How to install OpenERP 6.0 on Ubuntu 10.04 LTS Server (Part 2 – SSL)
This article follows on (hopefully not unsurprisingly) from part 1.
In this post I’ll describe our current way of providing SSL encrypted access to a shiny new OpenERP server running on Ubuntu 10.04 LTS Server.
We’re using the Apache webserver to act as a proxy and do SSL termination for web client access and for WebDAV/CalDAV access. The GTK client will also be running over an encrypted XMLRPC link directly to the OpenERP Server. Apache is the most widely used webserver in the world and there is oodles of documentation about it so I do not plan to go into any great detail about the configuration choices. One document that is worth pointing out however is the information about how to configure and administer Apache specifically under Debian/Ubuntu. The way Apache is packaged and set up is quite different from most other Linux distributions. A very useful document can be found here /usr/share/doc/apache2.2-common/README.Debian.gz
on your server.
NB: For the purposes of this how to, we’ll be using self-signed certificates. A discussion of the pros and cons of this choice is beyond the scope of this article.
Step 1. Install Apache and required modules
On your server install apache2 by typing
sudo apt-get install apache2
Now we’ll tell apache that we want to use a few modules (mod_ssl, mod_proxy, mod_proxy_http, mod_headers and mod_rewrite [optional]) that are not enabled by default:
sudo a2enmod ssl proxy_http headers rewrite
Next, we need to generate a SSL certificate and key.
Step 2. Create your cert and key
I create the files in a temporary directory then move them to their final resting place once they have been built (the first cd
is just to make sure we are in our home directory to start with):
cd
mkdir temp
cd temp
Then we generate a new key, you will be asked to enter a passphrase and confirm:
openssl genrsa -des3 -out server.pkey 1024
We don’t really want to have to enter a passphrase every time the server starts up so we remove the passphrase by doing this:
openssl rsa -in server.pkey -out server.key
Next we need to create a signing request which will hold the data that will be visible in your final certificate:
openssl req -new -key server.key -out server.csr
This will generate a series of prompts like this: Enter the information as requested:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:The Client’s Company
And finally we self-sign our certificate.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
We only need two of the files in the working directory, the key and the certificate. But before we can use them they need to have their ownership and access rights altered:
sudo chown openerp:root server.crt server.key
sudo chmod 640 server.crt server.key
And then we put them in a sensible place:
sudo mkdir /etc/ssl/openerp
sudo chown openerp:root /etc/ssl/openerp
sudo chmod 710 /etc/ssl/openerp
sudo mv server.crt server.key /etc/ssl/openerp/
Now the key and certificate are safely stored away, we can tell Apache where they are:
Step 3. Create the Apache site configuration file
We create a new Virtual Host configuration file
sudo nano /etc/apache2/sites-available/openerp-ssl
with the following content:
SSLEngine on
SSLCertificateFile /etc/ssl/openerp/server.crt
SSLCertificateKeyFile /etc/ssl/openerp/server.keyProxyRequests Off
Order deny,allow
Allow from all
ProxyVia On
ProxyPass /webdav/ http://127.0.0.1:8069/webdav/
ProxyPassReverse /webdav/
Order Deny,Allow
Allow from all
Satisfy Any
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse /
RequestHeader set "X-Forwarded-Proto" "https"
# Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
Note there are two Proxy configurations. One for /webdav/
and one for /
. If you do not intend to use WebDAV or CalDAV then you can remove that section. But essentially, we are telling apache that WebDAV traffic needs to go to the XMLRPC port on the OpenERP server, and normal web traffic needs to go to the web client that is listening on port 8080. The order is also important. If /
came before /webdav/
then it wouldn’t work.
And then we can enable the new site configuration.
sudo a2ensite openerp-ssl
Optionally, you can use mod_rewrite to redirect any normal (non-encrypted) web browser traffic to the SSL port (443).
