Odoo 11 Development Cookbook(Second Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

How to do it...

In order to access your instance using HTTPS via nginx, you need to follow these steps:

  1. As root, install the Let's Encrypt client, certbot:
# apt-get install certbot
  1. As root, request a certificate from Let's Encrypt (don't forget to change the email and the address of the server):
# certbot certonly --standalone -n --agree-tos\
 -m youremail@example.com -d odoo.example.com
  1. As root, install nginx:
    # apt-get install nginx
  1. As root, create a configuration file in /etc/nginx/sites-available/odoo-80:
    server {
      listen [::]:80 ipv6only=off;
      server_name odoo.example.com;
      access_log /var/log/nginx/odoo80.access.log combined;
      error_log /var/log/nginx/odoo80.error.log;
      location / {
        rewrite ^/(.*) https://odoo.example.com:443/$1 permanent;
      }
    }
  1. Create a configuration file in /etc/nginx/sites-available/odoo-443:
    server {
      listen [::]:443 ipv6only=off;
      server_name odoo.example.com;
      ssl on;
      ssl_certificate 
      /etc/letsencrypt/live/odoo.example.com/fullchain.pem;
      ssl_certificate_key 
      /etc/letsencrypt/live/odoo.example.com/privkey.pem;
      access_log /var/log/nginx/odoo443.access.log combined;
      error_log /var/log/nginx/odoo443.error.log;
      client_max_body_size 128M;
      gzip on;
      proxy_read_timeout 600s;
      index index.html index.htm index.php;
    
      add_header Strict-Transport-Security "max-age=31536000";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Host $http_host;
    
      location / {
        proxy_pass http://localhost:8069;
        proxy_read_timeout 6h;
        proxy_connect_timeout 5s;
        proxy_redirect http://$http_host/ https://$host:$server_port/;
        add_header X-Static no;
        proxy_buffer_size 64k;
        proxy_buffering off;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 64k;
        proxy_intercept_errors on;
      }
    
      location /longpolling/ {
        proxy_pass http://localhost:8072;
      }
    
      location ~ /[a-zA-Z0-9_-]*/static/ {
        proxy_pass http://localhost:8069;
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
      }
    }
  1. As root, link the configuration file in /etc/nginx/sites-enabled/:
    # ln -s /etc/nginx/sites-available/odoo80\
      /etc/nginx/sites-enabled/odoo80
    # ln -s /etc/nginx/sites-available/odoo443\
      /etc/nginx/sites-enabled/odoo443
  1. As root, remove /etc/nginx/sites-enabled/default:
    # rm /etc/nginx/sites-enabled/default
  1. As Odoo, edit the production configuration file of the instance to enable proxy_mode:
    proxy_mode = True
  1. As root, restart your odoo instance and nginx:
    # service odoo restart
    # service nginx restart
  1. As root, create a cron file  /etc/cron.d/letsencrypt to ensure that the certificate will get renewed with the following content:
11 5 * * * certbot renew
上一章目录下一章