Reverse Proxy to Odoo 14 redirects to DSM

Currently reading
Reverse Proxy to Odoo 14 redirects to DSM

30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,

I've installed Odoo 14 (formerly Open ERP) in a Docker container. Seems to be running fine when I access it on the local URL via VPN. However, I'd like to be able to access it over the internet securely. All my other Docker apps are working fine using the built-in Synology reverse proxy, except Odoo - the odoo.mydomain.com URL redirects to mydomain.com:12345 , which is the custom port set for the main DSM interface.

The settings I have:
  • Odoo in a Docker container, listening to port 8069 (local and container)
  • odoo.mydomain.com added as a CNAME record, propagated and pinging correctly
  • Let's Encrypt certificate obtained for odoo.mydomain.com
  • Reverse Proxy set as HTTPS, odoo.mydomain.com, 443 ==> HTTP, localhost, 8069
This is the exact same setup (except for the subdomain name) that I have up and running without any issues for other apps.

Could anyone help me figure out what I'm missing?
Thanks!
 

Shadow

Subscriber
568
188
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
And this IP belongs to your NAS (dockerhost)?

If yes, then the webserver inside the Docker container may be refusing incoming connections from a reverse proxy. Perhaps some additional headers needs to be set on the RP entry...
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
This is the IP assigned to the NAS, which acts as a Docker host.
I've set proxy_mode = True in the odoo.conf file as described here, but I don't know how to complete the reverse proxy setup, because I've only used the Synology interface.
 

Rusty

Moderator
NAS Support
2,533
768
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
This is the IP assigned to the NAS, which acts as a Docker host.
I've set proxy_mode = True in the odoo.conf file as described here, but I don't know how to complete the reverse proxy setup, because I've only used the Synology interface.
You will need to add a custom .conf file for your Oodo RP here
Code:
/usr/local/etc/nginx/sites-enabled
and inside it copy the data from the KB while editing the settings that refer to your ports and your domain name. Also, be sure to remove any trace of RP settings using the Application Portal, and keep in mind that this custom RP setting will not show up in the reverse proxy section inside the Application portal.
 

Shadow

Subscriber
568
188
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
described here, but I don't know how to complete the reverse proxy setup, because I've only used the Synology interface.

Ye I'm just looking at this piece of code. The Synology UI limitation may to definitly come to play here:

1603362234137.png


I read here that if a client requests https://odoo.mydomain.com/longpolling, the network traffic must be proxied to port 8072 instead of 8069 on the Docker container. In Synology Reverse Proxy UI, there is no way to configure that. Maybe that's the problem?

This is one of the reasons why I decided to setup my own seperate reverse proxy server...
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
You will need to add a custom .conf file for your Oodo RP here
Code:
/usr/local/etc/nginx/sites-enabled
The nginx config refers to
Code:
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
Which is the correct location, do you know? Like I said, I have a Let's Encrypt certificate generated using the Synology interface.
According to a Reddit post, it should be /usr/syno/etc/certificate/_archive/<folder>, but when I tried opening, my user didn't seem to have the necessary permissions, so I'm wondering if Odoo/Docker would.

EDIT: moreover, the _archive folder contains some unintelligible subfolders and I can't get which one refers to which subdomain.
EDIT 2: Nevermind, the domain is listed in the renew.json file.
 

Shadow

Subscriber
568
188
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
The nginx config refers to
Code:
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
Which is the correct location, do you know? Like I said, I have a Let's Encrypt certificate generated using the Synology interface.
According to a Reddit post, it should be /usr/syno/etc/certificate/_archive/<folder>, but when I tried opening, my user didn't seem to have the necessary permissions, so I'm wondering if Odoo/Docker would.

If you have the LE cert imported in your NAS, than at

Control Panel -> Security -> Certificates -> Configure

you can specify the certificate for the Syno RP entry you created.
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
If you have the LE cert imported in your NAS, than at

Control Panel -> Security -> Certificates -> Configure

you can specify the certificate for the Syno RP entry you created.
Wouldn't that be valid only if the RP entry is created using the Synology interface? I'm trying to create a manual nginx config.
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
I've created an odoo.conf file in /usr/local/etc/nginx/sites-enabled/ and given ownership to root:root. Regardless, trying to open the address returns ERR_CONNECTION_REFUSED.

The full content is below.
NGINX:
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}

# http -> https
server {
   listen 80;
   server_name erp.mydomain.com;
   rewrite ^(.*) https://$host$1 permanent;
}

server {
listen 443;
server_name erp.mydomain.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;

# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

# SSL parameters
ssl on;
ssl_certificate /usr/syno/etc/certificate/_arhive/aUe1JZ/cert.pem;
ssl_certificate_key /usr/syno/etc/certificate/_arhive/aUe1JZ/privkey.pem;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;

# Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://odoochat;
}

# Redirect requests to odoo backend server
location / {
   proxy_redirect off;
   proxy_pass http://odoo;
}

# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}

EDIT: I'm probably doing something wrong, because when I put the odoo.conf file and restart nginx, the whole DSM interface becomes inaccessible.
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
I'd really appreciate some help, guys.

I've been trying to figure out what errors Nginx throws, but even commenting the line for the location of error_log in /usr/syno/share/nginx/nginx.mustache results in total breakdown of the web interface.
 

Shadow

Subscriber
568
188
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Wouldn't that be valid only if the RP entry is created using the Synology interface? I'm trying to create a manual nginx config.
If I were you, I would not touch the nginx files of DSM itself...
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
If I were you, I would not touch the nginx files of DSM itself...
I appreciate the advice, Shadow. It is a sound one. It doesn't, however, help me solve my particular problem.
 

Shadow

Subscriber
568
188
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I'd say run a seperate nginx instance in Docker, you can play around with the nginx.conf in that container without damaging your DSM...

Lets say run that nginx container on port 8228 or something, so you can use Syno RP to route all Odoo traffic to the seperate nginx container, then set your network flow like this:

odoo.mydomain.com -> Synolgy RP -> nginx docker container -> odoo container.

See if that works.
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Much obliged, Shadow. I will give this a try and report back.
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi there,

So, I've installed Nginx in a new Docker container; tested connection on the local port - works; did a reverse proxy + a Let's Encrypt certificate - works fine, is accessible from the internet and shows the "Welcome to nginx" message.

The Nginx container has a volume mounted to /etc/nginx/sites-enabled and in it I put the oddo.conf file. What else do I need to do in order to make the last step of Shadow's suggestion, i.e. the link between the nginx docker container and the odoo container?
 

Shadow

Subscriber
568
188
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
The Nginx container has a volume mounted to /etc/nginx/sites-enabled and in it I put the oddo.conf file.

I think the oddo.conf file needs to be 'included' in the nginx.conf file, or other wise just copy/paste the content from oddo.conf inside nginx.conf ?
 
30
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,

I've not been able to get this to work. I'd be more than happy to pay for some assistance if anyone of you, guys, is willing to invest some time to help me.
 

Rusty

Moderator
NAS Support
2,533
768
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
So atm you have tested so far what? Also what error/outcome do you get when testing access to Odoo?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top