Install odoo 15 on ubuntu 18 / 20 with nginx and auto renewing ssl


 Install odoo 15 in ubuntu 18/20 LTS with secure domain name

 

Explore the seamless journey of installing Odoo 15 on Ubuntu 18/20 LTS while securing it with a custom domain and auto-renewing Let's Encrypt SSL through Nginx. Elevate your Odoo experience with a step-by-step guide that covers everything from setting up SSH access, enhancing server security with Fail2ban, to configuring a robust Nginx web server.  

 

## ssh into the server with root privileges or some user having sudo 

ssh username@IP

##update the system 

sudo apt-get update && sudo apt-get upgrade 

##Fail2ban is an tool used to improve server security from cyber attacks

sudo apt-get install openssh-server fail2ban -y

##Install the required python packages,libraries and web dependencies for Odoo

sudo apt-get install -y python3-pip -y

sudo apt-get install python-dev python3-dev libxml2-dev libxslt1-dev zlib1g-dev libsasl2-dev libldap2-dev build-essential libssl-dev libffi-dev libmysqlclient-dev libjpeg-dev libpq-dev libjpeg8-dev liblcms2-dev libblas-dev libatlas-base-dev pgcli -y

sudo apt-get install -y npm

sudo ln -s /usr/bin/nodejs /usr/bin/node

sudo npm install -g less less-plugin-clean-css

sudo apt-get install -y node-less

## Install and setup database server for Odoo odoo uses PostgreSQL.

sudo apt-get install postgresql -y

##Create a user to handle odoo (note the password , we need to give the password on odoo conf file later)

sudo su - postgres

createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt odoo

psql

ALTER USER odoo WITH SUPERUSER;

\q

exit

##create a system user Odoo and limit all the directory ownership to this user for security purposes.

sudo adduser --system --home=/opt/odoo --group odoo

## clone odoo source from github repository for community. If you are using enterprise,clones the community addons too. 

sudo apt-get install git -y

sudo su - odoo -s /bin/bash

git clone https://www.github.com/odoo/odoo --depth 1 --branch 15.0 --single-branch .

exit

## need to install required python packages for the odoo version. packages and versions are mentioned in the requirement.txt file.

sudo pip3 install -r /opt/odoo/requirements.txt

sudo wget https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox_0.12.5-1.bionic_amd64.deb

sudo dpkg -i wkhtmltox_0.12.5-1.bionic_amd64.deb

sudo apt install -f

## copy odoo.conf file to /etc directory and edit as required

sudo cp /opt/odoo/debian/odoo.conf /etc/odoo.conf

sudo nano /etc/odoo.conf

[options]

admin_passwd = admin

#This is the password that allows database operations, give a complicated one 

db_host = False

db_port = False

#if you are using default port, false it’ll take 5432

db_user = odoo

db_password = 

#password of odoo user which we gave while user odoo creation.

addons_path = /opt/odoo/addons

logfile = /var/log/odoo/odoo.log

#log file location

http_port = 8069

#default port to load odoo in the web interface

dbfilter =

##helps to filter database

longpolling_port = 8072

workers = 0 

#worker should be greater than 0 if you want to use the chat option.

proxy_mode = False

#proxy_mode = True if you want to use nginx proxy to map domain

#xmlrpc_interface = 127.0.0.1

#netrpc_interface = 127.0.0.1

#these 2 entries for the security purpose. enable this only after completion of the project. It’ll disable the direct access


## change ownership to odoo user 

sudo chown odoo: /etc/odoo.conf

sudo chmod 640 /etc/odoo.conf

sudo mkdir /var/log/odoo

sudo chown odoo:root /var/log/odoo

##create odoo service in /etc/systemd/system

sudo nano /etc/systemd/system/odoo.service


[Unit]

   Description=Odoo

   Documentation=http://www.odoo.com

   [Service]

   # Ubuntu/Debian convention:

   Type=simple

   User=odoo

   ExecStart=/opt/odoo/odoo-bin -c /etc/odoo.conf

   [Install]