To do this, add the following lines (outside of the
config blocks) into the file /etc/apache2/sites-available/default
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
Step 4. Change the OpenERP server and web-client configuration files
The next step is to re-configure the OpenERP server and Web client so that the non-encrypted services are not accessible from the outside world.
In /etc/openerp-server.conf
the two non-encrypted services will only listen on localhost, i.e. not from external connections so in effect only traffic from Apache will be accepted. We also tell the XMLRPC-SSL service where to find the necessary key and certificate.
Make the following changes:
sudo nano /etc/openerp-server.conf
xmlrpc = True
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069netrpc = True
netrpc_interface = 127.0.0.1
netrpc_port = 8070xmlrpcs = True
xmlrpcs_interface =
xmlrpcs_port = 8071
secure_pkey_file = /etc/ssl/openerp/server.key
secure_cert_file = /etc/ssl/openerp/server.crt
If you want to have WebDAV/CalDAV access add the following at the bottom of the config file.
[webdav]
enable = True
vdir = webdav
Then in the web client config file /etc/openerp-web.conf make the following changes so that it also only accepts traffic from localhost:
sudo nano /etc/openerp-web.conf
# Some server parameters that you may want to tweak
server.socket_host = “127.0.0.1”# Set to True if you are deploying your App behind a proxy
# e.g. Apache using mod_proxy
tools.proxy.on = True# If your proxy does not add the X-Forwarded-Host header, set
# the following to the *public* host url.
tools.proxy.base = ‘https://your-ip-or-domain’# Set to false to disable CSRF checks
tools.csrf.on = False
That’s it.
Step 5. Try it out
Restart the services to load the new configurations
sudo service openerp-server restart
sudo service openerp-web restart
sudo service apache2 restart
You should not be able to connect to the web client on port 8080 and the GTK client should not connect on either the NetRPC (8070) or XMLRPC (8069) services. For the web access you just need to visit https://your-ip-or-domain and in the GTK client you will need to use port 8071 and choose the XMLRPC (Secure) protocol.
For CalDAV access the URL to a calendar will be something like this:
https://your-ip-or-domain/webdav/DB_NAME/calendars/users/USERNAME/c/CALENDAR_NAME
I hope that is helpful and obviously we’d love to hear comments and suggestions for improvements.
[…] How to install OpenERP 6 on Ubuntu 10.04 LTS Server (Part 2 – SSL) This entry was posted in Uncategorized. Bookmark the permalink. ← OpenERP, Kettle and TerminatOOOR LikeBe the first to like this post. […]
[…] Feed « I’ve started so I’ll finish How to install OpenERP 6 on Ubuntu 10.04 LTS Server (Part 2 – SSL) […]
Just to let you know, it’s not
sudo a2enmod ssl proxy_http headers mod_rewrite
It’s
sudo a2enmod ssl proxy_http headers rewrite
Good catch! Thanks. Post updated.
Probably the best How-to for installing OpenERP 6 on Ubuntu 10.04 LTS.
Lots of best-practices inplace.
@LM
Thanks very much.
Hi there! thank you for this tutorial!
One question: for some reason, while trying to get the directories through webdav, I get only a blank screen, once I input the username and pwd. Any idea?
regards, b
that would appear to be normal. Bit curious about that myself to be honest.
Webdav does seem a little strange to start with and I don’t think Firefox is really the best tool for the job.
I managed to work my way “into” the webdav tree by using the linux CLI tool called cadaver (on Ubuntu just sudo apt-get install cadaver).
You can then do stuff like:
$ cadaver https://SERVER_URL/webdav/
Which should then let you login and browse the available webdav tree, e.g.:
dav:/webdav/> ls
Listing collection `/webdav/': succeeded.
