Help with Nginx proxy and Odoo - certificate renewal

Hi to all, this my first post here and my first attempt to renew a certificate after three months of usage…
Right now, Nginx is working as proxy, redirecting all traffic to https, and to port 8069 (it is the port that Odoo uses to load its ecommerce site)
I understand certbot needs to find .well-known folder, but I cannot find it anywhere (and lack knowledge on how to search for it)
Any help is greatly appreciated. Thanks to all the community.

My domain is: www.granel.uy

I ran this command: sudo certbot renew --dry-run

It produced this output:

Domain: granel.uy
Type: unauthorized
Detail: Invalid response from
https://granel.uy/en/.well-known/acme-challenge/savb0MB7EwIs0-moyE9r1jWSMpz1Xc3OzHsAJ7_I_O8
[179.27.98.87]: “\n \n \n \n
\n \n <html lang=“en-US” data-website-id=“1”
data-oe-company-name”

My web server is (include version): nginx/1.16.1

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: VPS server hosted in Uruguay.

I can login to a root shell on my machine: YES

I’m using a control panel to manage my site: NO, shell access.

The version of my client is: Certbot 1.0.0

I understand that the bot is not being able to find the .well-known folder… but I am not sure how to allow the access to this folder. Tried adding an “allow all” directive on Nginx config file but did not work (added all config files as a comment below)
Also I notice that all traffic is being directed from http to https, not sure if that is also a part of the problem. and don’t know how to avoid that for the “…well-known…” url.
All help is much much appreciated since the certificate expired today, and all traffic is now seeing a horrible message :frowning:

1 Like

Below is the nginx configuration:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

#Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

#Load modular configuration files from the /etc/nginx/conf.d directory.
#See http://nginx.org/en/docs/ngx_core_module.html#include
#for more information.
include /etc/nginx/conf.d/*.conf;

server {
    server_name  granel.uy
                 179.27.98.87
                 ;
    root         /usr/share/nginx/html;

     #Load configuration files for the default server block.
    #include /etc/nginx/default.d/*.conf;

    location ^~ /.well-known/acme-challenge/ {
      allow all;
    }

     location / {
    }

    include /etc/nginx/deault.d/*.conf;

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = www.granel.uy) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = granel.uy) {
    return 301 https://$host$request_uri;
} # managed by Certbot

    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  granel.uy
                 179.27.98.87
                 ;
return 404; # managed by Certbot

ssl_dhparam /etc/ssl/certs/dhparam.pem;

}}

1 Like

Below I am copying the rest of the configuration for nginx that is inherited: from ODOO. Sorry I am very new to this (nginx, letsencrypt and odoo)… so I may have made a lot of errors in these config files.

#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}

#http -> https
server {
listen 80;
server_name granel.uy;
rewrite ^(.*) https://$host$1 permanent;
}

server {
listen 443 ssl;
listen 80;
server_name granel.uy;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;

#Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

#SSL parameters
#ssl on;
ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’;
-DES-CBC3-SHA’;
ssl_prefer_server_ciphers on;

#log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;

#Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://granel.uy:8072;
}

#Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://granel.uy:8069;
}

#common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}

Thanks in advance,

1 Like

Ok, I was not able to solve this issue, but was able to install a new certificate (expired today).
The method I used was simply renewing the certificate using the --manual and the -dns as prefered method of validation (I only had to create a TXT record and wait).
After issuing that certificat, had another error, so I run certbot again, and it offered to reinstall it and it works.
Anyway I would like to understand what is wrong in my configuration to be able to allow a chron process to retrieve new certificate every time is needed.
Thanks to all in advance.

1 Like

There are multiuple service/name overlaps:
The “server_name granel.uy” appears in all of your server sections and they use the same ports (80 & 443).
This seems very buggy.
Please confirm that your nginx config is useable with:
nginx -t

If it fails that test, stop here and correct the problem(s).

If it passes the test, then post the complete output of:
nginx -T

NOTE: In order to see/read your post correctly please either use the Preformatted text option or preceed and follow the post with lines that only contian three back tics " ``` "

Like:

```
your
long
nginx
text
output
post
here
```

1 Like

Hi! rg305, thanks for your response! :pray: :raised_hands:
And sorry for my post with that horrible formatting.
Will try to answer your questions:

Yes, it works. But with a warning here goes response of -t command:

nginx: [warn] conflicting server name "granel.uy" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Ok, here goes the full response of -T command:

nginx: [warn] conflicting server name "granel.uy" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        server_name  granel.uy
		     179.27.98.87
		     ;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        #include /etc/nginx/default.d/*.conf;

	location ^~ /.well-known/acme-challenge/ {
	  allow all;
	  root var/lib/letsencrypt/;

	}
        
	error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    

   
   # listen [::]:443 ssl ipv6only=on; # managed by Certbot
   # listen 443 ssl; # managed by Certbot
   # ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem; # managed by Certbot
   # ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem; # managed by Certbot
   # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}


