Currently using erpnext on my office server. The install was done using the script from the following site.
All working.
It installs a nginx web server on the same server as erpnext.
Does the nginx web server need to be on the same machine as erpnext server?
We have a nginx web server on another server. This nginx server is already facing the internet and other sites are on it. Can we use this nginx server instead of the nginx server with the erpnext? So there is only one nginx server to erpnext.
What is the best practice for the nginx server for production erpnext?
Yes, the default port for the Frappe web server is 8000.
(technically itâs only a âgunicornâ web server if youâre running in production mode.
but the kinds of web server doesnât matter much for this discussion)
To change the default port to something besides 8000, you edit your common_site_config.json file.
See the final key âwebserver_portâ in example below:
If you used the script you cited above, chances are that you have set up the erpnext+nginx as a separate hardware and using it âbare metalâ (but not necessarily so).
You didnât say if the erpnext+nginx server is also facing the internet or if it serves only to an internal LAN segment.
The difference can have security implications.
If you want to use an existing nginx server facing the internet as a frontend for erpnext, the first question Iâd ask is if you want (or need) to pass the traffic to and from erpnext mingled to the external traffic currently passing through your internet-facing existing nginx server (e.g. if you serve internal business units sitting at external places) or not.
With firewall and router rules in addition to adaptions of the nginx config you can probably achieve to have the traffic passing through one external-facing nginx server directed to the eprnext (then without nginx).
This changes the amount on the paths of traffic in your LAN, and it needs careful consideration of the security of the whole setup.
Iâd prefer to not run internal traffic through an external-facing webserver if not needed, but rather separate them as much as possible â if possible.
When talking about âserverâ you mean âa server in a kubernetes setupâ (more a virtual server than a dedicated hardware), then the whole picture will be different (and an existing kubernetes team would probably have little difficulties to integrate the whole setup), because the traffic flows can be handled and secured as needed, which is part of the whole kubernetes endeavor anyway.
ERPNext runs as a combo of different processes which work in conjunction and can be on one machine (virtual or not) or spread out over different servers. You can study this by examining the pwd and compose yaml files of
and there you can also find much more information (wiki of the repo) for different setups which can help you understand many more things and possibilities.
If you are more ambitious, you can also study how this works:
Thank you very much for a detailed reply. I do appreciate it very much.
This is good. I also noticed that there was not enough detailed information about my case. Here goes my attempt to reply.
Thank you for the link to the documentation. Will read it in detail.
You are correct. It is like a âbare metalâ installation, if I can use that word. Let me explain and please advice me.
This is an on-premise installation. What we have is a Debian 12 server with ânoâ services running. Then we have multiple KVM virtual machines running different things like email server(ispconfig), file sharing(nextcloud), openvpn.
Only the ispconfig(email server) is facing the internet. The nginx in ispconfig is like a proxy web server. ISPconfig proxys to nextcloud and any new servers like erpnext. Thatâs the plan anyway with erpnext.
I was thinking if I turn off the nginx on the erpnext server and get the ispconfig nginx to do all the web serving. Tried it but the static files are not serving. Got the python stuff to work. Next option would be to copy the files into ispconfig but that would be complicated when updating/upgrading. Looking like the nginx need to be turned on erpnext server. Need advice.
The erpnext with nginx done by the script is on kvm which is on the local network and not facing the internet directly.
I need to pass the traffic through the ispconfigâs nginx. Unfortunately there are two other locations. So internet needs to access erpnext. I was thinking of restricting access using ip restriction in nginx. Or even use zerotier.
This was what I was trying to achieve but failed. As mentioned in the paras above. Especially without using a second nginx. Please advice.
I am running a local dns in my router. So I can route the erpnext domain name to the local ip address. Hope that will settle that.
Woooow! I am no where near kubernetes. I do not have that much of knowledge.
This is just a simple setup. All on premise. Trying to keep it simple. At least not too complex.
Noted. Just trying to get the nginx out. Maybe it might not be worth it. Better just leave the nginx running on erpnext. That is what it looks like now. Please advice.
Note the recommendation you quoted is just a recommendation. Thereâs nothing wrong with installing Frappe Apps on bare metal servers. Iâve been doing that successfully for almost 8 years, across dozens of installations. Itâs fine. You just have to learn a bit more about the prerequisites and dependencies.
Phew! This is good news. I prefer bare metal installation for now. Or until I learn more about docker.
If you do not mind and if you have time, could you comment on the following post because I need advice on the points I have made. It would be really useful to hear your comments. @brian_pond
Yes, I believe itâs possible for ispconfig to be the main Nginx proxy. The challenge is for Nginx to serve static files, the files have to âexistâ wherever Nginx is located.
Option 1
Mount the remote ERPNext directory '..frappe-bench/sites' on the ispconfig device.
There are a bunch of ways to do this (NFS, SSHFS, etc.). But the idea is you want the ispconfig machine to treat those ERPNext files as if they were local. If you do that, then the try_files directive in the Nginx configuration will actually work. You may have to make some other edits in Nginx (for example, root /frappe-bench/sites; probably has to be changed in your location block, so itâs pointing at the mounted directory.)
But hopefully you get the idea. Once ispconfig can âseeâ those static files, and treat them like any other local directory + file? Then Nginx can successfully serve them.
Option 2
I âbelieveâ itâs possible for the main Nginx on ispconfig to have a location block for the static files that doesnât actually try serving themâŚ
âŚbut instead forwards that request to the other Nginx server on the ERPNext host.
So you end up with a round robin:
Web browser wants a static file.
ispconfig Nginx recognizes this, and forwards the request to ERPNext Nginx.
ERPNext Nginx fetches the file from disk, and returns it.
ispconfig Nginx gets the response (the file) and returns that to the browser.
Browser now has the file and does whatever itâs supposed to with it.
This would require a bit of Nginx editing on ispconfig. But I think itâs possible to make it just forward those static file requests to the other Nginx service on ERPNextâs host.