Coll: aeroo_testing 0 May 5 08:16
Coll: crmtest 0 May 5 08:16
Coll: discouttests 0 May 5 08:16
Coll: emailtest 0 May 5 08:16
Coll: smtptest 0 May 5 08:16
dav:/webdav/>
[…] The Open Sourcerer » How to install OpenERP 6 on Ubuntu 10.04 LTS Server (Part 2 – SSL) – […]
I’d like to do this with nginx.
after sudo service apache2 restart
Error:
Syntax error on line 7 of /etc/apache2/sites-enabled/openerp-ssl:
Invalid command ‘ProxyRequests’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.
…fail!
How can I solve? (ubuntu 11.04)
thank’s
Previously, after sudo a2enmod ssl proxy_http headers rewrite
an error has occurred: Module proxy_http does not existï¼
Does anyone know how to remove the OpenERP tweets widget from the web interface ?
Thanks.
On the menu go to:
Administration -> Customisation -> User Interface -> Widgets per user
And delete the entry for the Twitter widget.
That seems to work here. (I Suggest you try it on a dummy db first just to check everything else is still OK)
hello,
GTK client could not connect to server after used SSL. Web client working. Anyone can help?
[2011-07-20 16:42:36,293][?] ERROR:init:Server error in request from ('175.0.7.213', 52131):
Traceback (most recent call last):
File "/opt/openerp/server/bin/service/websrv_lib.py", line 528, in _handle_request2
self.process_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
self.finish_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/opt/openerp/server/bin/service/websrv_lib.py", line 246, in __init__
SocketServer.StreamRequestHandler.__init__(self,request,client_address,server)
File "/usr/lib/python2.6/SocketServer.py", line 614, in __init__
self.setup()
File "/opt/openerp/server/bin/service/websrv_lib.py", line 465, in setup
ssl_version=ssl.PROTOCOL_SSLv23)
File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python2.6/ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs)
SSLError: [Errno 336265218] _ssl.c:337: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Please check Launchpad (https://bugs.launchpad.net/openobject-server/+bug/682579/comments/6) – This is almost certainly due to a misconfiguration either in the certificate or the openerp-server.conf file.
GTK client could not connect to server after used SSL <- had also this error.
There is line in "openerp-server.conf" (the file you currently are using) that says:
;secure_pkey_file = /etc/ssl/openerp/server.pkey
Changed that to:
secure_pkey_file = /etc/ssl/openerp/server.pkey
Didn't work, but after reading carefully many times through the file noticed that it should be:
secure_pkey_file = /etc/ssl/openerp/server.key
like your great tutorial says there shouldnt de the "p" in .pkey. But in the file you have there is the p, and when not reading carefully the p stays there…
Many thanks for that – I have changed the original
openerp-server.conf
file so that the line now reads:Thanks again.
Just wanted to say thanks. I tried getting this exact setup up and running before I found your guide and I am much happier with the new setup after starting over with your advice.
Thanks for dropping by and saying thanks Steve. It’s very appreciated.
PS: If you have any improvements or other suggestions please do feel free to make them.
Thank you very much for such a clear guide. Thanks
Thanks Duncan.
I appreciate that you took the time to comment.
I just want to say thanks for saving me a lot of time…
The installation howto on the official could be updated by your post…
great job,
regards, Vladimir
Thanks Vladimir.
It’s appreciated that you took the time to comment.
Thanks a bunch for your guide, worked great on Debian Squeeze.
One small detail still eludes me: on logout from the web interface, I get directed to http://127.0.0.1:8080/
Any hints ?
Thanks again
Hi again, i’ve modified the vhost config file, deleted the lines and added http://127.0.0.1:8080/ to the ProxyPassReverse and it worked.
🙂
Great, glad you sorted it. That’s what I suspected…
Thanks.
Could you be more specific of what you done to fix this problem?
hi , i got same problem i just added http://127.0.0.1:8080/ to the ProxyPassReverse and removed the slash on the vhost config file like that:
ProxyPassReverse http://127.0.0.1:8080/
Check your openerp-web.conf (especially tools.csrf.on = False )
Thanks for the reply.
