Running Odoo with https

It has gotten so easy to use https since https://letsencrypt.org/ opened up. Not only can you get free ssl certificates but even more important, automate the process! That’s how it should be!

I’m using Caddy. I’m assuming your Odoo server is already running. (for example, on 127.0.0.1:8069)

Also important, some requirements:

Install Caddy

Download the binary from https://caddyserver.com/ (Linux 64-bit) and extract the archive into /usr/local/bin.

“Configure” Caddy

There’s not much to configure but since I will run Caddy on startup I keep my config in /etc/caddy.

mkdir /etc/caddy
adduser --disabled-login caddy
odoo.harkx.com { # Your url should go here..
  proxy / http://127.0.0.1:8069 { # Fill in the correct port..
    header_upstream Host {host}
    }
  proxy /longpolling http://127.0.0.1:8072 { # in case you use it
    header_upstream Host {host}
    }
  gzip
}

This will make the following magic happen:

Configure certificates

We’ll be running Caddy as user “caddy” so we need to give it permission to bind to low ports as non-root user. Easily accomplished by runnning this command:

setcap cap_net_bind_service=+ep /usr/local/bin/caddy

I prefer to generate the certificates manually the first time. If something goes wrong you’ll be able to catch the error. (you won’t see it when running in daemon mode)

su caddy
/usr/local/bin/caddy -agree -email YOUREMAIL -conf=/etc/caddy/Caddyfile

The certificates are now located in: /home/caddy/.caddy/letsencrypt/sites/

Configure Caddy for auto startup

[Unit]
Description=Caddy webserver
Documentation=https://caddyserver.com/
After=network.target

[Service]
User=caddy
Group=caddy
WorkingDirectory=/etc/caddy
LimitNOFILE=8192
ExecStart=/usr/local/bin/caddy -agree -email YOUREMAIL -conf=/etc/caddy/Caddyfile
Restart=on-failure
StartLimitInterval=600

[Install]
WantedBy=multi-user.target

That’s it, your Odoo instance is now being served over https.

Resources:

UPDATES

written by @harkx

comments powered by Disqus