Reverse Proxy to Odoo 14 redirects to DSM

Currently reading
Reverse Proxy to Odoo 14 redirects to DSM

35
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,

I've installed Odoo 14 (formerly Open ERP) in a Docker container. Seems to be running fine when I access it on the local URL via VPN. However, I'd like to be able to access it over the internet securely. All my other Docker apps are working fine using the built-in Synology reverse proxy, except Odoo - the odoo.mydomain.com URL redirects to mydomain.com:12345 , which is the custom port set for the main DSM interface.

The settings I have:
  • Odoo in a Docker container, listening to port 8069 (local and container)
  • odoo.mydomain.com added as a CNAME record, propagated and pinging correctly
  • Let's Encrypt certificate obtained for odoo.mydomain.com
  • Reverse Proxy set as HTTPS, odoo.mydomain.com, 443 ==> HTTP, localhost, 8069
This is the exact same setup (except for the subdomain name) that I have up and running without any issues for other apps.

Could anyone help me figure out what I'm missing?
Thanks!
 
This is the IP assigned to the NAS, which acts as a Docker host.
I've set proxy_mode = True in the odoo.conf file as described here, but I don't know how to complete the reverse proxy setup, because I've only used the Synology interface.
 
This is the IP assigned to the NAS, which acts as a Docker host.
I've set proxy_mode = True in the odoo.conf file as described here, but I don't know how to complete the reverse proxy setup, because I've only used the Synology interface.
You will need to add a custom .conf file for your Oodo RP here
Code:
/usr/local/etc/nginx/sites-enabled
and inside it copy the data from the KB while editing the settings that refer to your ports and your domain name. Also, be sure to remove any trace of RP settings using the Application Portal, and keep in mind that this custom RP setting will not show up in the reverse proxy section inside the Application portal.
 
described here, but I don't know how to complete the reverse proxy setup, because I've only used the Synology interface.

Ye I'm just looking at this piece of code. The Synology UI limitation may to definitly come to play here:

1603362234137.png


I read here that if a client requests https://odoo.mydomain.com/longpolling, the network traffic must be proxied to port 8072 instead of 8069 on the Docker container. In Synology Reverse Proxy UI, there is no way to configure that. Maybe that's the problem?

This is one of the reasons why I decided to setup my own seperate reverse proxy server...
 
Last edited:
You will need to add a custom .conf file for your Oodo RP here
Code:
/usr/local/etc/nginx/sites-enabled
The nginx config refers to
Code:
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
Which is the correct location, do you know? Like I said, I have a Let's Encrypt certificate generated using the Synology interface.
According to a Reddit post, it should be /usr/syno/etc/certificate/_archive/<folder>, but when I tried opening, my user didn't seem to have the necessary permissions, so I'm wondering if Odoo/Docker would.

EDIT: moreover, the _archive folder contains some unintelligible subfolders and I can't get which one refers to which subdomain.
EDIT 2: Nevermind, the domain is listed in the renew.json file.
 
The nginx config refers to
Code:
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
Which is the correct location, do you know? Like I said, I have a Let's Encrypt certificate generated using the Synology interface.
According to a Reddit post, it should be /usr/syno/etc/certificate/_archive/<folder>, but when I tried opening, my user didn't seem to have the necessary permissions, so I'm wondering if Odoo/Docker would.

If you have the LE cert imported in your NAS, than at

Control Panel -> Security -> Certificates -> Configure

you can specify the certificate for the Syno RP entry you created.
 
If you have the LE cert imported in your NAS, than at

Control Panel -> Security -> Certificates -> Configure

you can specify the certificate for the Syno RP entry you created.
Wouldn't that be valid only if the RP entry is created using the Synology interface? I'm trying to create a manual nginx config.
 
Last edited:
I've created an odoo.conf file in /usr/local/etc/nginx/sites-enabled/ and given ownership to root:root. Regardless, trying to open the address returns ERR_CONNECTION_REFUSED.

The full content is below.
NGINX:
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}

# http -> https
server {
   listen 80;
   server_name erp.mydomain.com;
   rewrite ^(.*) https://$host$1 permanent;
}

server {
listen 443;
server_name erp.mydomain.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;

# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

# SSL parameters
ssl on;
ssl_certificate /usr/syno/etc/certificate/_arhive/aUe1JZ/cert.pem;
ssl_certificate_key /usr/syno/etc/certificate/_arhive/aUe1JZ/privkey.pem;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;

# Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://odoochat;
}

# Redirect requests to odoo backend server
location / {
   proxy_redirect off;
   proxy_pass http://odoo;
}

# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}

EDIT: I'm probably doing something wrong, because when I put the odoo.conf file and restart nginx, the whole DSM interface becomes inaccessible.
 
I'd really appreciate some help, guys.

I've been trying to figure out what errors Nginx throws, but even commenting the line for the location of error_log in /usr/syno/share/nginx/nginx.mustache results in total breakdown of the web interface.
 
I'd say run a seperate nginx instance in Docker, you can play around with the nginx.conf in that container without damaging your DSM...

Lets say run that nginx container on port 8228 or something, so you can use Syno RP to route all Odoo traffic to the seperate nginx container, then set your network flow like this:

odoo.mydomain.com -> Synolgy RP -> nginx docker container -> odoo container.

See if that works.
 
Hi there,

So, I've installed Nginx in a new Docker container; tested connection on the local port - works; did a reverse proxy + a Let's Encrypt certificate - works fine, is accessible from the internet and shows the "Welcome to nginx" message.

The Nginx container has a volume mounted to /etc/nginx/sites-enabled and in it I put the oddo.conf file. What else do I need to do in order to make the last step of Shadow's suggestion, i.e. the link between the nginx docker container and the odoo container?
 
Hello,

I've not been able to get this to work. I'd be more than happy to pay for some assistance if anyone of you, guys, is willing to invest some time to help me.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
Replies
1
Views
425
  • Question
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
Replies
10
Views
1,239
  • Solved
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
Replies
3
Views
1,558
I accessed to log and when I trying connect I have message: "SSTP_DUPLEX_POST...
Replies
9
Views
1,662
  • Solved
Glad it’s working. Now you can help the next person! No reward necessary 😎
Replies
14
Views
2,265
The thing is... Too many users freeload off Marius and then come to the forums for assistance. Give Marius...
Replies
4
Views
1,724

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top