#    server {
#    if ($host = www.granel.uy) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot
#
#
#    if ($host = granel.uy) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot
#
#
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  granel.uy 
#		     179.27.98.87
#		     ;
#    return 404; # managed by Certbot
#}

    server {
    if ($host = www.granel.uy) {
        return 301 https://granel.uy$request_uri;
    } # managed by Certbot


    if ($host = granel.uy) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
   
    listen  	80 default_server;
    listen 	[::]:80 default_server;	
    #server_name www.granel.uy granel.uy; # managed by Certbot
    return 404; # managed by Certbot

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}



#    server {
#    if ($host = www.granel.uy) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot
#
#
#        listen       80 ;
#
#        listen       [::]:80 ;
#    server_name www.granel.uy;
#    return 404; # managed by Certbot
#
#
#}
}


# configuration file /usr/share/nginx/modules/mod-http-image-filter.conf:
load_module "/usr/lib64/nginx/modules/ngx_http_image_filter_module.so";

# configuration file /usr/share/nginx/modules/mod-http-perl.conf:
load_module "/usr/lib64/nginx/modules/ngx_http_perl_module.so";

# configuration file /usr/share/nginx/modules/mod-http-xslt-filter.conf:
load_module "/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so";

# configuration file /usr/share/nginx/modules/mod-mail.conf:
load_module "/usr/lib64/nginx/modules/ngx_mail_module.so";

# configuration file /usr/share/nginx/modules/mod-stream.conf:
load_module "/usr/lib64/nginx/modules/ngx_stream_module.so";

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/odoo.conf:
#odoo server
upstream odoo {
 server 127.0.0.1:8069;
}
upstream odoochat {
 server 127.0.0.1:8072;
}


# http -> https
server {
   listen 80;
   server_name granel.uy;
   rewrite ^(.*) https://$host$1 permanent;
}

server {
 listen 443 ssl;    
 server_name granel.uy;
 proxy_read_timeout 720s;
 proxy_connect_timeout 720s;
 proxy_send_timeout 720s;

 # Add Headers for odoo proxy mode
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;

 # SSL parameters
 # ssl on;
 ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem;
 ssl_session_timeout 30m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 ssl_prefer_server_ciphers on;

 # log
 access_log /var/log/nginx/odoo.access.log;
 error_log /var/log/nginx/odoo.error.log;

 # Redirect longpoll requests to odoo longpolling port
 location /longpolling {
 proxy_pass http://granel.uy:8072;
 }

 # Redirect requests to odoo backend server
 location / {
   proxy_redirect off;
   proxy_pass http://granel.uy:8069;
 }

 # common gzip
 gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
 gzip on;
}

# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";

Only edited a few commented lines, but left others that I had to commento in order to avoid a problem I had yesterday that was not able to load www.granel.uy becasue there were too many redirects (that was the browser message)

Thanks again for your help, and sorry if I am making newbie errors, but I am new with web server configurations, nginx, etc.
Thanks! :v: :raised_hands:

1 Like

That warning should not be ignored [and should be corrected].

From what I can see, you have four distinct server sections.
One uses both ports (80 and 443) and has no server_name - making it the default config for all unmatched requests:

    server {
    if ($host = www.granel.uy) {
        return 301 https://granel.uy$request_uri;
    } # managed by Certbot


    if ($host = granel.uy) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
   
    listen  	80 default_server;
    listen 	[::]:80 default_server;	
    return 404; # managed by Certbot

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Another uses port 80 and redirects requests to granel.uy to HTTPS:

# http -> https
server {
   listen 80;
   server_name granel.uy;
   rewrite ^(.*) https://$host$1 permanent;
}

Another uses port 443 services granel.uy [we’ll call this section the MAIN SITE]

server {
 listen 443 ssl;    
 server_name granel.uy;
 proxy_read_timeout 720s;
 proxy_connect_timeout 720s;
 proxy_send_timeout 720s;

 # Add Headers for odoo proxy mode
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;

 # SSL parameters
 # ssl on;
 ssl_certificate /etc/letsencrypt/live/granel.uy/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/granel.uy/privkey.pem;
 ssl_session_timeout 30m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 ssl_prefer_server_ciphers on;

 # log
 access_log /var/log/nginx/odoo.access.log;
 error_log /var/log/nginx/odoo.error.log;

 # Redirect longpoll requests to odoo longpolling port
 location /longpolling {
 proxy_pass http://granel.uy:8072;
 }

 # Redirect requests to odoo backend server
 location / {
   proxy_redirect off;
   proxy_pass http://granel.uy:8069;
 }

 # common gzip
 gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
 gzip on;
}

The last section does NOT specify a port and would have serviced granel.uy [does nothing at all]

    server {
        server_name  granel.uy
		     179.27.98.87
		     ;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        #include /etc/nginx/default.d/*.conf;

	location ^~ /.well-known/acme-challenge/ {
	  allow all;
	  root var/lib/letsencrypt/;

	}
        
	error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    
}
1 Like

The default site section and the main site section appear to be correct.
The port 80 redirect section also looks good.
I think the problem is in the last section; which, to me, is completely unnecessary and could/should be removed.

1 Like

Thank you so much! Will try fix it tonight.
I intended to achieve these:

  1. www to non-www
  2. http to https
  3. incoming 443 to odoo ports 8069 8072

Gracias thanks again!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.