Monday, 28 November 2011

Connect OpenERP Using ReverseProxy.

Goto terminal and download apache2.

Create new file in /etc/apache2/setes-available/
and put the following code over their.

<VirtualHost *:80>
        ServerName webclient
        ServerAdmin webmaster@localhost

         <Proxy *>
                Order deny,allow
                Allow from all
        ProxyRequests Off
        ProxyPass / http://localhost:8090/
        ProxyPassReverse / http://localhost:8090/
        ProxyHTMLURLMap / http://localhost:8090/ /http://webclient/

        ErrorLog /var/log/apache2/webclient-error.log
        CustomLog /var/log/apache2/webclient-access.log combined
Now go to /etc/hosts
and add host over there like    webclient (webclient as a domain name)

Now change .cfg file of web-client.
tools.proxy.on = True

tools.proxy.base = 'http://webclient'

Now when you write webclient in URL, you will navigated to OpenERP webclient.

For better understanding follow the link.

Or Follow the following steps which are from google doc of openerp reverse proxy.

Openerp-web https connection using Apache2

Version: 2.0

The following script describes how to configure the Openerp-web client for a production environment (Ubuntu server 10.04 LTS, Openerp version 6.x.x) over https with Apache2.

Https for the client-web, encrypts communication between your webbrowser and the client-web server which is connected to openerp-server. To enable https for the client-web, you can use a web-server like apache2 and use its proxy function.

Installing Apache2 and enabling supporting modules
sudo apt-get -f install apache2
sudo apt-get -f install libapache2-mod-gnutls
sudo apt-get -f install libapache2-mod-python
sudo apt-get -f install libapache2-mod-wsgi
sudo apt-get -f install libapache2-modxsltsudo /etc/init.d/apache2 restart

sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_connect
sudo a2enmod proxy_ftp
sudo a2enmod proxy_http
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart

Generating keys and certificates
You should see the default certificate and key files in:
sudo nano /etc/ssl/certs/ssl-cert-snakeoil.pem
sudo nano /etc/ssl/private/ssl-cert-snakeoil.key

Apache web server configurations
If you have static IP and domain name, add a new line:
sudo nano /etc/hosts

# serveripaddress     mydomain            

Proxy settings – default
sudo nano /etc/apache2/sites-available/default
Add the following lines in the at the bottom:

Redirect / "https://mydomain"


sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/default-ssl

Proxy settings – default-ssl
sudo nano /etc/apache2/sites-available/default-ssl
Add the following lines in the at the bottom:

<VirtualHost *:443>

<Proxy "*">
    AddDefaultCharset off
    order deny,allow
    allow from all
ProxyRequests Off
ProxyPass /
ProxyPassReverse /
RequestHeader set "X-Forwarded-Proto" "https"
# Fix IE problem (http error 408/409)
SetEnv proxy-nokeepalive 1


This file should already contain the lines:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Postgres permissions
sudo usermod -aG ssl-cert postgres
sudo chmod -R 650 /etc/ssl/private/
sudo su postgres
cd /etc/ssl/private # with ls -l you must see:
-rw-r-x--- 1 root ssl-cert 887 2011-04-17 18:12 ssl-cert-snakeoil.key
# Otherwise you get the error “Can not read server.key file, permission denied” on postgresql start.

To make sure the key file is accessible:
cat /etc/ssl/private/ssl-cert-snakeoil.key #You must be able to see the key

The symbolic links from postgres must show this:
ls -l /var/lib/postgresql/8.4/main/s*
lrwxrwxrwx 1 root root 36 2011-01-30 14:08 /var/lib/postgresql/8.4/main/server.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 38 2011-01-30 14:08 /var/lib/postgresql/8.4/main/server.key -> /etc/ssl/private/ssl-cert-snakeoil.key


Openerp-web configuration
sudo nano /etc/openerp-web.cfg
Change and paste:

tools.proxy.on = True
tools.proxy.base = 'https://mydomain/'
tools.proxy.local = ''
tools.nestedvars.on = True

tools.csrf.on = False

Starting Servers
sudo /etc/init.d/openerp-web stop
sudo /etc/init.d/openerp-server stop
sudo /etc/init.d/postgresql-8.4 restart
sudo /etc/init.d/apache2 restart
openerp-server –secure –cert-file=/etc/ssl/certs/ssl-cert-snakeoil.pem –pkey-file=/etc/ssl/private/ssl-cert-snakeoil.key

control C

sudo /etc/init.d/openerp-server start
sudo /etc/init.d/openerp-web restart

To block the http access at port 8080:
sudo ufw enable #enables the firewall on your Ubuntu system
sudo ufw allow 443/tcp #enables the https standard port
sudo ufw deny 8080/tcp #You can check the firewall status with: sudo ufw status

In the web browser:
You should not be able to access:

You can secure login at: