Https redirection not working correctly

Server NGINX
1

Hello!

I am trying to set up nginx to

  • switch from http traffic to https
  • send alls https traffic to my odoo backend on port 8069

This is already working for different subdomains, but not for the domain
itself.

http://(www.)subdomain.domain.ch => https://(www.)subdomain.domain.ch
http://(www.)domain.ch => http://(www.)domain.ch, backend ist beeing
loaded
but not secured

  1. Why is domain.ch not beeing redirected to https://domain.ch?

  2. I would like to set up the let’s encrypt ssl renewal script described
    here:
    https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
    For this I need to put a file into the webroot folder, but I don’t know
    how
    to define this folder…

Thank you for your help.

This is my “odoo” file in sites-available:

odoo backend

upstream odoo {
server 127.0.0.1:8069;
}

https site##

server {
listen 443 default;
server_name *.xxxxx.ch xxxxx.ch www.xxxxx.ch;
# root /usr/share/nginx/html;
# index index.html index.htm;

# log files
access_log  /var/log/nginx/odoo-access.log;
error_log   /var/log/nginx/odoo-error.log;

# ssl files
ssl on;
ssl_certificate /etc/letsencrypt/live/xxxxx.ch/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxxx.ch/privkey.pem;
keepalive_timeout   60;

# limit ciphers
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;


# proxy buffers
proxy_buffers 16 64k;
proxy_buffer_size 128k;

## default location ##
location / {
    proxy_pass  http://odoo;
    # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500

http_502
http_503 http_504;
proxy_redirect off;

    # set headers
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto https;
}

# cache some static data in memory for 60mins
location ~* /web/static/ {
    proxy_cache_valid 200 60m;
    proxy_buffering on;
    expires 864000;
    proxy_pass http://odoo;
}

}

http redirects to https

server {
listen 80;
server_name *.xxxxx.ch www.xxxxx.ch xxxxx.ch;

# Strict Transport Security
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;

}

Posted at Nginx Forum:

2

Hello!

After your upstream block, but before your server (https) block put
something like this:

server {
listen 80;
server_name xxxxxxxxx.ch www.xxxxxxxxx.ch;
return 301 https://$server_name$request_uri;
}

…and remove the ## http redirects to https ## at the bottom.

Best regards,
Kevin

Kevin W.
kworthington att gmail dat com

http://twitter.com/kworthington

3

Hello Kevin!
Thank you very much, but it’s still not working…

odoo backend

upstream odoo {
server 127.0.0.1:8069;
}

http redirects to https

server {
listen 80;
server_name *.XXXXX.ch www.XXXXX.ch XXXXX.ch;
return 301 https://$server_name$request_uri;
}

https site##

server {
listen 443 default;
server_name *.XXXXX.ch XXXXX.ch www.XXXXX.ch;
# root /usr/share/nginx/html;
# index index.html index.htm;

# log files
access_log  /var/log/nginx/odoo-access.log;
error_log   /var/log/nginx/odoo-error.log;

# ssl files
ssl on;
ssl_certificate /etc/letsencrypt/live/XXXXX.ch/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXXXX.ch/privkey.pem;
keepalive_timeout   60;

# limit ciphers
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;


# proxy buffers
proxy_buffers 16 64k;
proxy_buffer_size 128k;

## default location ##
location / {
    proxy_pass  http://odoo;
    # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500

http_502
http_503 http_504;
proxy_redirect off;

    # set headers
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto https;
}

# cache some static data in memory for 60mins
location ~* /web/static/ {
    proxy_cache_valid 200 60m;
    proxy_buffering on;
    expires 864000;
    proxy_pass http://odoo;
}

}

Posted at Nginx Forum:

4

could this be related to the forwarding of the address?

This is my domain registrar setting:

XXXXX.ch => web alias to subdomain.XXXXX.ch
subdomain.XXXXX.ch => A record to IP address of my server

I need this setup because my odoo-erp selects the database according to
my
subdomains.

Posted at Nginx Forum: