How to install OpenERP 6.0 on Ubuntu 10.04 LTS Server (Part 2 – SSL)

This article follows on (hopefully not unsurprisingly) from part 1.

In this post I’ll describe our current way of providing SSL encrypted access to a shiny new OpenERP server running on Ubuntu 10.04 LTS Server.

We’re using the Apache webserver to act as a proxy and do SSL termination for web client access and for WebDAV/CalDAV access. The GTK client will also be running over an encrypted XMLRPC link directly to the OpenERP Server. Apache is the most widely used webserver in the world and there is oodles of documentation about it so I do not plan to go into any great detail about the configuration choices. One document that is worth pointing out however is the information about how to configure and administer Apache specifically under Debian/Ubuntu. The way Apache is packaged and set up is quite different from most other Linux distributions. A very useful document can be found here /usr/share/doc/apache2.2-common/README.Debian.gz on your server.

NB: For the purposes of this how to, we’ll be using self-signed certificates. A discussion of the pros and cons of this choice is beyond the scope of this article.

Step 1. Install Apache and required modules

On your server install apache2 by typing

sudo apt-get install apache2

Now we’ll tell apache that we want to use a few modules (mod_ssl, mod_proxy, mod_proxy_http, mod_headers and mod_rewrite [optional]) that are not enabled by default:

sudo a2enmod ssl proxy_http headers rewrite

Next, we need to generate a SSL certificate and key.

Step 2. Create your cert and key

I create the files in a temporary directory then move them to their final resting place once they have been built (the first cd is just to make sure we are in our home directory to start with):

cd
mkdir temp
cd temp

Then we generate a new key, you will be asked to enter a passphrase and confirm:

openssl genrsa -des3 -out server.pkey 1024

We don’t really want to have to enter a passphrase every time the server starts up so we remove the passphrase by doing this:

openssl rsa -in server.pkey -out server.key

Next we need to create a signing request which will hold the data that will be visible in your final certificate:

openssl req -new -key server.key -out server.csr

This will generate a series of prompts like this: Enter the information as requested:

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:The Client’s Company

And finally we self-sign our certificate.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

We only need two of the files in the working directory, the key and the certificate. But before we can use them they need to have their ownership and access rights altered:

sudo chown openerp:root server.crt server.key
sudo chmod 640 server.crt server.key

And then we put them in a sensible place:

sudo mkdir /etc/ssl/openerp
sudo chown openerp:root /etc/ssl/openerp
sudo chmod 710 /etc/ssl/openerp
sudo mv server.crt server.key /etc/ssl/openerp/

Now the key and certificate are safely stored away, we can tell Apache where they are:

Step 3. Create the Apache site configuration file

We create a new Virtual Host configuration file

sudo nano /etc/apache2/sites-available/openerp-ssl

with the following content:

<VirtualHost *:443>

SSLEngine on
SSLCertificateFile /etc/ssl/openerp/server.crt
SSLCertificateKeyFile /etc/ssl/openerp/server.key

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyVia On

ProxyPass /webdav/ http://127.0.0.1:8069/webdav/
<Location /webdav/ >
ProxyPassReverse /webdav/
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT MOVE COPY DELETE LOCK UNLOCK>
Order Deny,Allow
Allow from all
Satisfy Any
</Limit>
</Location>

ProxyPass / http://127.0.0.1:8080/
<location / >
ProxyPassReverse /
</location>

RequestHeader set "X-Forwarded-Proto" "https"

# Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1

</VirtualHost>

Note there are two Proxy configurations. One for /webdav/ and one for /. If you do not intend to use WebDAV or CalDAV then you can remove that section. But essentially, we are telling apache that WebDAV traffic needs to go to the XMLRPC port on the OpenERP server, and normal web traffic needs to go to the web client that is listening on port 8080. The order is also important. If / came before /webdav/ then it wouldn’t work.

And then we can enable the new site configuration.

sudo a2ensite openerp-ssl

Optionally, you can use mod_rewrite to redirect any normal (non-encrypted) web browser traffic to the SSL port (443).

To do this, add the following lines (outside of the <directory> config blocks) into the file /etc/apache2/sites-available/default

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

Step 4. Change the OpenERP server and web-client configuration files

The next step is to re-configure the OpenERP server and Web client so that the non-encrypted services are not accessible from the outside world.

In /etc/openerp-server.conf the two non-encrypted services will only listen on localhost, i.e. not from external connections so in effect only traffic from Apache will be accepted. We also tell the XMLRPC-SSL service where to find the necessary key and certificate.

Make the following changes:

sudo nano /etc/openerp-server.conf

xmlrpc = True
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069

netrpc = True
netrpc_interface = 127.0.0.1
netrpc_port = 8070

xmlrpcs = True
xmlrpcs_interface =
xmlrpcs_port = 8071
secure_pkey_file = /etc/ssl/openerp/server.key
secure_cert_file = /etc/ssl/openerp/server.crt

If you want to have WebDAV/CalDAV access add the following at the bottom of the config file.

[webdav]
enable = True
vdir = webdav

Then in the web client config file /etc/openerp-web.conf make the following changes so that it also only accepts traffic from localhost:

sudo nano /etc/openerp-web.conf

# Some server parameters that you may want to tweak
server.socket_host = “127.0.0.1”

# Set to True if you are deploying your App behind a proxy
# e.g. Apache using mod_proxy
tools.proxy.on = True

# If your proxy does not add the X-Forwarded-Host header, set
# the following to the *public* host url.
tools.proxy.base = ‘https://your-ip-or-domain’

# Set to false to disable CSRF checks
tools.csrf.on = False

That’s it.

Step 5. Try it out

Restart the services to load the new configurations

sudo service openerp-server restart
sudo service openerp-web restart
sudo service apache2 restart

You should not be able to connect to the web client on port 8080 and the GTK client should not connect on either the NetRPC (8070) or XMLRPC (8069) services. For the web access you just need to visit https://your-ip-or-domain and in the GTK client you will need to use port 8071 and choose the XMLRPC (Secure) protocol.

For CalDAV access the URL to a calendar will be something like this:

https://your-ip-or-domain/webdav/DB_NAME/calendars/users/USERNAME/c/CALENDAR_NAME

I hope that is helpful and obviously we’d love to hear comments and suggestions for improvements.

Tags: , , , ,

78 Comments

  • […] How to install OpenERP 6 on Ubuntu 10.04 LTS Server (Part 2 – SSL) This entry was posted in Uncategorized. Bookmark the permalink. ← OpenERP, Kettle and TerminatOOOR LikeBe the first to like this post. […]

  • […] Feed « I’ve started so I’ll finish How to install OpenERP 6 on Ubuntu 10.04 LTS Server (Part 2 – SSL) […]

  • Tom says:

    Just to let you know, it’s not
    sudo a2enmod ssl proxy_http headers mod_rewrite

    It’s
    sudo a2enmod ssl proxy_http headers rewrite

  • LM says:

    Probably the best How-to for installing OpenERP 6 on Ubuntu 10.04 LTS.
    Lots of best-practices inplace.

  • Bogdan says:

    Hi there! thank you for this tutorial!

    One question: for some reason, while trying to get the directories through webdav, I get only a blank screen, once I input the username and pwd. Any idea?

    regards, b

    • Alan Bell says:

      that would appear to be normal. Bit curious about that myself to be honest.

      • Alan Lord says:

        Webdav does seem a little strange to start with and I don’t think Firefox is really the best tool for the job.

        I managed to work my way “into” the webdav tree by using the linux CLI tool called cadaver (on Ubuntu just sudo apt-get install cadaver).

        You can then do stuff like:

        $ cadaver https://SERVER_URL/webdav/

        Which should then let you login and browse the available webdav tree, e.g.:

        dav:/webdav/> ls
        Listing collection `/webdav/': succeeded.
        Coll: aeroo_testing 0 May 5 08:16
        Coll: crmtest 0 May 5 08:16
        Coll: discouttests 0 May 5 08:16
        Coll: emailtest 0 May 5 08:16
        Coll: smtptest 0 May 5 08:16
        dav:/webdav/>

  • […] The Open Sourcerer » How to install OpenERP 6 on Ubuntu 10.04 LTS Server (Part 2 – SSL) – […]

  • Vecchi says:

    I’d like to do this with nginx.

  • manlsea says:

    after sudo service apache2 restart

    Error:
    Syntax error on line 7 of /etc/apache2/sites-enabled/openerp-ssl:
    Invalid command ‘ProxyRequests’, perhaps misspelled or defined by a module not included in the server configuration
    Action ‘configtest’ failed.
    The Apache error log may have more information.
    …fail!

