Bin am Testen einer odoo-Installation.
Diese soll im proxy-Mode auf https erzwungen werden.
Beim Versuch, den lokalen nginx zu erreichen, bekomme ich folgenden Fehler:
Meine odoo.conf sieht wie folgt aus:An error occurred during a connection to 127.0.0.1:8069. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Code: Alles auswählen
root@debian:/etc/nginx/sites-available# cat odoo
## OpenERP backend ##
upstream odoo {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}
upstream odoo-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}
## https site##
server {
listen 443;
server_name 192.168.0.128;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate /etc/nginx/ssl/odootest.crt;
ssl_certificate_key /etc/nginx/ssl/odootest.key;
allow all;
# log files
access_log /var/log/nginx/192.168.0.128.access.log;
error_log /var/log/nginx/192.168.0.128.error.log;
# proxy buffers
proxy_buffers 16 64k;
proxy_buffer_size 128k;
## default location ##
location / {
proxy_pass http://odoo;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_read_timeout 300000;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# cache some static data in memory for 60mins
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
location /longpolling {
proxy_pass http://odoo-im;
}
}
## http redirects to https ##
server {
listen 80;
server_name 192.168.0.128;
# Strict Transport Security
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
return 301 https://$host$request_uri;
}
Code: Alles auswählen
root@debian:~# openssl s_client -connect 127.0.0.1:443
CONNECTED(00000003)
139634740041360:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1490457857
Timeout : 300 (sec)
Verify return code: 0 (ok)
Die nginx-Konfiguration wird nicht bemängelt (nginx -t meldet keinen Fehler)
Die Schlüssel sind unter /etc/nginx/ssl abgelegt:
Code: Alles auswählen
root@debian:/etc/nginx/ssl# ls
odootest.crt odootest.csr odootest.key
Wie behebe ich das Problem?