Monday, 28 November 2011

Connect OpenERP Using ReverseProxy.

Goto terminal and download apache2.

Create new file in /etc/apache2/setes-available/
and put the following code over their.


<VirtualHost *:80>
        ServerName webclient
        ServerAdmin webmaster@localhost

         <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyRequests Off
        ProxyPass / http://localhost:8090/
        ProxyPassReverse / http://localhost:8090/
        ProxyHTMLURLMap / http://localhost:8090/ /http://webclient/

        ErrorLog /var/log/apache2/webclient-error.log
        CustomLog /var/log/apache2/webclient-access.log combined
</VirtualHost>
Now go to /etc/hosts
and add host over there like 192.168.1.91    webclient (webclient as a domain name)

Now change .cfg file of web-client.
tools.proxy.on = True

tools.proxy.base = 'http://webclient'


Now when you write webclient in URL, you will navigated to OpenERP webclient.

For better understanding follow the link.
http://crazy8s.info/wiki/index.php/Ubuntu_Apache_Reverse_Proxy
https://docs.google.com/document/d/1861eyMCcSE0pNZKGHuPY5OfIatorxkpNg-4wFeiP1wI/edit?hl=en&authkey=COW5nkE&pli=1
http://www.openerp.com/forum/topic24487.html

http://www.askapache.com/web-hosting/reverse-proxy-apache.html#Building_Apache_Proxying

http://www.apachelounge.com/viewtopic.php?t=3347




Or Follow the following steps which are from google doc of openerp reverse proxy.

Openerp-web https connection using Apache2

Version: 2.0

The following script describes how to configure the Openerp-web client for a production environment (Ubuntu server 10.04 LTS, Openerp version 6.x.x) over https with Apache2.

Https for the client-web, encrypts communication between your webbrowser and the client-web server which is connected to openerp-server. To enable https for the client-web, you can use a web-server like apache2 and use its proxy function.

Installing Apache2 and enabling supporting modules
sudo apt-get -f install apache2
sudo apt-get -f install libapache2-mod-gnutls
sudo apt-get -f install libapache2-mod-python
sudo apt-get -f install libapache2-mod-wsgi
sudo apt-get -f install libapache2-modxsltsudo /etc/init.d/apache2 restart

sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_connect
sudo a2enmod proxy_ftp
sudo a2enmod proxy_http
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart

Generating keys and certificates
You should see the default certificate and key files in:
sudo nano /etc/ssl/certs/ssl-cert-snakeoil.pem
sudo nano /etc/ssl/private/ssl-cert-snakeoil.key

Apache web server configurations
If you have static IP and domain name, add a new line:
sudo nano /etc/hosts

# serveripaddress     mydomain
10.0.1.10                      http://83.119.81.123


Proxy settings – default
sudo nano /etc/apache2/sites-available/default
Add the following lines in the at the bottom:


Redirect / "https://mydomain"

</VirtualHost>


sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/default-ssl

Proxy settings – default-ssl
sudo nano /etc/apache2/sites-available/default-ssl
Add the following lines in the at the bottom:

<VirtualHost *:443>


<Proxy "*">
    AddDefaultCharset off
    order deny,allow
    allow from all
</Proxy>
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set "X-Forwarded-Proto" "https"
# Fix IE problem (http error 408/409)
SetEnv proxy-nokeepalive 1

</VirtualHost>

This file should already contain the lines:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Postgres permissions
sudo usermod -aG ssl-cert postgres
sudo chmod -R 650 /etc/ssl/private/
sudo su postgres
cd /etc/ssl/private # with ls -l you must see:
-rw-r-x--- 1 root ssl-cert 887 2011-04-17 18:12 ssl-cert-snakeoil.key
# Otherwise you get the error “Can not read server.key file, permission denied” on postgresql start.

To make sure the key file is accessible:
cat /etc/ssl/private/ssl-cert-snakeoil.key #You must be able to see the key

The symbolic links from postgres must show this:
ls -l /var/lib/postgresql/8.4/main/s*
lrwxrwxrwx 1 root root 36 2011-01-30 14:08 /var/lib/postgresql/8.4/main/server.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 38 2011-01-30 14:08 /var/lib/postgresql/8.4/main/server.key -> /etc/ssl/private/ssl-cert-snakeoil.key

exit

Openerp-web configuration
sudo nano /etc/openerp-web.cfg
Change and paste:

tools.proxy.on = True
tools.proxy.base = 'https://mydomain/'
tools.proxy.local = ''
tools.nestedvars.on = True

tools.csrf.on = False

Starting Servers
sudo /etc/init.d/openerp-web stop
sudo /etc/init.d/openerp-server stop
sudo /etc/init.d/postgresql-8.4 restart
sudo /etc/init.d/apache2 restart
openerp-server –secure –cert-file=/etc/ssl/certs/ssl-cert-snakeoil.pem –pkey-file=/etc/ssl/private/ssl-cert-snakeoil.key

control C

sudo /etc/init.d/openerp-server start
sudo /etc/init.d/openerp-web restart

To block the http access at port 8080:
sudo ufw enable #enables the firewall on your Ubuntu system
sudo ufw allow 443/tcp #enables the https standard port
sudo ufw deny 8080/tcp #You can check the firewall status with: sudo ufw status

In the web browser:
You should not be able to access:
http://mydomain:8080

You can secure login at:
https://mydomain/

No comments:

Post a Comment