Skip to Content

Installing Odoo 17, Nginx and SSL Certificate on Ubuntu 22.04 Server

July 7, 2024 by
Alixsander Haj Saw

Introduction

In this guide, I'll walk you through the process of installing Odoo, a powerful open-source business management software, on your server. 

We'll also set up Nginx as a reverse proxy to handle incoming traffic and secure your site with an SSL certificate using Let's Encrypt. 

By the end of this tutorial, you'll have a fully functional and secure Odoo installation. 

Video Version of this Tutorial

Prerequisites

  • Ubuntu 22.04 server (Official recommendation on minimum server requirements are 1 CPU and 2GB of RAM).
  • Domain name pointing to the server.


First Step: Installing Odoo

Start with updating the package list:

sudo apt update


Odoo uses PostgreSQL as the database, install it using:

sudo apt install postgresql -y


Odoo uses wkhtmltopdf to render PDFs, install it using:

sudo apt install wkhtmltopdf


Next let's add Odoo's repository for the Community edition and install it:

wget -q -O - https://nightly.odoo.com/odoo.key | sudo gpg --dearmor -o /usr/share/keyrings/odoo-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/odoo-archive-keyring.gpg] https://nightly.odoo.com/17.0/nightly/deb/ ./' | sudo tee /etc/apt/sources.list.d/odoo.list

sudo apt update && sudo apt install odoo


Check if Odoo is installed and running:

sudo systemctl status odoo


Check the port on which odoo is listening to:

sudo ss -tulnip | grep odoo


A fresh Ubuntu 22.04 installation comes with UFW installed and enabled by default, let's disable it for this tutorial to allow all incoming traffic by running:

sudo ufw disable 


Access odoo by visiting the following url:

http://ipaddress:8069


Second Step: Installing and Configuring NGINX

Make sure your domain name is pointing towards the server before configuring nginx and ssl certificate. This is done by adding an A record containing your servers IP address.


Install nginx and enable it:

sudo apt install nginx
sudo systemctl enable nginx


Create the server configuration block to handle the requests to your Odoo application. Replace "yourdomain" part:

sudo nano /etc/nginx/sites-available/yourdomain.conf


Add the following directives and replace "your_domain.com" with your domain:

upstream odoo {
    server 127.0.0.1:8069;
}

server {
    listen 80;
    server_name your_domain.com;

    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location / {
        proxy_pass http://odoo;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_redirect off;
        proxy_request_buffering off;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
        client_max_body_size 10240m;
    }

    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    location /longpolling {
        proxy_pass http://odoo;
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
    }

    location /websocket {
        proxy_pass http://odoo;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}


To enable the above configuration we need to create a symbolic link of it inside sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/yourdomain.conf /etc/nginx/sites-enabled/


Check if the configuration is correct using nginx -t flag, if correct restart nginx

sudo nginx -t
sudo systemctl restart nginx


Install Let's Encrypt Certificate Using Certbot

Start by installing certbot package:

sudo apt install certbot python3-certbot-nginx


Obtain the certificate using the following command, replace your_domain.com with your actual domain. This command will automatically add the necessary configurations to our nginx conig file we previously created:

sudo certbot --nginx -d your_domain


Make Odoo application aware that it is being accessed through a reverse proxy (NGINX) by adding the proxy_mode directive:

sudo nano /etc/odoo/odoo.conf

Add the following at the bottom:

proxy_mode = True


To make sure all requests are accessed over HTTPS and not HTTP lets add the content security policy (CSP) in our NGINX config file:

sudo nano /etc/nginx/sites-available/yourdomain

Add the following directive under the certbot generated directives:

add_header 'Content-Security-Policy' 'upgrade-insecure-requests';


Finally restart odoo and nignx services:

sudo systemctl restart nginx
sudo systemctl restart odoo


The final configuration file should look like this:

upstream odoo {
    server 127.0.0.1:8069;
}

server {
    server_name domainname.com

    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location / {
    proxy_pass http://odoo;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_redirect off;
        proxy_request_buffering off;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
        client_max_body_size 10240m;

    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Increase the HTTP request timeout for long polling
    location /longpolling {
        proxy_pass http://odoo;
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
    }

location /websocket {
    proxy_pass http://odoo;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domainname.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domainname.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
}


server {
    if ($host = domainname.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name domainame.com;
    return 404; # managed by Certbot


}


Now you can access your Odoo website over HTTPS using your domain name.

Read Next
How to Force a Single "From" Email for Odoo 17 Modules