   WantedBy=default.target


sudo chmod 755 /etc/systemd/system/odoo.service

sudo chown root: /etc/systemd/system/odoo.service


##start odoo 

sudo systemctl start odoo.service

sudo systemctl enable odoo.service

sudo systemctl status odoo.service

##access odoo in the web using “http://<your_domain_or_IP_address>:8069”

Install nginx and map domain 

##Install nginx

sudo apt-get install nginx

sudo systemctl status nginx

##Configuring firewall

sudo ufw allow 'Nginx Full'

sudo ufw status

##verify the nginx installation by accessing http:// your ip , it will show nginx default welcome page

##Secure Nginx with Let's Encrypt

sudo apt install certbot

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

sudo mkdir -p /var/lib/letsencrypt/.well-known

sudo chgrp www-data /var/lib/letsencrypt

sudo chmod g+s /var/lib/letsencrypt


sudo nano /etc/nginx/snippets/letsencrypt.conf


location ^~ /.well-known/acme-challenge/ {

  allow all;

  root /var/lib/letsencrypt/;

  default_type "text/plain";

  try_files $uri =404;

}


sudo nano /etc/nginx/snippets/ssl.conf


ssl_dhparam /etc/ssl/certs/dhparam.pem;


ssl_session_timeout 1d;

ssl_session_cache shared:SSL:10m;

ssl_session_tickets off;


ssl_protocols TLSv1.2 TLSv1.3;

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

ssl_prefer_server_ciphers on;


ssl_stapling on;

ssl_stapling_verify on;

resolver 8.8.8.8 8.8.4.4 valid=300s;

resolver_timeout 30s;


add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;


sudo nano /etc/nginx/sites-available/example.com.conf

server {

  listen 80;

  server_name example.com www.example.com;

  include snippets/letsencrypt.conf;

}


sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/

sudo systemctl restart nginx


sudo certbot certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com


sudo nano /etc/nginx/sites-available/example.com.conf


server {

    listen 80;

    server_name www.example.com example.com;

    include snippets/letsencrypt.conf;

    return 301 https://$host$request_uri;

}


server {

    listen 443 ssl http2;

    server_name www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

    include snippets/ssl.conf;

    include snippets/letsencrypt.conf;

    return 301 https://example.com$request_uri;

}


server {

    listen 443 ssl http2;

    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

    include snippets/ssl.conf;

    include snippets/letsencrypt.conf;

    # . . . other code

}


sudo systemctl reload nginx

## To verify that the SSL certificate is successfully installed, open your website using https://, and you’ll notice a green lock icon.

##Let’s Encrypt certificates are valid for 90 days. The certbot package creates a cronjob and a systemd timer. The timer will automatically renew the certificates 30 days before its expiration. ( verify entry in the /etc/cron.d/certbot )


sudo nano /etc/letsencrypt/cli.ini

deploy-hook = systemctl reload nginx


#test the renewal process

sudo certbot renew --dry-run


## add the domain server block, following configuration will redirect http to https


sudo nano /etc/nginx/sites-enabled/example.com.conf


# Odoo server

upstream odoo {

 server 127.0.0.1:8069;

}


upstream odoochat {

 server 127.0.0.1:8072;

}


# HTTP to HTTPS

server {

    listen 80;

    server_name www.example.com example.com;


    include snippets/letsencrypt.conf;

    return 301 https://example.com$request_uri;

}


# WWW to NON WWW

server {

    listen 443 ssl http2;

    server_name www.example.com;


    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

    include snippets/ssl.conf;

    include snippets/letsencrypt.conf;


    return 301 https://example.com$request_uri;

}


server {

    listen 443 ssl http2;

    server_name example.com;


    proxy_read_timeout 720s;

    proxy_connect_timeout 720s;

    proxy_send_timeout 720s;


    # Proxy headers

    proxy_set_header X-Forwarded-Host $host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;


    # SSL parameters

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

    include snippets/ssl.conf;

    include snippets/letsencrypt.conf;