    How can I solve? (ubuntu 11.04)

    thank’s

  • manlsea says:

    Previously, after sudo a2enmod ssl proxy_http headers rewrite
    an error has occurred: Module proxy_http does not exist!

  • jordan says:

    Does anyone know how to remove the OpenERP tweets widget from the web interface ?
    Thanks.

    • Alan Lord says:

      On the menu go to:

      Administration -> Customisation -> User Interface -> Widgets per user

      And delete the entry for the Twitter widget.

      That seems to work here. (I Suggest you try it on a dummy db first just to check everything else is still OK)

  • zulkefly says:

    hello,

    GTK client could not connect to server after used SSL. Web client working. Anyone can help?


    [2011-07-20 16:42:36,293][?] ERROR:init:Server error in request from ('175.0.7.213', 52131):
    Traceback (most recent call last):
    File "/opt/openerp/server/bin/service/websrv_lib.py", line 528, in _handle_request2
    self.process_request(request, client_address)
    File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
    self.finish_request(request, client_address)
    File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
    self.RequestHandlerClass(request, client_address, self)
    File "/opt/openerp/server/bin/service/websrv_lib.py", line 246, in __init__
    SocketServer.StreamRequestHandler.__init__(self,request,client_address,server)
    File "/usr/lib/python2.6/SocketServer.py", line 614, in __init__
    self.setup()
    File "/opt/openerp/server/bin/service/websrv_lib.py", line 465, in setup
    ssl_version=ssl.PROTOCOL_SSLv23)
    File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
    File "/usr/lib/python2.6/ssl.py", line 113, in __init__
    cert_reqs, ssl_version, ca_certs)
    SSLError: [Errno 336265218] _ssl.c:337: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib

    • Alan Lord says:

      Please check Launchpad (https://bugs.launchpad.net/openobject-server/+bug/682579/comments/6) – This is almost certainly due to a misconfiguration either in the certificate or the openerp-server.conf file.

      • Esa Pynnönen says:

        GTK client could not connect to server after used SSL <- had also this error.

        There is line in "openerp-server.conf" (the file you currently are using) that says:
        ;secure_pkey_file = /etc/ssl/openerp/server.pkey

        Changed that to:
        secure_pkey_file = /etc/ssl/openerp/server.pkey

        Didn't work, but after reading carefully many times through the file noticed that it should be:
        secure_pkey_file = /etc/ssl/openerp/server.key

        like your great tutorial says there shouldnt de the "p" in .pkey. But in the file you have there is the p, and when not reading carefully the p stays there…

        • Alan Lord says:

          Many thanks for that – I have changed the original openerp-server.conf file so that the line now reads:

          ;secure_pkey_file = /etc/ssl/openerp/server.key

          Thanks again.

  • Steve says:

    Just wanted to say thanks. I tried getting this exact setup up and running before I found your guide and I am much happier with the new setup after starting over with your advice.

    • Alan Lord says:

      Thanks for dropping by and saying thanks Steve. It’s very appreciated.

      PS: If you have any improvements or other suggestions please do feel free to make them.

  • Thank you very much for such a clear guide. Thanks

  • Vladimir says:

    I just want to say thanks for saving me a lot of time…
    The installation howto on the official could be updated by your post…

    great job,

    regards, Vladimir

  • Stefan Ioan says:

    Thanks a bunch for your guide, worked great on Debian Squeeze.

    One small detail still eludes me: on logout from the web interface, I get directed to http://127.0.0.1:8080/
    Any hints ?

    Thanks again

  • Thomas says:

    Hello Alan,
    Thanks a lot for this very clear how to. The official documentation could be greatly improved with your work!
    One question though (that may seem silly): what should I do with the files server.csr and server.pkey that are still in the temp directory? Just delete them? I’m afraid let them where they are may cause security issues…
    Thanks in advance,
    Thomas

    • Alan Lord says:

      Hi Thomas.

      That’s a good question! I really have no idea to be honest. I just delete them but perhaps someone who understands certificates better than I could comment?

  • Edvinas says:

    Great! I Just want to Thank you :)
    There will be other parts? :D

    • Alan Lord says:

      Not stole, reproduced… They have attributed it at the top of article, and my content on this blog is licensed under the this Creative Commons license so others can share and re-use.

      It’s no problem as long as it’s attributed properly and they respect the license.

  • Fire Man says:

    Hello Alan

    You done such a great job. I have a question which concern remote access to the webdav server from an xp client, that using web. Whenever i want to open a folder here is “http://127.0.0.1:8069/webdav/dms/principals” am directed to thus i would really appreciate if i can this issue solve.

