akhdaniel/Installation Checklist: Odoo v10 + Ubuntu 16.04 +Nginx + Certbot SSL.md

## Installation Checklist: Odoo v10 + Ubuntu 16.04 +Nginx + Certbot SSL.md

      
    Raw
  

              Installation Checklist: Odoo v10 + Ubuntu 16.04 +Nginx + Certbot SSL.md
            
          
    Step 1 - Add the Odoo repository

wget -O - https://nightly.odoo.com/odoo.key | apt-key add -
echo "deb http://nightly.odoo.com/10.0/nightly/deb/ ./" >> /etc/apt/sources.list
apt-get update

Step 2 - Configure a Linux user for Odoo

sudo adduser --system --home=/opt/odoo --group odoo
mkdir -p /var/lib/odoo

Step 3 - Install and Configure PostgreSQL

sudo apt-get install postgresql
su - postgres
createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt odoo

Step 4 - Install dependencies needed

sudo apt-get install python-cups python-dateutil python-decorator python-docutils python-feedparser \
python-gdata python-geoip python-gevent python-imaging python-jinja2 python-ldap python-libxslt1 \
python-lxml python-mako python-mock python-openid python-passlib python-psutil python-psycopg2 \
python-pybabel python-pychart python-pydot python-pyparsing python-pypdf python-reportlab python-requests \
python-simplejson python-tz python-unicodecsv python-unittest2 python-vatnumber python-vobject \
python-werkzeug python-xlwt python-yaml wkhtmltopdf

Step 5 - Install Odoo

sudo apt-get install odoo
netstat -plntu

Make sure odoo instance is running on port 8069.
Check from URL http://odoo.mysite.co:8069.
Make sure that firewall is not blocking that port.
vim /etc/odoo/openerp-server.conf

Edit file content to:
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069

Step 6 - Install and Configure Nginx

sudo apt-get install nginx
cd /etc/nginx/sites-available/
vim odoo

Edit file content to:
##Odoo Backend##

upstream odooerp {
    server 127.0.0.1:8069;
    #server ip2:8069;
    #server ip3:8069;
}
upstream odooerp-im {
    server 127.0.0.1:8072 weight=1 fail_timeout=0;
    #server ip2:8072 weight=1 fail_timeout=0;
    #server ip3:8072 weight=1 fail_timeout=0;
}

##https site##
server {
    listen      443 default_server;
    server_name odoo.mysite.co;
    root        /usr/share/nginx/html;
    index       index.html index.htm;

    # log files
    access_log  /var/log/nginx/odoo.access.log;
    error_log   /var/log/nginx/odoo.error.log;

    # ssl files
    ssl on;
    ssl_ciphers                 ALL:!ADH:!MD5:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_certificate             /etc/nginx/ssl/odoo.crt;
    ssl_certificate_key         /etc/nginx/ssl/odoo.key;

    # proxy buffers
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    # timeouts
    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;
    
    ## odoo proxypass with https ##
    location / {
        proxy_pass  http://odooerp;
        # force timeouts if the backend dies
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        # set headers
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }
    
    location /longpolling/ {
        proxy_pass  http://odooerp-im;
        
        # force timeouts if the backend dies
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        
        # set headers
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }    


    # cache some static data in memory for 60mins
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odooerp;
    }
    # gzip    
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
    
}

##http redirects to https ##
server {
    listen      80;
    server_name odoo.mysite.co;

    # Strict Transport Security
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host$request_uri? permanent;
}

Change odoo.mysite.co to your actual domain name.
Create SSL folder:
mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl

Generate SSL Key:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/odoo.key -out /etc/nginx/ssl/odoo.crt
chmod 600 odoo.key

Enable Odoo config on nginx:
ln -s /etc/nginx/sites-available/odoo /etc/nginx/sites-enabled/odoo
nginx -t
systemctl restart nginx

Step 7 - Configure Odoo

Goto http://odoo.mysite.co
Manage database from user interface
Step 8 - Install SSL Certificate

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx 

sudo certbot --nginx


Step 9 - To Renew the Certificate

sudo certbot --nginx certonly

Done!
You can start Odoo from http://odoo.mysite.co and Nginx will automatically redirect to HTTPS port 443 with the valid SSL certificate!
Optional Step: For unsupported Operating System

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

sudo ./path/to/certbot-auto --nginx

To renew
$ sudo ./path/to/certbot-auto --nginx certonly

Automatic renew by CRON job
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

Need More Info?

Need Odoo customization, implementation, training, tuning performance service ?
Contact us: vitraining.com