    # log files

    access_log /var/log/nginx/odoo.access.log;

    error_log /var/log/nginx/odoo.error.log;


    # Handle longpoll requests

    location /longpolling {

        proxy_pass http://odoochat;

    }


    # Handle / requests

    location / {

       proxy_redirect off;

       proxy_pass http://odoo;

    }


    # Cache static files

    location ~* /web/static/ {

        proxy_cache_valid 200 90m;

        proxy_buffering on;

        expires 864000;

        proxy_pass http://odoo;

    }


    # Gzip

    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;

    gzip on;

}


sudo systemctl restart nginx

nano /etc/odoo.conf

proxy_mode = True

sudo systemctl restart odoo


## odoo 15 installation with auto renewing letsencrypt ssl nginx completed. ##


For more insights and professional Odoo Community/Enterprise implementations, connect with us at hashcodeit.com or drop an email at info@hashcodeit.com, +971545975212.  Transform your Odoo journey with precision and expertise!

Comments

Post a Comment

Popular posts from this blog

Odoo 17 - large database restore error

Odoo 17 Large Database Restore Error -  413 Request Entity Too Large While grappling with a perplexing '413 REQUEST ENTITY TOO LARGE' error during the restoration of a sizable database backup onto an existing server, the common reflex was to scrutinize the nginx configuration file. However, the root cause proved elusive, as the same issue persisted when loading Odoo with an IP and port. Before you jump to the standard advice of adjusting 'client_max_body_size' in your nginx configuration, bear with me, because this situation is peculiar and unrelated to nginx or Apache. In an unexpected twist, the solution resided not in the nginx configuration but in the Odoo configuration file (/etc/odoo/odoo.conf). The key was to add a parameter with a significantly higher value: [options] web.max_file_upload_size = Surprisingly, 'web.max_file_upload_size' couldn't be overridden via the odoo.conf file. However, a breakthrough came when I edited line number 235 in 'odo...
Read more

Complete Guide to Installing Odoo 17 on Digital Ocean with Ubuntu 22.04

Odoo 17 installation on Digital Ocean with Ubuntu 22.04 Detailed Guide to Installing Odoo 17 on a Digital Ocean Ubuntu 22.04 Drople t Odoo is a comprehensive and flexible open-source business management software suite that includes a wide range of applications. This guide provides a detailed, step-by-step tutorial on installing Odoo 17 on a Digital Ocean droplet running Ubuntu 22.04. Prerequisites Before starting the installation process, ensure you have the following prerequisites: - A Digital Ocean account. - A droplet running Ubuntu 22.04. - Access to the server via SSH. - Basic knowledge of the command line. Step-by-Step Installation Step 1: Create an Ubuntu 22.04 Droplet 1. **Log in to Digital Ocean** and create a new droplet with Ubuntu 22.04 as the operating system. 2. **Choose the droplet specifications** based on your company's size and requirements. For Odoo, a droplet with at least 2GB of RAM is recommended. 3. **Set the authentication method** to a password and ensure ...
Read more

Whhtmltopdf error

Whhtmltopdf issue in odoo. Error Message : wkhtmltopdf: b"The switch --header-spacing, is not support using unpatched qt, and will be ignored.The switch --header-html, is not support using unpatched qt, and will be ignored.The switch --footer-html, is not support using unpatched qt, and will be ignored Solution: ##Remove wkhtmltopdf if it is already installed. sudo apt remove wkhtmltopdf cd ~ wget https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.4/wkhtmltox-0.12.4_linux-generic-amd64.tar.xz tar xvf wkhtmltox*.tar.xz sudo mv wkhtmltox/bin/wkhtmlto* /usr/bin sudo apt-get install -y openssl build-essential libssl-dev libxrender-dev git-core libx11-dev libxext-dev libfontconfig1-dev libfreetype6-dev fontconfig For more insights and professional Odoo Community/Enterprise implementations, connect with us at hashcodeit.com or drop an email at info@hashcodeit.com, +971545975212.  Transform your Odoo journey with precision and expertise!
Read more