etc/nginx/conf/nginx.conf \
  --error-log-path=/var/log/nginx/error.log \
  --http-log-path=/var/log/nginx/access.log \
  --pid-path=/var/run/nginx/nginx.pid  \
  --lock-path=/var/lock/nginx.lock \
  --user=www \
  --group=www \
  --with-openssl=/usr/local/src/openssl-1.0.2d \
  --with-http_realip_module\
  --with-http_sub_module \
  --with-http_dav_module \
  --with-http_ssl_module \
  --with-http_flv_module \
  --with-http_mp4_module \
  --with-http_stub_status_module \
  --with-http_gzip_static_module \
  --with-http_image_filter_module \
  --http-client-body-temp-path=/var/tmp/nginx/client/ \
  --http-proxy-temp-path=/var/tmp/nginx/proxy/ \
  --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
  --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
  --http-scgi-temp-path=/var/tmp/nginx/scgi \
  --with-pcre \
  --with-file-aio

#make
#make install

说明：
--pid-path=/var/run/nginx/nginx.pid  \
这句要和
/etc/nginx/conf/nginx.conf 中的
pid        /var/run/nginx/nginx.pid;
要一样，要不然pid还是会以配置文件中的位置为标准

# vi /etc/init.d/nginx #编辑启动文件添加下面内容

-------------------------------
#!/bin/sh

### BEGIN INIT INFO
# Provides:          nginx
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:    $local_fs $remote_fs $network $syslog
# Default-Start:    2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:      starts nginx using start-stop-daemon
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
DESC=nginx

# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
  . /etc/default/nginx
fi

test -x $DAEMON || exit 0

set -e

. /lib/lsb/init-functions

test_nginx_config() {
  if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
      return 0
  else
      $DAEMON -t $DAEMON_OPTS
      return $?
  fi
}

case "$1" in
  start)
      echo -n "Starting $DESC: "
      test_nginx_config
      # Check if the ULIMIT is set in /etc/default/nginx
      if [ -n "$ULIMIT" ]; then
        # Set the ulimits
        ulimit $ULIMIT
      fi
      start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
          --exec $DAEMON -- $DAEMON_OPTS || true
      echo "$NAME."
      ;;

stop)
      echo -n "Stopping $DESC: "
      start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
          --exec $DAEMON || true
      echo "$NAME."
      ;;

restart|force-reload)
      echo -n "Restarting $DESC: "
      start-stop-daemon --stop --quiet --pidfile \
          /var/run/$NAME.pid --exec $DAEMON || true
      sleep 1
      test_nginx_config
      # Check if the ULIMIT is set in /etc/default/nginx
      if [ -n "$ULIMIT" ]; then
        # Set the ulimits
        ulimit $ULIMIT
      fi
      start-stop-daemon --start --quiet --pidfile \
          /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true
      echo "$NAME."
      ;;

reload)
      echo -n "Reloading $DESC configuration: "
      test_nginx_config
      start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid \
          --exec $DAEMON || true
      echo "$NAME."
      ;;

configtest|testconfig)
      echo -n "Testing $DESC configuration: "
      if test_nginx_config; then
        echo "$NAME."
      else
        exit $?
      fi
      ;;

status)
      status_of_proc -p /var/run/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?
      ;;
  *)
      echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
      exit 1
      ;;
esac

exit 0

-----------------------------

# chmod 775 /etc/init.d/nginx   #赋予文件执行权限

# update-rc.d nginx defaults  #把nginx作为服务随机器启动

# service nginx start

把nginx工具目录加入到环境变量
# vi /etc/profile    最后加一行
PATH=$PATH:/usr/local/nginx/sbin
# source /etc/profile   使其生效

------------------------------------------------------------------------------
配置nginx

# mkdir /etc/nginx/conf/conf.d/
# vi /etc/nginx/conf/nginx.conf  内容如下:
-------------------
user              www;
worker_processes  4;
worker_cpu_affinity 00000001 00000010 00000011 00000100 ;
worker_rlimit_nofile 65535;

error_log  /var/log/nginx/error.log;  #日志
pid        /var/run/nginx.pid;

events {
    use epoll;
    worker_connections  65535;
    multi_accept on;
}

http {
    include      /etc/nginx/conf/mime.types;
    include      /etc/nginx/conf/gzip.conf;
    include      /etc/nginx/conf/cache-client.conf;

default_type  application/octet-stream;
    charset UTF-8;
    index        index.html index.htm ;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
              '$status $body_bytes_sent "$http_referer" '
              '"$http_user_agent" "$http_x_forwarded_for"';

types_hash_max_size 2048;             
 
    include /etc/nginx/conf/conf.d/*.conf;
}
-------------------

# vi /etc/nginx/conf/gzip.conf 内容如下：
----------------------

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

----------------------

# vi /etc/nginx/conf/cache-client.conf 内容如下：
----------------------
#frequently read cache
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;

