Installing Odoo 17, Nginx and SSL Certificate on Ubuntu 22.04 Server

July 7, 2024 by

Alixsander Haj Saw

| No comments yet

Introduction

In this guide, I'll walk you through the process of installing Odoo, a powerful open-source business management software, on your server.

We'll also set up Nginx as a reverse proxy to handle incoming traffic and secure your site with an SSL certificate using Let's Encrypt.

By the end of this tutorial, you'll have a fully functional and secure Odoo installation.

Video Version of this Tutorial

Prerequisites

Ubuntu 22.04 server (Official recommendation on minimum server requirements are 1 CPU and 2GB of RAM).
Domain name pointing to the server.

First Step: Installing Odoo

Start with updating the package list:

sudo apt update

Odoo uses PostgreSQL as the database, install it using:

sudo apt install postgresql -y

Odoo uses wkhtmltopdf to render PDFs, install it using:

sudo apt install wkhtmltopdf

Next let's add Odoo's repository for the Community edition and install it:

wget -q -O - https://nightly.odoo.com/odoo.key | sudo gpg --dearmor -o /usr/share/keyrings/odoo-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/odoo-archive-keyring.gpg] https://nightly.odoo.com/17.0/nightly/deb/ ./' | sudo tee /etc/apt/sources.list.d/odoo.list

sudo apt update && sudo apt install odoo

Check if Odoo is installed and running:

sudo systemctl status odoo

Check the port on which odoo is listening to:

sudo ss -tulnip | grep odoo

A fresh Ubuntu 22.04 installation comes with UFW installed and enabled by default, let's disable it for this tutorial to allow all incoming traffic by running:

sudo ufw disable

Access odoo by visiting the following url:

http://ipaddress:8069

Second Step: Installing and Configuring NGINX

Make sure your domain name is pointing towards the server before configuring nginx and ssl certificate. This is done by adding an A record containing your servers IP address.

Install nginx and enable it:

sudo apt install nginx
sudo systemctl enable nginx

Create the server configuration block to handle the requests to your Odoo application. Replace "yourdomain" part:

sudo nano /etc/nginx/sites-available/yourdomain.conf

Add the following directives and replace "your_domain.com" with your domain:

upstream odoo {
    server 127.0.0.1:8069;
}

server {
    listen 80;
    server_name your_domain.com;

    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location / {
        proxy_pass http://odoo;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_redirect off;
        proxy_request_buffering off;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
        client_max_body_size 10240m;
    }

    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    location /longpolling {
        proxy_pass http://odoo;
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
    }

    location /websocket {
        proxy_pass http://odoo;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

To enable the above configuration we need to create a symbolic link of it inside sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/yourdomain.conf /etc/nginx/sites-enabled/

Check if the configuration is correct using nginx -t flag, if correct restart nginx

sudo nginx -t
sudo systemctl restart nginx

Install Let's Encrypt Certificate Using Certbot

Start by installing certbot package:

sudo apt install certbot python3-certbot-nginx

Obtain the certificate using the following command, replace your_domain.com with your actual domain. This command will automatically add the necessary configurations to our nginx conig file we previously created:

sudo certbot --nginx -d your_domain

Make Odoo application aware that it is being accessed through a reverse proxy (NGINX) by adding the proxy_mode directive:

sudo nano /etc/odoo/odoo.conf

Add the following at the bottom:

proxy_mode = True

To make sure all requests are accessed over HTTPS and not HTTP lets add the content security policy (CSP) in our NGINX config file:

sudo nano /etc/nginx/sites-available/yourdomain

Add the following directive under the certbot generated directives:

add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

Finally restart odoo and nignx services:

sudo systemctl restart nginx
sudo systemctl restart odoo

The final configuration file should look like this:

upstream odoo {
    server 127.0.0.1:8069;
}

server {
    server_name domainname.com

    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location / {
    proxy_pass http://odoo;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_redirect off;
        proxy_request_buffering off;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
        client_max_body_size 10240m;

    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Increase the HTTP request timeout for long polling
    location /longpolling {
        proxy_pass http://odoo;
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
    }

location /websocket {
    proxy_pass http://odoo;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domainname.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domainname.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
}


server {
    if ($host = domainname.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name domainame.com;
    return 404; # managed by Certbot


}

Now you can access your Odoo website over HTTPS using your domain name.

in Odoo ERP

# certbot nginx odoo ubuntu 22.04

Sign in to leave a comment