    Thanks in advance

    • Alan Lord says:

      Thanks for the compliment.

      I’m not sure I completely understand but for webdav access if you’ve followed this article completely webdav access will be via apache and over https. (I can’t talk about XP as I do not use it and have no idea how it handles webdav).

      From a webdav client (Cadaver) on my Ubuntu computer I can access our OpenERP server. See this link.

  • Simone Bianchi says:

    Hi, first of all thanks for the how to, is very good!
    I just like ask a clarification, after the installation of the Part 2 – SSL, is possible to reach the OpenERP by https://my-ip , but when I like from the main page open the page where I can create a new db, don’t work. Can I ask if others have the same problem and how can be solved? Thanks Simone

    • Alan Lord says:

      Hi Simone,

      Are there any error messages on the screen or in the log files? If you can paste them somewhere and provide a link I’m sure we can help you fix the problem.

      PS: There’s usually several people in #openobject on freenode IRC who will also probably be able to help.

  • Nexo says:

    Hello Alan,

    After following each and every step for implementing SSL from your Tutorial I was able to access openerp, the point is that while I was configuring the files I replaced every ‘your-ip-or-domain’ for ‘127.0.0.1’ since I really do not know whether to use any random IP or to use my ISP IP fetched from http://www.whatismyip.com or any other website like this, so I thought “I couldn’t be that easy” and unfortunately I was right since I checked from my Host Vista OS (openerp is running on virtualbox) invoking the URL http://127.0.0.1:8080/ and IE loaded an openerp instance in spanish version while mine was setup in English so I infered that this openerp instance was not my own one, even more I tried to connect remotely from other laptops and they even do not loaded any openerp instance from this URL (ending in connection error).
    So Alan, is there any suggestion for the scenario I described above?

    Regards

  • Nathan says:

    Thanks for the great tute Alan. You hit the right balance between easy to follow and enough technical info to understand what was going on. Openerp’s official docs are sketchy at best and your walkthrough really helped :)

  • Vladimir says:

    First of all thnx for clear and functional howto…it works perfect..

    I am trying to use openerp report designer for open office and it does not work…

    I was thinking does any of the changes in default install (without SSL) can be possible cause why the report designer does not work?

    I installed base report designer and installed extension on open office 3.3 and the plugin is not responding to anything…

    anyone else having trouble getting report designer to work?

    thnx, bye

    • Vladimir says:

      Hi,

      I can confirm that with applying changes (Part 2 – SSL) of this howto messes with report designer module and does not allow modification of the report (quotation, invoice, etc.) through open office plugin for openerp.

      I removed changes of the Part 2 – SSL howto and I can connect and modify reports with open office.
      I suppose the plugin does not support ssl and tries connection over http.
      Would be nice to see how can this work with SSL.

      regards, Vladimir

      • Alan Lord says:

        You are correct.

        This is bug which is in the OpenERP Report Designer and the Thunderbird extension. Neither work over https unfortunately. There are bugs reports on Launchpad.

        For reporting however, I would recommend trying the excellent Aeroo Report system. It is much easier to use once set up and is very flexible; and it does work when OpenERP is only available via https.

        • Edvinas says:

          Hi,
          Could you please provide more detailed information about installing the aeroo reports I’ve found some information in developer website is unclear and difficult to understand, maybe you can share your knowledge? google does not help in this situation (I’ve followed all links in results page).
          Thanks!

  • Fabien says:

    I meet an error: here is my /var/log/apache2/error.log:
    [error] (111) Connection refused: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
    [error] ap_proxy_connect_backend disabling worker for (127.0.0.1)
    [error] proxy: HTTP: disabled connection for (127.0.0.1)
    Can you help me please ?
    thank you

    Fabian

  • Ted says:

    At the end of part one I tested the web client and I got to the logon page, but after doing the steps in part two I’m unable to access the web client on https://ip-address:8080. I’m not an Ubuntu expert (closet newb, I guess) and I’ve gone over all of the steps in part two, but I still can’t find what I did wrong. I’m lost on where to start debugging the issue.

    Thanks for the great tutorial, this is way better than the OpenERP supplied one.

    • Alan Lord says:

      Hi Ted and thanks.

      It should work fine – just remove the :8080 from the end of your URL. Apache is listening on port 443 (which is the default port when using http over SSL, e.g. https)

      So just point your browser to:

      https://ip-address

      and that should work fine.