#client cache
client_max_body_size 200m;
client_body_buffer_size 128k;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;

#client timeout
sendfile          on;
tcp_nopush        on;
tcp_nodelay        on;
server_tokens      off;

----------------------

配置完成

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝nginx1.10.x安装 结束＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝配置odoo8与nginx结合 开始＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
对前odoo8 在 ubuntu14.04 是怎么安装的，可以参考前面的一篇文章 《odoo8.0 _Ubuntu14.04源码安装》
已经上传上了空间里，这里我就重复说了
前面一开始安装用的用户是www ,不是官方用的odoo ，这就为采用nginx作反代理，进行了平滑地过度。

生成ssl的证件和key

# mkdir /etc/nginx/ssl 
# cd /etc/nginx/ssl
# openssl genrsa -des3 -passout pass:odoo -out server.pass.key 2048    # pass:x 可以换成 pass:hkyejian##@  这样安全一些
# openssl rsa -passin pass:odoo -in server.pass.key -out server.key
# rm server.pass.key
# openssl req -new -key server.key -out server.csr  #这里要添加相关信息,自己按提示写一下就可以
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt  #指定证书的有效期 10年

到这里443 ssl 相关做好了

# vi /etc/nginx/conf/conf.d/odoo.conf  内容如下：

---------------------------------

upstream odoo8 {
        server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im{
        server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

server {
        listen    443 default;
        server_name localhost;

ssl on;
        ssl_certificate  /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;

ssl_ciphers               HIGH:!ADH:!MD5;
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

# add ssl specific settings
        keepalive_timeout      60;

# increase proxy buffer to handle some Odoo web requests
        proxy_buffers 16 64k;
        proxy_buffer_size 128k;
       
        underscores_in_headers on;

location / {
                proxy_pass  http://odoo8;

# Force timeouts if the backend dies
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

# set headers
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Let the Odoo web service know that we're using HTTPS, otherwise
                # it will generate URL using http:// and not https://
                proxy_set_header X-Forwarded-Proto https;
                proxy_cache_bypass $http_upgrade;

# By default, do not forward anything
                proxy_buffering off;
                proxy_redirect http:// https://;

proxy_headers_hash_max_size 51200;
                proxy_headers_hash_bucket_size 6400;

# Set timeouts
                proxy_connect_timeout   3600s;
                proxy_send_timeout      3600s;
                proxy_read_timeout      3600s;
                send_timeout            3600s;
        }

location /longpolling/ {

proxy_pass  http://odoo8-im;
                # Force timeouts if the backend dies
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

# set headers
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Let the Odoo web service know that we're using HTTPS, otherwise
                # it will generate URL using http:// and not https://
                proxy_set_header X-Forwarded-Proto https;
                proxy_cache_bypass $http_upgrade;

# By default, do not forward anything
                proxy_buffering off;
                proxy_redirect http:// https://;

proxy_headers_hash_max_size 51200;
                proxy_headers_hash_bucket_size 6400;

# Set timeouts
                proxy_connect_timeout   3600s;
                proxy_send_timeout      3600s;
                proxy_read_timeout      3600s;
                send_timeout            3600s;
        }

location ~* /web/static/ {
                proxy_cache_valid 200 60m;
                proxy_buffering on;
                expires 864000;
                proxy_pass http://odoo8;

}
        access_log  /log/nginx/odoo-ssl.access.log;
        error_log   /log/nginx/odoo-ssl.error.log;

}

server {
        listen    80;
        server_name localhost;

underscores_in_headers on;
        add_header Strict-Transport-Security max-age=2592000;
        rewrite ^/.*$ https://$host$request_uri? permanent;
        error_log   /log/nginx/odoo.error.log;
}
----------------------------------------------

# service nginx start

ok了，可以直接用ip访问，不要再加端口8069 ，有nginx反代理，也解了配置文件 使用workers 这个参数大于1的情况的错误

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝配置odoo8与nginx结合 结束＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