I’m not sure what is causing your issues described in this thread. For us we do not see this issue when the files are configured as in the post.
welcome 🙂
i’m not sure too , at first i’m the page of openerp but when click on databases it goes to 127.0.0.1 instead of the server ip so i did try this and it’s working great !
thanks
hi alan don’t confirm this comment i’d just like to have contact with if you don’t mind …
my mail bnz@email.com
thank you
Hello Alan,
Thanks a lot for this very clear how to. The official documentation could be greatly improved with your work!
One question though (that may seem silly): what should I do with the files server.csr and server.pkey that are still in the temp directory? Just delete them? I’m afraid let them where they are may cause security issues…
Thanks in advance,
Thomas
Hi Thomas.
That’s a good question! I really have no idea to be honest. I just delete them but perhaps someone who understands certificates better than I could comment?
Great! I Just want to Thank you 🙂
There will be other parts? 😀
Possibly yes 😉
Thanks for dropping by.
someones steal this tut :(((((
http://www.howtoforge.com/how-to-install-openerp-6-on-ubuntu-10.04-lts-server
Not stole, reproduced… They have attributed it at the top of article, and my content on this blog is licensed under the this Creative Commons license so others can share and re-use.
It’s no problem as long as it’s attributed properly and they respect the license.
Hello Alan
You done such a great job. I have a question which concern remote access to the webdav server from an xp client, that using web. Whenever i want to open a folder here is “http://127.0.0.1:8069/webdav/dms/principals” am directed to thus i would really appreciate if i can this issue solve.
Thanks in advance
Thanks for the compliment.
I’m not sure I completely understand but for webdav access if you’ve followed this article completely webdav access will be via apache and over https. (I can’t talk about XP as I do not use it and have no idea how it handles webdav).
From a webdav client (Cadaver) on my Ubuntu computer I can access our OpenERP server. See this link.
Hi, first of all thanks for the how to, is very good!
I just like ask a clarification, after the installation of the Part 2 – SSL, is possible to reach the OpenERP by https://my-ip , but when I like from the main page open the page where I can create a new db, don’t work. Can I ask if others have the same problem and how can be solved? Thanks Simone
Hi Simone,
Are there any error messages on the screen or in the log files? If you can paste them somewhere and provide a link I’m sure we can help you fix the problem.
PS: There’s usually several people in #openobject on freenode IRC who will also probably be able to help.
Hi Alan,
thanks for your help.
I checked on the log and seems no error. On the screen the message is just unable to connect.
The strange is when I surf with Firefox and I am on the login page of the Openerp with url https://192.x.x.x, after click on the “databases” button, on the url display http://127.0.0.1:8080/openerp/database/create, and the error is “unable to connect”.
If I surf with Explorer and from the login page I click on the “databases” button, on the url display https://192.x.x.x/openerp/database, and the error is “cannot display the webpage”
In both of the case if manually I change the url with: https://192.x.x.x/openerp/database/create.
I can have access to the page.
Any thought?
Thanks
Simone
Sounds like a redirection issue. Check very carefully your openerp-web.conf (especially the tools.proxy.base and tools.csrf.on = False rule) and the configuration of the apache virtual host file.
Hi Alan, thanks for your support, you was right, now is solved and is working fine
Regards
Simone
Hello Alan,
After following each and every step for implementing SSL from your Tutorial I was able to access openerp, the point is that while I was configuring the files I replaced every ‘your-ip-or-domain’ for ‘127.0.0.1’ since I really do not know whether to use any random IP or to use my ISP IP fetched from http://www.whatismyip.com or any other website like this, so I thought “I couldn’t be that easy” and unfortunately I was right since I checked from my Host Vista OS (openerp is running on virtualbox) invoking the URL http://127.0.0.1:8080/ and IE loaded an openerp instance in spanish version while mine was setup in English so I infered that this openerp instance was not my own one, even more I tried to connect remotely from other laptops and they even do not loaded any openerp instance from this URL (ending in connection error).
