Configurer le proxy Nginx (avec certificat SSL) – Odoo
Configurer le proxy Nginx (avec certificat SSL) – Odoo
Si votre serveur a une adresse IP publique, vous pouvez créer un enregistrement DNS A pour que votre domaine pointe vers le serveur Odoo et demander gratuitement un certificat SSL
sudo yum -y install nginx
sudo systemctl enable –now nginx
sudo yum -y install epel-release
sudo yum -y install certbot python2-certbot-nginx
sudo systemctl stop nginx
export DOMAIN= »odoo.tab-cs.tech »
export EMAIL= »aghilas@tab-cs.tech »
sudo /usr/bin/certbot certonly –standalone -d ${DOMAIN} –preferred-challenges http –agree-tos -n -m ${EMAIL} –keep-until-expiring
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/odoo.tab-cs.tech/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/odoo.tab-cs.tech/privkey.pem
Your cert will expire on 2020-01-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
« certbot-auto renew »
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
$ sudo crontab -e 15 3 * * * /usr/bin/certbot renew –pre-hook « systemctl stop nginx » –post-hook « systemctl start nginx »
sudo vim /etc/nginx/conf.d/odoo.conf
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
# http to https redirection
server {
listen 80;
server_name odoo.tab-cs.tech;
return 301 https://odoo.tab-cs.tech$request_uri;
}
server {
listen 443 ssl;
server_name odoo.tab-cs.tech;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# SSL
ssl_certificate /etc/letsencrypt/live/odoo.tab-cs.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/odoo.tab-cs.tech/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/odoo.tab-cs.tech/chain.pem;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location / {
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip Compression
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
sudo systemctl restart nginx
