DonSYS91/odoo.conf

## odoo.conf
#odoo server
upstream odoo {
    server 127.0.0.1:8069;
}
upstream odoochat {
    server 127.0.0.1:8072;
}
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name DOMAIN;

    rewrite ^(.*) https://$host$1 permanent;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name DOMAIN;

    ssl_certificate /etc/nginx/conf.d/DOMAIN/web.crt;
    ssl_certificate_key /etc/nginx/conf.d/DOMAIN/web.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
    ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
    ssl_conf_command Options ServerPreference,PrioritizeChaCha,NoRenegotiation,NoResumptionOnRenegotiation;
    ssl_ecdh_curve secp521r1:secp384r1;

    # HSTS (ngx_http_headers_module is required) (31536000 seconds)
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Add Headers for odoo proxy mode
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # log
    access_log /var/log/nginx/DOMAIN.access.log;
    error_log /var/log/nginx/DOMAIN.error.log;

    # Redirect websocket requests to odoo gevent port
    location /websocket {
    	proxy_pass http://odoochat;
    	proxy_set_header Upgrade $http_upgrade;
    	proxy_set_header Connection $connection_upgrade;
    	proxy_set_header X-Forwarded-Host $host;
    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	proxy_set_header X-Forwarded-Proto $scheme;
    	proxy_set_header X-Real-IP $remote_addr;
    }

    # Redirect requests to odoo backend server
    location / {
        proxy_redirect off;
        proxy_pass http://odoo;
    }

    location @odoo {
        proxy_redirect off;
        proxy_pass http://odoo;
    }

    # Serve static files right away
    location ~ ^/[^/]+/static/.+$ {
        root /usr/lib/python3/dist-packages/odoo/addons;
        try_files $uri @odoo;
        expires 24h;
    }

    # common gzip
    gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
    gzip on;

    # CloudFlare DNS
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
}
	#odoo server
	upstream odoo {
	server 127.0.0.1:8069;
	}
	upstream odoochat {
	server 127.0.0.1:8072;
	}
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	server {
	listen 80;
	listen [::]:80;
	server_name DOMAIN;

	rewrite ^(.*) https://$host$1 permanent;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name DOMAIN;

	ssl_certificate /etc/nginx/conf.d/DOMAIN/web.crt;
	ssl_certificate_key /etc/nginx/conf.d/DOMAIN/web.key;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
	ssl_session_tickets off;

	# intermediate configuration
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
	ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
	ssl_conf_command Options ServerPreference,PrioritizeChaCha,NoRenegotiation,NoResumptionOnRenegotiation;
	ssl_ecdh_curve secp521r1:secp384r1;

	# HSTS (ngx_http_headers_module is required) (31536000 seconds)
	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;

	# OCSP stapling
	ssl_stapling on;
	ssl_stapling_verify on;

	proxy_read_timeout 720s;
	proxy_connect_timeout 720s;
	proxy_send_timeout 720s;

	# Add Headers for odoo proxy mode
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Real-IP $remote_addr;

	# log
	access_log /var/log/nginx/DOMAIN.access.log;
	error_log /var/log/nginx/DOMAIN.error.log;

	# Redirect websocket requests to odoo gevent port
	location /websocket {
	proxy_pass http://odoochat;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Real-IP $remote_addr;
	}

	# Redirect requests to odoo backend server
	location / {
	proxy_redirect off;
	proxy_pass http://odoo;
	}

	location @odoo {
	proxy_redirect off;
	proxy_pass http://odoo;
	}

	# Serve static files right away
	location ~ ^/[^/]+/static/.+$ {
	root /usr/lib/python3/dist-packages/odoo/addons;
	try_files $uri @odoo;
	expires 24h;
	}

	# common gzip
	gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
	gzip on;

	# CloudFlare DNS
	resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
	}