So Alan, is there any suggestion for the scenario I described above?
Regards
127.0.0.1 is always the local machine’s IP address. It is probably not be the one you need to use for remote access.
Thanks for the great tute Alan. You hit the right balance between easy to follow and enough technical info to understand what was going on. Openerp’s official docs are sketchy at best and your walkthrough really helped 🙂
Thanks for commenting Nathan. I’m glad it helped you out.
First of all thnx for clear and functional howto…it works perfect..
I am trying to use openerp report designer for open office and it does not work…
I was thinking does any of the changes in default install (without SSL) can be possible cause why the report designer does not work?
I installed base report designer and installed extension on open office 3.3 and the plugin is not responding to anything…
anyone else having trouble getting report designer to work?
thnx, bye
Hi,
I can confirm that with applying changes (Part 2 – SSL) of this howto messes with report designer module and does not allow modification of the report (quotation, invoice, etc.) through open office plugin for openerp.
I removed changes of the Part 2 – SSL howto and I can connect and modify reports with open office.
I suppose the plugin does not support ssl and tries connection over http.
Would be nice to see how can this work with SSL.
regards, Vladimir
You are correct.
This is bug which is in the OpenERP Report Designer and the Thunderbird extension. Neither work over https unfortunately. There are bugs reports on Launchpad.
For reporting however, I would recommend trying the excellent Aeroo Report system. It is much easier to use once set up and is very flexible; and it does work when OpenERP is only available via https.
Hi,
Could you please provide more detailed information about installing the aeroo reports I’ve found some information in developer website is unclear and difficult to understand, maybe you can share your knowledge? google does not help in this situation (I’ve followed all links in results page).
Thanks!
I meet an error: here is my /var/log/apache2/error.log:
[error] (111) Connection refused: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[error] ap_proxy_connect_backend disabling worker for (127.0.0.1)
[error] proxy: HTTP: disabled connection for (127.0.0.1)
Can you help me please ?
thank you
Fabian
At the end of part one I tested the web client and I got to the logon page, but after doing the steps in part two I’m unable to access the web client on https://ip-address:8080. I’m not an Ubuntu expert (closet newb, I guess) and I’ve gone over all of the steps in part two, but I still can’t find what I did wrong. I’m lost on where to start debugging the issue.
Thanks for the great tutorial, this is way better than the OpenERP supplied one.
Hi Ted and thanks.
It should work fine – just remove the :8080 from the end of your URL. Apache is listening on port 443 (which is the default port when using http over SSL, e.g. https)
So just point your browser to:
https://ip-address
and that should work fine.
Hi Alan Lord,
Thanh for your how to.
After finish part 2 reverse proxy just working on LAN only, I had created a sub domain for OpenERP user connect when onthego but It’s doesn’t work, when I browse from internet it doesn’t proxy pass to 12.0.0.1:8080. If I remove sub domain It’s redirect to default page of Apache “It’s work!” I check log but nothing about it.
I using Zentyal 2.2 it’s had already reverse proxy by defaul.
How can I pass thru?
Regards.
Lam
Hi Alan,
you did a great job. Thanks a lot. Everything is working good, even if I tried it with 6.03 and Ubuntu 11.10 server. Just one thing… I cannot connect remotly with my GTK client. No problem for my web client, and even the GTK client on the server. My PfSense firewall is set to open for 8069 to 8071 ports. But I tried all of them and nothing works from outside… Any idea ?
Thanks a lot
Sorry, that was just a misconfiguration in PfSense… it kept saying Lan instead of Wan.
Thanks a lot !
OMG!!! Hey buddy thanks for this how to, it worked great so i am really very thank full with you
Hi Alan,
Thanks for the post! It has been really helpful. I’m finding that after installing the access through SSL RPC-Secure access it is no longer possible to access using the alternative methods. Is there any way to enable this?
