- Odoo 11 Development Cookbook(Second Edition)
- Holger Brunn Alexandre Fayolle
- 283字
- 2021-06-25 22:48:36
How to do it...
In order to access your instance using HTTPS via nginx, you need to follow these steps:
- As root, install the Let's Encrypt client, certbot:
# apt-get install certbot
- As root, request a certificate from Let's Encrypt (don't forget to change the email and the address of the server):
# certbot certonly --standalone -n --agree-tos\
-m youremail@example.com -d odoo.example.com
- As root, install nginx:
# apt-get install nginx
- As root, create a configuration file in /etc/nginx/sites-available/odoo-80:
server {
listen [::]:80 ipv6only=off;
server_name odoo.example.com;
access_log /var/log/nginx/odoo80.access.log combined;
error_log /var/log/nginx/odoo80.error.log;
location / {
rewrite ^/(.*) https://odoo.example.com:443/$1 permanent;
}
}
- Create a configuration file in /etc/nginx/sites-available/odoo-443:
server {
listen [::]:443 ipv6only=off;
server_name odoo.example.com;
ssl on;
ssl_certificate
/etc/letsencrypt/live/odoo.example.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/odoo.example.com/privkey.pem;
access_log /var/log/nginx/odoo443.access.log combined;
error_log /var/log/nginx/odoo443.error.log;
client_max_body_size 128M;
gzip on;
proxy_read_timeout 600s;
index index.html index.htm index.php;
add_header Strict-Transport-Security "max-age=31536000";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
location / {
proxy_pass http://localhost:8069;
proxy_read_timeout 6h;
proxy_connect_timeout 5s;
proxy_redirect http://$http_host/ https://$host:$server_port/;
add_header X-Static no;
proxy_buffer_size 64k;
proxy_buffering off;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_intercept_errors on;
}
location /longpolling/ {
proxy_pass http://localhost:8072;
}
location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_pass http://localhost:8069;
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
}
}
- As root, link the configuration file in /etc/nginx/sites-enabled/:
# ln -s /etc/nginx/sites-available/odoo80\
/etc/nginx/sites-enabled/odoo80 # ln -s /etc/nginx/sites-available/odoo443\
/etc/nginx/sites-enabled/odoo443
- As root, remove /etc/nginx/sites-enabled/default:
# rm /etc/nginx/sites-enabled/default
- As Odoo, edit the production configuration file of the instance to enable proxy_mode:
proxy_mode = True
- As root, restart your odoo instance and nginx:
# service odoo restart
# service nginx restart
- As root, create a cron file /etc/cron.d/letsencrypt to ensure that the certificate will get renewed with the following content:
11 5 * * * certbot renew