Lanjutan dari artikel Instalasi Odoo di Private Cloud IDCloudhost adalah Instalasi SSL untuk Oddo versi 14. Hal ini diperlukan agar transmisi data terenkripsi.
Langkah 1 : Instalasi NGINX
Jalankan perintah berikut
sudo apt -y install nginxJika proses instalasi NGINX sudah selesai , kita check dengan perintah : systemctl status nginx
Terlihat statusnya sudah active
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-04-25 07:56:41 UTC; 1min 8s ago
Docs: man:nginx(8)
Main PID: 11241 (nginx)
Tasks: 2 (limit: 1150)
CGroup: /system.slice/nginx.service
├─11241 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─11243 nginx: worker processLangkah 2 : Setting Nginx HTTP proxy untuk Odoo
Buat file konfigurasi untuk Odoo
sudo vim /etc/nginx/conf.d/odoo.confKemudian isi filenya seperti berikut (silahkan ganti nama subdomainnya)
#Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name odoo14.stelselmatig.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location / {
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}Check konfigurasi NGINX dengan perintah : sudo nginx -t
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulJika tidak ada error, silahkan restart NGINX
sudo systemctl restart nginxKemudian check kembali statusnya , terlihat Active
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-04-25 08:14:22 UTC; 5s ago
Docs: man:nginx(8)
Process: 11432 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 11446 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 11435 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 11450 (nginx)
Tasks: 2 (limit: 1150)
CGroup: /system.slice/nginx.service
├─11450 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─11453 nginx: worker processLangkah 3 : Instalasi Sertifikat SSL Let’s Encrypt untuk Odoo di mesin Nginx
Tambahkan dulu repository
sudo add-apt-repository ppa:certbot/certbotTekan tombol ENTER. Kemudian Install Certbot untuk NGINX
sudo apt install python-certbot-nginxKemudian reload
sudo systemctl reload nginxBuat sertifikat dengan perintah
sudo certbot --nginx -d odoo14.stelselmatig.comNanti ada pertanyaan-pertanyaan, silahkan bisa lihat detailnya di bawah ini
$ sudo certbot --nginx -d odoo14.stelselmatig.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): chandra.mulyana@stelselmatig.com
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
(A)gree/(C)ancel: A
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for odoo14.stelselmatig.com
nginx: [warn] conflicting server name "odoo14.stelselmatig.com" on 0.0.0.0:80, ignored
Waiting for verification…
Cleaning up challenges
nginx: [warn] conflicting server name "odoo14.stelselmatig.com" on 0.0.0.0:80, ignored
Deploying Certificate to VirtualHost /etc/nginx/conf.d/odoo.conf
nginx: [warn] conflicting server name "odoo14.stelselmatig.com" on 0.0.0.0:80, ignored
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Congratulations! You have successfully enabled https://odoo14.stelselmatig.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=odoo14.stelselmatig.com
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/odoo14.stelselmatig.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/odoo14.stelselmatig.com/privkey.pem
Your cert will expire on 2021-07-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le Ada informasi agar kita melakukan testing dari sertifikat SSL tersebut. Disebutkan agar kita test di
https://www.ssllabs.com/ssltest/analyze.html?d=odoo14.stelselmatig.comCheck kembali file sudo vim /etc/nginx/conf.d/odoo.conf
harus seperti di bawah ini
#Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name odoo14.stelselmatig.com;
return 301 https://odoo14.stelselmatig.com$request_uri;
}
server{
listen 443 ssl;
server_name odoo14.stelselmatig.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
#SSL
ssl_certificate /etc/letsencrypt/live/odoo14.stelselmatig.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/odoo14.stelselmatig.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location / {
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}Restart NGINX
sudo systemctl restart nginx