That would help in, for example, accessing from the home network to OpenERP using XML-RPC or NET-RPC fast, and when I’m out of home, access to OpenERP through the slower XML-RPC secure access.
At this moment the access message is “Cannot connect to server”.
Many thanks!!!
Regards,
Jordi Ballester Alomar.
Thanks Jordi,
I think that should be quite easy to sort out.
See step 4.
and just revert the
{net,xml}rpc_interface = 127.0.0.1
to their prior settings as in part 1.
I’d block access to those unencrypted ports from outside your network though.
Hello Alan,
Thanks for your reply. I did this change, but to my surprise the web client access does strange things (the GTK works fine). I have reported the following bug to OpenERP: https://bugs.launchpad.net/openobject-client-web/+bug/915182
Hmmm,
I doubt this a bug with OpenERP. The Web client works fine either via port 8080 or via SSL.
I suspect this is more likely to be a problem with your Apache configuration but it isn’t a setup I have tried myself.
Hi Alan
Thanks a lot for this tutorial.I followed this and everything is working properly,but there is a little bit problem i am facing that I can’t access openerp web and gtk client simultaneously .I marked one thing that when i made changes to “/etc/openerp-server.conf”as below, The gtk clients can only access the openerp server.
netrpc=true
netrpc_interface = 10.xxx.xxx.xxx
netrpc_port = 8070
xmlrpcs = true
xmlrpcs_interface = 10.xxx.xxx.xxx
xmlrpcs_port = 8071
When i change my interface address to loop back address the web clients only can access but not the gtk clients
I hope that is due to the port no i am assigning.So how can I fix it
Kindly help me to fix it .as if I can access my openerp server through gtk and web clients
I am awaiting your response
Thanks again
Regards
Samarendra Jena
Hi Samarendra,
There are three sets of protocol configurations in the openerp-server.conf file: NetRPC, XML-RPC and XML-RPCS.
XML-RPC is really only required for webdav/CalDAV access,
NetRPC is required for the webclient to connect to the server,
XML-RPCS is for the GTK Client.
If you follow the guide exactly you will be able to use web and GTK, both over ssl. The web client is proxied through apache and the GTK client connects to the XML-RPCS port directly on 8071 only.
If you want to be able to accept to non-encrypted connections, perhaps from your local LAN, then you will need to edit the _interface field (or leave it blank) and use some kind of external filtering (like IPTables) to prevent remote access.
This how to does work if you follow it exactly and allows simultaneous access from both web and GTK. We use it all the time.
Hi Alan,
Thank you for your Tutorial, it work perfectly in office intranet.
but i can’t connect from remote / Public internet, is it need setting for hosts.allow or hosts.deny, as i saw your tutorial that you installed denyhosts, and what port should i forwarded in MODEM ? ( i have fixed IP and openERP install in Ubuntu 10.04 LTS 32 bit), hope you can help me.
Thank you very much.
Best regards,
alancham
There are certain instances where links are going to https://127.0.0.1:8080 and I have not been able to find where I went wrong. An instance is clicking on Logout and it goes to that address. Any ideas on where I need to start looking to correct this?
Hi,
First of all, thank a lot! I followed step-by-step this 2 parts tuto and everything work except webdav access using gvfs (access using cadaver work). First of all, it appears that gvfs try to access to “/webdav” without the trailing “/”, so I remove it in the apache site file. But then, gvfs seems to access to / which leads to an error:
Error mounting location: HTTP Error: See Other
Then apache log is:
– – [25/Jan/2012:14:08:29 +0100] “OPTIONS /webdav HTTP/1.1” 401 1675 “-” “gvfs/1.6.1”
– – [25/Jan/2012:14:08:35 +0100] “OPTIONS /webdav HTTP/1.1” 200 1526 “-” “gvfs/1.6.1”
– – [25/Jan/2012:14:08:35 +0100] “PROPFIND /webdav HTTP/1.1” 207 586 “-” “gvfs/1.6.1”
– – [25/Jan/2012:14:08:35 +0100] “OPTIONS / HTTP/1.1” 303 810 “-” “gvfs/1.6.1”
Does anyone manage to make gvfs mounting possible? I guest a possible solution is to make a separate site (different name still on 443 or other one) for webdav access…
Julien.
