akhdaniel · May 2, 2020 00:42 · May 2, 2020 · May 2, 2020
diff --git a/...ntos 7, Nginx, SSL installation Checklist → ...s 7, Nginx, SSL installation Checklist.md b/...ntos 7, Nginx, SSL installation Checklist → ...s 7, Nginx, SSL installation Checklist.md
diff --git a/Odoo, Centos 7, Nginx, SSL installation Checklist b/Odoo, Centos 7, Nginx, SSL installation Checklist
@@ -0,0 +1,275 @@
+# Step 1 - Add the Odoo repository
+
+```
+yum install -y epel-release
+yum-config-manager --add-repo=https://nightly.odoo.com/10.0/nightly/rpm/odoo.repo
+yum update && yum install odoo
+
+```
+
+enable odoo services
+```
+systemctl enable odoo
+systemctl start odoo
+```
+
+If you are running a firewall, run the following commands to allow HTTP and HTTPS traffic:
+
+```
+sudo firewall-cmd --permanent --zone=public --add-service=http 
+sudo firewall-cmd --permanent --zone=public --add-service=https
+sudo firewall-cmd --reload
+```
+
+enable SE linux for nginx localhost access later
+
+```
+setsebool -P httpd_can_network_connect 1
+```
+
+
+# Step 2 - Configure a Linux user for Odoo
+
+```
+sudo adduser --system --home=/opt/odoo --group odoo
+mkdir -p /var/lib/odoo
+```
+
+# Step 3 - Install and Configure PostgreSQL
+
+```
+yum install postgresql-server fontconfig libpng libX11 libXext libXrender xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi wkhtmltopdf yum-utils
+postgresql-setup initdb
+su - postgres
+createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt odoo
+```
+
+
+Enable PostgreSQL to start on boot and start the service using:
+
+```
+systemctl enable postgresql
+systemctl start postgresql
+```
+
+# Step 4 - Install dependencies needed
+
+```
+sudo apt-get install python-cups python-dateutil python-decorator python-docutils python-feedparser \
+python-gdata python-geoip python-gevent python-imaging python-jinja2 python-ldap python-libxslt1 \
+python-lxml python-mako python-mock python-openid python-passlib python-psutil python-psycopg2 \
+python-pybabel python-pychart python-pydot python-pyparsing python-pypdf python-reportlab python-requests \
+python-simplejson python-tz python-unicodecsv python-unittest2 python-vatnumber python-vobject \
+python-werkzeug python-xlwt python-yaml wkhtmltopdf
+```
+
+
+# Step 5 - Install Odoo
+
+```
+sudo apt-get install odoo
+netstat -plntu
+```
+Make sure odoo instance is running on port 8069. 
+
+Check from URL http://odoo.mysite.co:8069. 
+Make sure that firewall is not blocking that port.
+
+```
+vim /etc/odoo/openerp-server.conf
+```
+
+Edit file content to:
+
+```
+xmlrpc_interface = 127.0.0.1
+xmlrpc_port = 8069
+```
+
+
+# Step 6 - Install and Configure Nginx
+
+If you have apache installed, let’s uninstall or disable it then install nginx to proceed
+
+```
+systemctl disable httpd
+systemctl stop httpd
+yum install nginx
+```
+
+Edit file content /etc/nginx/conf.d/yoursite.com.conf
+
+```
+##Odoo Backend##
+
+upstream odooerp {
+    server 127.0.0.1:8069;
+    #server ip2:8069;
+    #server ip3:8069;
+}
+upstream odooerp-im {
+    server 127.0.0.1:8072 weight=1 fail_timeout=0;
+    #server ip2:8072 weight=1 fail_timeout=0;
+    #server ip3:8072 weight=1 fail_timeout=0;
+}
+
+##https site##
+server {
+    listen      443 default_server;
+    server_name odoo.mysite.co;
+    root        /usr/share/nginx/html;
+    index       index.html index.htm;
+
+    # log files
+    access_log  /var/log/nginx/odoo.access.log;
+    error_log   /var/log/nginx/odoo.error.log;
+
+    # ssl files
+    ssl on;
+    ssl_ciphers                 ALL:!ADH:!MD5:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM;
+    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers   on;
+    ssl_certificate             /etc/nginx/ssl/odoo.crt;
+    ssl_certificate_key         /etc/nginx/ssl/odoo.key;
+
+    # proxy buffers
+    proxy_buffers 16 64k;
+    proxy_buffer_size 128k;
+
+    # timeouts
+    proxy_read_timeout 720s;
+    proxy_connect_timeout 720s;
+    proxy_send_timeout 720s;
+
+    ## odoo proxypass with https ##
+    location / {
+        proxy_pass  http://odooerp;
+        # force timeouts if the backend dies
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+
+        # set headers
+        proxy_set_header    Host            $host;
+        proxy_set_header    X-Real-IP       $remote_addr;
+        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Proto https;
+    }
+
+    location /longpolling/ {
+        proxy_pass  http://odooerp-im;
+
+        # force timeouts if the backend dies
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+
+        # set headers
+        proxy_set_header    Host            $host;
+        proxy_set_header    X-Real-IP       $remote_addr;
+        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Proto https;
+    }    
+
+
+    # cache some static data in memory for 60mins
+    location ~* /web/static/ {
+        proxy_cache_valid 200 60m;
+        proxy_buffering on;
+        expires 864000;
+        proxy_pass http://odooerp;
+    }
+    # gzip    
+    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
+    gzip on;
+
+}
+
+##http redirects to https ##
+server {
+    listen      80;
+    server_name odoo.mysite.co;
+
+    # Strict Transport Security
+    add_header Strict-Transport-Security max-age=2592000;
+    rewrite ^/.*$ https://$host$request_uri? permanent;
+}
+```
+
+Change odoo.mysite.co to your actual domain name.
+
+Create SSL folder:
+
+```
+mkdir -p /etc/nginx/ssl
+cd /etc/nginx/ssl
+```
+
+Generate SSL Key:
+
+```
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/odoo.key -out /etc/nginx/ssl/odoo.crt
+chmod 600 odoo.key
+```
+
+Enable Odoo config on nginx:
+
+```
+ln -s /etc/nginx/sites-available/odoo /etc/nginx/sites-enabled/odoo
+nginx -t
+systemctl restart nginx
+```
+
+# Step 7 - Configure Odoo
+
+Goto http://odoo.mysite.co
+
+Manage database from user interface
+
+
+# Step 8 - Install SSL Certificate
+
+```
+yum -y install yum-utils
+yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
+sudo yum install certbot python2-certbot-nginx
+
+
+sudo certbot --nginx
+
+```
+
+# Step 9 - To Renew the Certificate
+
+```
+sudo certbot --nginx certonly
+```
+
+Done!
+You can start Odoo from http://odoo.mysite.co and Nginx will automatically redirect to HTTPS port 443 with the valid SSL certificate!
+
+
+# Optional Step: For unsupported Operating System
+
+```
+wget https://dl.eff.org/certbot-auto
+chmod a+x certbot-auto
+
+sudo ./path/to/certbot-auto --nginx
+```
+
+To renew
+
+```
+$ sudo ./path/to/certbot-auto --nginx certonly
+```
+
+
+Automatic renew by CRON job
+
+```
+echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
+```
+
+# Need More Info?
+
+Need Odoo customization, implementation, training, tuning performance service ?
+Contact us: vitraining.com