  • Onthego says:

    Hi Alan Lord,

    Thanh for your how to.

    After finish part 2 reverse proxy just working on LAN only, I had created a sub domain for OpenERP user connect when onthego but It’s doesn’t work, when I browse from internet it doesn’t proxy pass to 12.0.0.1:8080. If I remove sub domain It’s redirect to default page of Apache “It’s work!” I check log but nothing about it.

    I using Zentyal 2.2 it’s had already reverse proxy by defaul.

    How can I pass thru?

    Regards.

    Lam

  • Ludovic says:

    Hi Alan,
    you did a great job. Thanks a lot. Everything is working good, even if I tried it with 6.03 and Ubuntu 11.10 server. Just one thing… I cannot connect remotly with my GTK client. No problem for my web client, and even the GTK client on the server. My PfSense firewall is set to open for 8069 to 8071 ports. But I tried all of them and nothing works from outside… Any idea ?

    Thanks a lot

  • Jorge Diaz says:

    OMG!!! Hey buddy thanks for this how to, it worked great so i am really very thank full with you

  • Hi Alan,

    Thanks for the post! It has been really helpful. I’m finding that after installing the access through SSL RPC-Secure access it is no longer possible to access using the alternative methods. Is there any way to enable this?

    That would help in, for example, accessing from the home network to OpenERP using XML-RPC or NET-RPC fast, and when I’m out of home, access to OpenERP through the slower XML-RPC secure access.

    At this moment the access message is “Cannot connect to server”.

    Many thanks!!!
    Regards,
    Jordi Ballester Alomar.

    • Alan Lord says:

      Thanks Jordi,

      I think that should be quite easy to sort out.

      See step 4.

      In /etc/openerp-server.conf the two non-encrypted services will only listen on localhost, i.e. not from external connections so in effect only traffic from Apache will be accepted…

      and just revert the

      {net,xml}rpc_interface = 127.0.0.1

      to their prior settings as in part 1.

      I’d block access to those unencrypted ports from outside your network though.

  • samarendra says:

    Hi Alan

    Thanks a lot for this tutorial.I followed this and everything is working properly,but there is a little bit problem i am facing that I can’t access openerp web and gtk client simultaneously .I marked one thing that when i made changes to “/etc/openerp-server.conf”as below, The gtk clients can only access the openerp server.

    netrpc=true
    netrpc_interface = 10.xxx.xxx.xxx
    netrpc_port = 8070

    xmlrpcs = true
    xmlrpcs_interface = 10.xxx.xxx.xxx
    xmlrpcs_port = 8071

    When i change my interface address to loop back address the web clients only can access but not the gtk clients

    I hope that is due to the port no i am assigning.So how can I fix it

    Kindly help me to fix it .as if I can access my openerp server through gtk and web clients
    I am awaiting your response

    Thanks again
    Regards
    Samarendra Jena

    • Alan Lord says:

      Hi Samarendra,

      There are three sets of protocol configurations in the openerp-server.conf file: NetRPC, XML-RPC and XML-RPCS.

      XML-RPC is really only required for webdav/CalDAV access,
      NetRPC is required for the webclient to connect to the server,
      XML-RPCS is for the GTK Client.

      If you follow the guide exactly you will be able to use web and GTK, both over ssl. The web client is proxied through apache and the GTK client connects to the XML-RPCS port directly on 8071 only.

      If you want to be able to accept to non-encrypted connections, perhaps from your local LAN, then you will need to edit the _interface field (or leave it blank) and use some kind of external filtering (like IPTables) to prevent remote access.

      This how to does work if you follow it exactly and allows simultaneous access from both web and GTK. We use it all the time.

  • Alan Cham says:

    Hi Alan,

    Thank you for your Tutorial, it work perfectly in office intranet.

    but i can’t connect from remote / Public internet, is it need setting for hosts.allow or hosts.deny, as i saw your tutorial that you installed denyhosts, and what port should i forwarded in MODEM ? ( i have fixed IP and openERP install in Ubuntu 10.04 LTS 32 bit), hope you can help me.

    Thank you very much.

    Best regards,
    alancham

  • Ted says:

    There are certain instances where links are going to https://127.0.0.1:8080 and I have not been able to find where I went wrong. An instance is clicking on Logout and it goes to that address. Any ideas on where I need to start looking to correct this?