Thanks Julien,
I’ve not tried using gvfs so can’t help directly. Cadaver works and so does CalDAV calendar access from clients like Lightning in Thunderbird.
Maybe someone else who knows about gvfs can help here. Do let us know how you get though please.
After few researches (tcpdump…), it appears that there is an error in the generated webdav XML (an invalid namespace). My investigations lead me to suspect pywebdav (version 0.9.4). After a downgrading to version 0.9.3, I manage to mount the webdav directory using davfs2 support (using mount -t davfs). Still an issue with gvfs (a forbidden error now) but my assumption is that gvfs try to go to the parent directory (from /webdav to /) and thus go from the webdav redirection to the webclient redirection on the apache proxy.
I guest a possible solution would be to change the site configuration file regarding to the client used (gvfs or davfs2). Or to have a different site for webdav redirection (but I think that gvfs doesn’t support SSL/SNI).
best,
Julien.
Interesting – That sounds like it would be worth raising a bug report on Launchpad for the openerp project.
About the report_designer issue, this one was really easy to patch:
unzip the report_designer.zip
edit the file package/OpenERPReport.py
line 1405:
self.gateway = None
line 1412 add a elif:
elif protocol == ‘https://’:
self.gateway = XMLRPCGateway(host, port, ‘https’)
and line 1420:
if self.gateway==None:
return []
Here is the “patch”:
— OpenERPReport.py 2011-06-17 16:09:05.000000000 +0200
+++ OpenERPReport_new.py 2012-02-04 16:17:56.019247233 +0100
@@ -1402,7 +1402,7 @@
def __init__(self,url):
m = re.match(‘^(http[s]?://|socket://)([\w.\-]+):(\d{1,5})$’, url or ”)
–
+ self.gateway=None
host = m.group(2)
port = m.group(3)
protocol = m.group(1)
@@ -1410,11 +1410,15 @@
return -1
if protocol == ‘http://’ or protocol == ‘http://’:
self.gateway = XMLRPCGateway(host, port, ‘http’)
+ elif protocol == ‘https://’:
+ self.gateway = XMLRPCGateway(host, port, ‘https’)
elif protocol == ‘socket://’:
self.gateway = NETRPCGateway(host, port)
def listdb(self):
+ if self.gateway==None:
+ return []
return self.gateway.listdb()
def login(self, db, user, password):
Then, zip the package directory and install the extension.
Enjoy,
Julien.
Hi Alan,
I ran into the problem of my apache2 on Ubuntu 10.04 Server not wanting to serve or even open 443.
In the end it turned out that I simply had to add port 443 to /etc/apache2/ports.conf.
So, for the benefit of any others who might be stumped by this, this is my new ports.conf…
NameVirtualHost *:80
NameVirtualHost *:443
Listen 80
Listen 443
Of course the :80 port directives are only needed if one either has another website on port 80 or if one wants to use the http rewrite feature you describe above.
Enjoy,
Ingmar
Great stuff, Thanks a lot. My question is does this toturial work on openERP 7.0?
Thanks, but why not try the one I wrote for 7 instead? 😉
http://www.theopensourcerer.com/2012/12/how-to-install-openerp-7-0-on-ubuntu-12-04-lts/
Ah sorry, just realised you were looking at the reverse proxy post.
I did one for 6.1 using Nginx which should be fairly similar to what is needed for 7.
The web client architecture changed completely between 6.0 and 6.1 so it’s doubtful that this one will be very useful for 7.0. You would need to change a fair bit I think.