From fa94dc9f10e2bca92d033624f52ffc969f0c1527 Mon Sep 17 00:00:00 2001
From: epierre3 <36232374+epierre3@users.noreply.github.com>
Date: Sun, 29 Dec 2019 16:21:24 +0100
Subject: [PATCH] Add files via upload

---
 ConfigDataNGNIX     | 59 +++++++++++++++++++++++++++++++++++++++++++++
 firewall_install.sh | 15 ++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 ConfigDataNGNIX
 create mode 100644 firewall_install.sh

diff --git a/ConfigDataNGNIX b/ConfigDataNGNIX
new file mode 100644
index 0000000..7f7a5e1
--- /dev/null
+++ b/ConfigDataNGNIX
@@ -0,0 +1,59 @@
+#odoo server
+upstream odoo {
+ server 127.0.0.1:8069;
+}
+upstream odoochat {
+ server 127.0.0.1:8072;
+}
+
+#secure transfer from HTTP to HTTPS
+add_header Strict-Transport-Security max-age=31536000;
+
+# http -> https
+server {
+   listen 80;
+   server_name {DOMAIN};
+   rewrite ^(.*) https://$host$1 permanent;
+}
+
+server {
+ listen 443;
+ server_name {DOMAIN};
+ proxy_read_timeout 720s;
+ proxy_connect_timeout 720s;
+ proxy_send_timeout 720s;
+
+ # Add Headers for odoo proxy mode
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+
+ # SSL parameters
+ ssl on;
+ ssl_certificate /etc/letsencrypt/live/{DOMAIN}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{DOMAIN}/privkey.pem;
+ ssl_session_timeout 30m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+ ssl_prefer_server_ciphers on;
+
+ # log
+ access_log /var/log/nginx/odoo.access.log;
+ error_log /var/log/nginx/odoo.error.log;
+
+ # Redirect longpoll requests to odoo longpolling port
+ location /longpolling {
+ proxy_pass http://odoochat;
+ }
+
+ # Redirect requests to odoo backend server
+ location / {
+   proxy_redirect off;
+   proxy_pass http://odoo;
+ }
+
+ # common gzip
+ gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
+ gzip on;
+}
diff --git a/firewall_install.sh b/firewall_install.sh
new file mode 100644
index 0000000..5169fbe
--- /dev/null
+++ b/firewall_install.sh
@@ -0,0 +1,15 @@
+#  set the defaults used by UFW
+sudo ufw reset
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+# Allowed protocols
+sudo ufw allow ssh
+sudo ufw allow http
+sudo ufw allow https
+
+# Enable Firewall
+sudo ufw enable
+
+#Check active protocols
+sudo ufw status