  • Julien says:

    Hi,
    First of all, thank a lot! I followed step-by-step this 2 parts tuto and everything work except webdav access using gvfs (access using cadaver work). First of all, it appears that gvfs try to access to “/webdav” without the trailing “/”, so I remove it in the apache site file. But then, gvfs seems to access to / which leads to an error:

    Error mounting location: HTTP Error: See Other

    Then apache log is:
    – – [25/Jan/2012:14:08:29 +0100] “OPTIONS /webdav HTTP/1.1″ 401 1675 “-” “gvfs/1.6.1″
    – – [25/Jan/2012:14:08:35 +0100] “OPTIONS /webdav HTTP/1.1″ 200 1526 “-” “gvfs/1.6.1″
    – – [25/Jan/2012:14:08:35 +0100] “PROPFIND /webdav HTTP/1.1″ 207 586 “-” “gvfs/1.6.1″
    – – [25/Jan/2012:14:08:35 +0100] “OPTIONS / HTTP/1.1″ 303 810 “-” “gvfs/1.6.1″

    Does anyone manage to make gvfs mounting possible? I guest a possible solution is to make a separate site (different name still on 443 or other one) for webdav access…

    Julien.

    • Alan Lord says:

      Thanks Julien,

      I’ve not tried using gvfs so can’t help directly. Cadaver works and so does CalDAV calendar access from clients like Lightning in Thunderbird.

      Maybe someone else who knows about gvfs can help here. Do let us know how you get though please.

      • Julien says:

        After few researches (tcpdump…), it appears that there is an error in the generated webdav XML (an invalid namespace). My investigations lead me to suspect pywebdav (version 0.9.4). After a downgrading to version 0.9.3, I manage to mount the webdav directory using davfs2 support (using mount -t davfs). Still an issue with gvfs (a forbidden error now) but my assumption is that gvfs try to go to the parent directory (from /webdav to /) and thus go from the webdav redirection to the webclient redirection on the apache proxy.

        I guest a possible solution would be to change the site configuration file regarding to the client used (gvfs or davfs2). Or to have a different site for webdav redirection (but I think that gvfs doesn’t support SSL/SNI).

        best,
        Julien.

  • Julien says:

    About the report_designer issue, this one was really easy to patch:

    unzip the report_designer.zip
    edit the file package/OpenERPReport.py

    line 1405:
    self.gateway = None

    line 1412 add a elif:
    elif protocol == ‘https://':
    self.gateway = XMLRPCGateway(host, port, ‘https’)

    and line 1420:
    if self.gateway==None:
    return []

    Here is the “patch”:
    — OpenERPReport.py 2011-06-17 16:09:05.000000000 +0200
    +++ OpenERPReport_new.py 2012-02-04 16:17:56.019247233 +0100
    @@ -1402,7 +1402,7 @@
    def __init__(self,url):

    m = re.match(‘^(http[s]?://|socket://)([\w.\-]+):(\d{1,5})$’, url or ”)

    + self.gateway=None
    host = m.group(2)
    port = m.group(3)
    protocol = m.group(1)
    @@ -1410,11 +1410,15 @@
    return -1
    if protocol == ‘http://’ or protocol == ‘http://':
    self.gateway = XMLRPCGateway(host, port, ‘http’)
    + elif protocol == ‘https://':
    + self.gateway = XMLRPCGateway(host, port, ‘https’)
    elif protocol == ‘socket://':

    self.gateway = NETRPCGateway(host, port)

    def listdb(self):
    + if self.gateway==None:
    + return []
    return self.gateway.listdb()

    def login(self, db, user, password):

    Then, zip the package directory and install the extension.

    Enjoy,
    Julien.

  • Ingmar says:

    Hi Alan,

    I ran into the problem of my apache2 on Ubuntu 10.04 Server not wanting to serve or even open 443.
    In the end it turned out that I simply had to add port 443 to /etc/apache2/ports.conf.

    So, for the benefit of any others who might be stumped by this, this is my new ports.conf…

    NameVirtualHost *:80
    NameVirtualHost *:443
    Listen 80
    Listen 443

    Of course the :80 port directives are only needed if one either has another website on port 80 or if one wants to use the http rewrite feature you describe above.

    Enjoy,
    Ingmar

  • Alec Mouti says:

    Great stuff, Thanks a lot. My question is does this toturial work on openERP 7.0?

Leave a Reply

XHTML: You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>