Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

nginx - Disable http to https redirect?

Tags:

nginx

ssl

I followed this tutorial http://www.schenkels.nl/2014/12/reverse-proxy-with-odoo-8-nginx-ubuntu-14-04-lts/ how to make reverse proxy for odoo with nginx.

Everything went fine here. But the problem is with certificate. Every browser swears that my self signed certificate is not trusted. And this is test server so I don't really care about security now. I tried to disable/comment everything with certificates and ssl. But nginx still redirects to https and then when it does not find certificate, it just gives this error:

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have

But how can I make to just ignore https, and use http instead without any encryption? Do I need to adjust something inside nginx itself?

For example using apache, if not specified to use secure connection, then it just uses normal http and that is that. Hope someone else have better experience with nginx.

Configuration I adjusted looks like this (I just commented some parts and changed rewrite to be http instead of https):

upstream odoo8 {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

## http redirects to https ##
server {
listen 80;
server_name _;

# Strict Transport Security
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ http://$host$request_uri? permanent;
}

server {
# server port and name
listen 443;
server_name _;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# add ssl specific settings
#keepalive_timeout 60;
ssl off;
#ssl_certificate /etc/ssl/nginx/server.crt;
#ssl_certificate_key /etc/ssl/nginx/server.key;

# limit ciphers
#ssl_ciphers HIGH:!ADH:!MD5;
#ssl_protocols SSLv3 TLSv1;
#ssl_prefer_server_ciphers on;

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;

#general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

# Let the OpenERP web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
#proxy_set_header X-Forwarded-Proto https;

# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;

location / {
proxy_pass http://odoo8;
}

location /longpolling {
proxy_pass http://odoo8-im;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bit.
location /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo8;
}
}
like image 208
Andrius Avatar asked May 06 '15 09:05

Andrius


People also ask

How do I redirect traffic from HTTP to https in nginx?

Redirect HTTP to HTTPS version for Specified domain in Nginx Server_name domain-name.com www.domain-name.com – it specifies the domain names. So, replace it with your website domain name that you want to redirect. Return 301 https://domain-name.com$request_uri – it moves the traffic to the HTTPS version of the site.


1 Answers

You just need to comment out redirection on 80 port and listen on 80 port. This can be accomplished with following updates in config

upstream odoo8 {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

## http redirects to https ##
#server {
#listen 80;
#server_name _;

# Strict Transport Security
#add_header Strict-Transport-Security max-age=2592000;
#rewrite ^/.*$ http://$host$request_uri? permanent;
#}

server {
# server port and name
# listen 443;  # comment out this line
listen 80;
server_name _;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# add ssl specific settings
#keepalive_timeout 60;
ssl off;
#ssl_certificate /etc/ssl/nginx/server.crt;
#ssl_certificate_key /etc/ssl/nginx/server.key;

# limit ciphers
#ssl_ciphers HIGH:!ADH:!MD5;
#ssl_protocols SSLv3 TLSv1;
#ssl_prefer_server_ciphers on;

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;

#general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

# Let the OpenERP web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
#proxy_set_header X-Forwarded-Proto https;

# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;

location / {
proxy_pass http://odoo8;
}

location /longpolling {
proxy_pass http://odoo8-im;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bit.
location /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
like image 144
Harshad Yeola Avatar answered Oct 04 '22 00:10

Harshad Yeola