My odoo16 community application is working fine without --x-sendfile flag. but when I enable it and setup nginx in that way, it is serving only attachments, not the static files. Even I have give read permission to all addons directories. when I check a static file in browser, it returns 403. My server is running on ubuntu 22
Can you please help me to solve this?
My odoo.conf file
[options]
admin_passwd = my_admin_passwd
db_host = False
db_port = False
db_user = odoo
db_password = False
addons_path = /opt/odoo/odoo/addons,/opt/odoo/addons,/opt/odoo/custom_addons
xmlrpc_port = 8069
logfile = /var/log/odoo/odoo.log
proxy_mode = True
workers = 4
max_cron_threads = 1
data_dir = /opt/odoo/.local/share/Odoo
My odoo.service for systemd
[Unit]
Description=Odoo
Requires=postgresql.service
After=network.target postgresql.service
[Service]
Type=simple
SyslogIdentifier=odoo
PermissionsStartOnly=true
User=odoo
Group=odoo
ExecStart=/opt/odoo/venv/bin/python3 /opt/odoo/odoo-bin -c /etc/odoo.conf --x-sendfile
StandardOutput=journal+console
[Install]
WantedBy=multi-user.target
File permissions for Nginx to read
Addons directory has this permission.
drwxr-x--- 466 odoo www-data 20480 Sep 3 18:58 addons
...
And all its child has these permissions:
drwxr-x--- 10 odoo www-data 4096 Sep 3 18:58 account_check_printing
drwxr-x--- 8 odoo www-data 4096 Sep 3 18:58 account_debit_note
....
....
My odoo nginx file
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name ;
# Redirect to HTTPS with www
return 301 $request_uri;
}
server {
listen 443 ssl;
server_name ;
return 301 $request_uri;
# SSL parameters
ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live//fullchain.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
# listen 80;
listen 443 ssl;
server_name ;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
client_max_body_size 10M;
# SSL parameters
ssl_certificate /etc/letsencrypt/live//fullchain.pem;# managed by Certbot
ssl_certificate_key /etc/letsencrypt/live//fullchain.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# log
access_log /var/log/nginx/;
error_log /var/log/nginx/;
# Redirect websocket requests to odoo gevent port
location /websocket {
proxy_pass http://odoochat;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
# Redirect requests to odoo backend server
location / {
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://odoo;
}
# copy-paste the content of the / location block
location @odoo {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://odoo;
}
# Serve Odoo static files directly
location ~ ^/[^/]+/static/.+$ {
root /opt/odoo; # Root directory for Odoo addons
try_files /odoo/addons$uri /addons$uri /custom_addons$uri @odoo;
expires 24h;
}
#serving attachment
location /web/filestore {
internal;
alias /opt/odoo/.local/share/Odoo/filestore;
}
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
