Odoo - Server Configuration - Steps Detail

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 13

Odoo Server

1. Cài Nginx
sudo apt update
sudo apt install nginx

2. Adjusting the Firewall


sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw status
a. Nếu status là inactive:
sudo ufw enable
sudo ufw default deny

3. Tạo file odoowebsite.conf -


/etc/nginx/sites-available/odoowebsite.conf:
# You should look at the following URL's in order to grasp a solid
understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a
clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed
examples.
##

# Default server configuration


#

upstream odoowebsite {
server 127.0.0.1:8069;
}

upstream odoowebsitelong {
server 127.0.0.1:8070;
}

server {
listen 80;
server_name odoo.website;
rewrite ^/(.*)$ https://odoo.website/$1 permanent;
}

server {

include snippets/self-signed.conf;

server_name odoo.website;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
client_max_body_size 100m;
location / {
proxy_redirect off;
proxy_pass http://odoowebsite;
}

location /longpolling {
proxy_pass http://odoowebsitelong;
}

# Virtual Host configuration for example.com


#
# You can move that to a different file under sites-available/ and symlink
that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

4. Tạo file odoo.conf - /etc/nginx/sites-enable/odoo.conf:


upstream odoowebsite {
server 127.0.0.1:8069;
}
upstream odoowebsitelong {
server 127.0.0.1:8070;
}
server {
listen 80;
server_name odoo.website;

access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;

proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

add_header 'Access-Control-Allow-Origin' '*';


add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-
Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_redirect off;
proxy_pass http://odoowebsite;
}

location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoowebsite;
}

gzip_types text/css text/less text/plain text/xml application/xml application/json


application/javascript;
gzip on;
}

server {

listen 443 ssl http2;


listen [::]:443 ssl http2;

ssl on;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

ssl_prefer_server_ciphers on;
server_name odoo.website;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Protocol https;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
client_max_body_size 100m;
location / {
proxy_redirect off;
proxy_pass http://odoowebsite;
}
location /longpolling {
proxy_pass http://odoowebsitelong;
}

gzip_types text/css text/scss text/plain text/xml application/xml application/json


application/javascript;
gzip on;
}

5. Creating the SSL Certificate


 sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
 sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
 sudo nano /etc/nginx/snippets/self-signed.conf
 ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
 ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

END

Dành cho MacOs


- brew install nginx
- cài git: brew install git
- cd /usr/local/etc/nginx/
- git clone [email protected]:fountainhead/nginx-sites-available sites-available
- wget
"https://gist.githubusercontent.com/jimothyGator/5436538/raw/9e0b6674a6b8c50
589ea4d811b845545a776ca16/default-ssl.conf"
- wget
"https://gist.githubusercontent.com/jimothyGator/5436538/raw/9e0b6674a6b8c50
589ea4d811b845545a776ca16/default.conf"
- mkdir -p /usr/local/etc/nginx/sites-enabled
- cd /usr/local/etc/nginx/sites-enabled
- ln -s ../sites-available/default.conf
- ln -s ../sites-available/default-ssl.conf
- cd /usr/local/etc/nginx/
- rm nginx.conf
- wget
"https://gist.githubusercontent.com/jimothyGator/5436538/raw/9e0b6674a6b8c50
589ea4d811b845545a776ca16/nginx.conf"
# Create log directory
- sudo mkdir -p /Library/Logs/nginx/
- cd /usr/local/etc/nginx/sites-enabled
- ln -s ../sites-available/santoshsrinivas.dvp
# Test out nginx
- sudo nginx -t
- sudo nginx -s stop
- sudo nginx -s stop && sudo nginx
# Start nginx
- sudo nginx -s reload hoặc sudo nginx

Chèn lại hết nội dung file nginx.conf:

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '


# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

server {
listen 80;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html


#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80


#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000


#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root


# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;

# location / {
# root html;
# index index.html index.htm;
# }
#}

# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;

# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;

# location / {
# root html;
# index index.html index.htm;
# }
#}

Edit file hosts


- cd /etc
- nano hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 odoo.website
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

Chạy trên http:


cd /usr/local/etc/nginx
sudo nginx ( mở trình duyệt gõ odoo.website)
sudo nginx -s stop
cd /usr/local/etc/nginx
cd /etc/
nano hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 odoo.website
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

nano /etc/nginx/sites-enabled/odoo.website
(Chèn nội dung sau vào file odoo.website vừa tạo)
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration


#

upstream odoowebsite {
server 127.0.0.1:8069;
}

upstream odoowebsitelong {
server 127.0.0.1:8070;
}

server {
listen 80;
server_name odoo.website;
rewrite ^/(.*)$ https://odoo.website/$1 permanent;
}

server {

listen 443 ssl http2;


listen [::]:443 ssl http2;

include snippets/self-signed.conf;

server_name odoo.website;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
client_max_body_size 100m;
location / {
proxy_redirect off;
proxy_pass http://odoowebsite;
}

location /longpolling {
proxy_pass http://odoowebsitelong;
}

# Virtual Host configuration for example.com


#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

- cd /home
- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/usr/local/etc/ssl/private/nginx-selfsigned.key -out /usr/local/etc/ssl/certs/nginx-
selfsigned.crt

- sudo openssl dhparam -out /usr/local/etc/ssl/certs/dhparam.pem 2048


- sudo vi /usr/local/etc/nginx/conf.d/ssl.conf
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;

server_name odoo.website;

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;

################################################################
########
# from https://cipherli.st/ #
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #

################################################################
########

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


ssl_prefer_server_ciphers on;
ssl_ciphers
"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header
line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

##################################
# END https://cipherli.st/ BLOCK #
##################################
root /usr/share/nginx/html;

location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:8069;
}

location /longpolling {
proxy_pass http://127.0.0.1:8070;
}

error_page 404 /404.html;


location = /404.html {
}

error_page 500 502 503 504 /50x.html;


location = /50x.html {
}
}

- nginx
- Vào trình duyệt gõ https://odoo.website