帮助

Welcome!

This community is for professionals and enthusiasts of our products and services.
Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

Hide Intro Register
0

odoo采用https连接说明

Avatar
江浪

https配置

1、安装nginx(sudo apt update    ;sudo apt install nginx)

2、安装Certbot(sudo apt install certbot python3-certbot-nginx)

3、获取SSL(sudo certbot --nginx -d demo.bluewms.com

4、复制证书至nginx要求的目录(sudo cp /etc/letsencrypt/live/demo.bluewms.com/fullchain.pem /etc/ssl/nginx/server.crt

sudo cp /etc/letsencrypt/live/demo.bluewms.com/privkey.pem /etc/ssl/nginx/server.key)目录没有要创建

5、配置odoo - odoo.conf (proxy_mode = True)

6、 配置Nginx (vim /etc/nginx/sites-available/odoo.conf)

# Define upstream servers

upstream odoo {

  server 6.62.20.121:8016;  # Odoo backend server

}

upstream odoochat {

  server 6.62.20.121:8072;  # Odoo chat server (for websockets), 这里也可以改成Odoo的chat端口,如果需要

}


# Map connection upgrade for websockets

map $http_upgrade $connection_upgrade {

  default upgrade;

  ''      close;

}


# HTTP -> HTTPS redirection

server {

  listen 80;

  server_name demo.bluewms.com;  # 替换为你的域名

  rewrite ^(.*) https://$host$1 permanent;

}


# HTTPS server configuration

server {

  listen 443 ssl;

  server_name demo.bluewms.com;  # 替换为你的域名

  proxy_read_timeout 720s;

  proxy_connect_timeout 720s;

  proxy_send_timeout 720s;


  # SSL configuration

  ssl_certificate /etc/letsencrypt/live/demo.bluewms.com/fullchain.pem;  # Certbot生成的证书路径

  ssl_certificate_key /etc/letsencrypt/live/demo.bluewms.com/privkey.pem;  # Certbot生成的密钥路径

  ssl_session_timeout 30m;

  ssl_protocols TLSv1.2 TLSv1.3;

  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

  ssl_prefer_server_ciphers off;


  # Logging

  access_log /var/log/nginx/odoo.access.log;

  error_log /var/log/nginx/odoo.error.log;


  # Redirect websocket requests to odoo chat server

  location /websocket {

    proxy_pass http://odoochat;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Connection $connection_upgrade;

    proxy_set_header X-Forwarded-Host $http_host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;


    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    proxy_cookie_flags session_id samesite=lax secure;  # Requires nginx 1.19.8 or newer

  }


  # Proxy requests to Odoo backend

  location / {

    # Add headers for Odoo proxy mode

    proxy_set_header X-Forwarded-Host $http_host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_redirect off;

    proxy_pass http://odoo;


    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    proxy_cookie_flags session_id samesite=lax secure;  # Requires nginx 1.19.8 or newer

  }


  # Enable gzip compression

  gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;

  gzip on;

}


注意# Requires nginx 1.19.8 or newer如版本不对注解,log等目录要创建。

log等目录要创建。

sudo touch /var/log/nginx/odoo.error.log 

sudo touch /var/log/nginx/odoo.access.log 

sudo chown -R www-data:www-data /var/log/nginx



7、将nginx配置文件链接到sites-enabled目录,并重新启动Nginx:(sudo ln -s /etc/nginx/sites-available/odoo.conf /etc/nginx/sites-enabled/

sudo nginx -t  # 检查配置是否正确

sudo systemctl restart nginx


8. 查看确保Certbot自动更新证书(sudo systemctl list-timers,手动立马更新sudo systemctl start certbot.timer)


9.保证开启阿里云443端口




Avatar
Discard