Configure Odoo with Nginx as a Reverse Proxy

June 22, 2019

By layla

Comments

Odoo is one the of hottest enterprise softwares on this planet and it’s filled with a number of helpful modules like buyer relationship administration (CRM), level of sale, challenge administration, stock administration, automated invoicing, accounting, e-commerce, stock administration and way more.

Odoo comes with a built-in internet server, however generally it is strongly recommended to have a reverse proxy in entrance of it which is able to act as an middleman between the purchasers and the Odoo server.

This information offers directions on tips on how to use Nginx as a SSL termination and reverse proxy to Odoo.

Conditions

Just remember to have met the next stipulations earlier than persevering with with this tutorial:

  • You will have Odoo put in, if not you could find the directions right here
  • You will have a site identify pointing to your Odoo set up. On this article we’ll use odoo.instance.com.
  • You will have Nginx put in, if not test this information.
  • You will have a SSL certificates put in in your area. You’ll be able to set up a free Let’s Encrypt SSL certificates by following this information.

Configure Nginx as a Reverse Proxy

Utilizing a reverse proxy provides you plenty of advantages resembling Load Balancing, SSL Termination, Caching, Compression, Serving Static Content material and extra.

On this instance we’ll configure SSL Termination, HTTP to HTTPS redirection, cache the static information and allow GZip compression.

Beneath is a pattern nginx configuration file (server block ) that you should utilize in your Odoo set up. All of the HTTP requests shall be redirected to HTTPS .

Open your textual content editor and create the next file:

$ sudo nano /and so forth/nginx/sites-enabled/odoo.instance.com
upstream odoo {
 server 127.0.0.1:8069;
}
upstream odoo-chat {
 server 127.0.0.1:8072;
}
server
server {
   pay attention 443 ssl http2;
   server_name odoo.instance.com;
   ssl_certificate /path/to/signed_cert_plus_intermediates;
   ssl_certificate_key /path/to/private_key;
   ssl_session_timeout 1d;
   ssl_session_cache shared:SSL:50m;
   ssl_session_tickets off;
   ssl_dhparam /path/to/dhparam.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
   ssl_prefer_server_ciphers on;
   add_header Strict-Transport-Safety max-age=15768000;
   ssl_stapling on;
   ssl_stapling_verify on;
   ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
   resolver 8.8.8.8 8.8.4.4;
   access_log /var/log/nginx/odoo.entry.log;
   error_log /var/log/nginx/odoo.error.log;
   proxy_read_timeout 720s;
   proxy_connect_timeout 720s;
   proxy_send_timeout 720s;
   proxy_set_header X-Forwarded-Host $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Actual-IP $remote_addr;
   location / {
     proxy_redirect off;
     proxy_pass http://odoo;
   }
   location /longpolling {
       proxy_pass http://odoo-chat;
   }
   location ~* /internet/static/ {
       proxy_cache_valid 200 90m;
       proxy_buffering    on;
       expires 864000;
       proxy_pass http://odoo;
  }
  # gzip
  gzip_types textual content/css textual content/much less textual content/plain textual content/xml software/xml software/json software/javascript;
  gzip on;
}

Don’t neglect to interchange odoo.instance.com together with your Odoo area and set the proper path for the SSL certificates information.

As soon as you’re executed save the file and restart the Nginx service with:

$ sudo systemctl restart nginx

Change the binding interface

This step is optionally available, however it’s a good safety observe.

By default, Odoo server listens to port 8069 on all interfaces. If you wish to disable direct entry to your Odoo occasion open the Odoo configuration file and add the next two strains on the finish of the file:

xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1

Save the configuration file and restart the Odoo server for the modifications to take impact:

$ systemctl restart odoo

Conclusion

On this tutorial you realized tips on how to configure Nginx as a Proxy to your Odoo software. You too can examine Tips on how to Setup Automated Odoo Backups

Satish Kumar

Satish Kumar

I am Satish Kumar, Founder of LinuxConcept. Linux and F.O.S.S enthusiast, love to work on open source platform and technologies.

Related Posts

How to Install Nginx on Ubuntu 21.04 Server

How to Install Nginx on Ubuntu 21.04 Server

Nginx is the most potent, open-source, and a high-performance Web server. It can work as a reverse proxy server also, nowadays, is used by most of the most significant websites on the internet. People pronounced “engine x” for Nginx; it is the hot choice for every...

How to Install Nginx Web Server on Debian 10 Linux

How to Install Nginx Web Server on Debian 10 Linux

Nginx is the most potent, open-source, and a high-performance Web server. It can work as a reverse proxy server also, nowadays, is used by most of the most significant websites on the internet. People pronounced “engine x” for Nginx; it is the hot choice for every...

How to Secure Nginx with Let’s Encrypt on Debian 10 Linux

How to Secure Nginx with Let’s Encrypt on Debian 10 Linux

Let’s Encrypt is developed by the Internet Security Research Group (ISRG). It is free and open an ssl certificate authority. The certificates, issued by Let’s Encrypt is trusted and suitable for almost all available browsers. In this guide, we will instruct in...

0 Comments

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

one + eight =

News & Updates

Join Our Newsletter