Installing Odoo 11 on Ubuntu Xenial Container
Linux,  Server

Installing Odoo 11 on Ubuntu Xenial Container

This tutorial will lead you true the installation of Odoo 11 on a Ubuntu Xenial server. The system I will use is a freshly installed Ubuntu Linux Container on my router.

For instructions on setting op a Linux Container, you can read this blog-post.

Prepare the container

ssh into your router as root and enter your container. If you already set up SSH inside your container you can also ssh into it directly.

# lxc-start -n Ubuntu
# lxc-attach -n Ubuntu
# apt-get update && apt-get upgrade
# apt-get install wget

Installation of Odoo 11

# apt-get install postgresql
# wget -O – https://nightly.odoo.com/odoo.key | apt-key add –
# echo “deb http://nightly.odoo.com/11.0/nightly/deb/ ./” >> /etc/apt/sources.list.d/odoo.list
# apt-get update && apt-get install odoo

with the latest release of the of the Odoo installation scripts, this should all go smooth. This was not the case some days before I began to write this post.

test your odoo 11 installation by navigating to the 8069 port on the container.

Now you can create or restore a database using the web-gui. After this Odoo will set everithing for you to start working.

A fresh Odoo installation for SnakeByte
A fresh Odoo installation for SnakeByte

The first thing you should do now is changing the master password for the databases on your new odoo web-gui. This can be done by logging out of your Odoo web-app and after this it will show a yellow message asking you to set the password. Follow these instructions. In a later blog post I will tell you how to secure your databases even more.

Rederect port 80 and 443 to Odoo and force secure connection

If you want to use your Odoo from outside your LAN, you have to think about safety. The first step is to secure Odoo is by geting ourselves a ssl key.

To be able to do these steps you will have to obtain yourself a domain or sub-domain redirecting to your server. you can also do this using a (free) DDNS service. I will not go further into this.

Port forwarding from your OpenWRT router

from your Router shell:

# vim /etc/config/firewall

config redirect
    option target 'DNAT'
    option src 'wan'
    option src_dport '80'
    option dest_ip '192.168.1.255'
    option name 'apache'
    option dest 'lan'
    option proto 'tcp udp'
    option dest_port '80'
    option reflection '1'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option src_dport '443'
    option dest_ip '192.168.1.255'
    option dest_port '443'
    option name 'odoo-https'
    option reflection '1'

Setting up nginx

Back inside the container, we will now install nginx and link port 80 to the Odoo app.

# apt-get install nginx
# vim /etc/nginx/sites-enabled/default

## OpenERP backend ##
upstream openerp {
    server 127.0.0.1:8069;
}

server {
    listen 80 ;
    listen [::]:80 ;

    root /var/www/html;
    index index.html index.htm;
    server_name yourserver.com www.yourserver.com;

    location / {
        proxy_pass http://openerp;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        # set headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
}
# systemctr restart nginx

Getting a SSL certificate

Once the domain is linked to the host, we can request a SSL certificate. There are many options for certification but we will stick with the free and open LetsEncript certificate. LetsEncript has a tool, Certbot, to install a certificate on the server, so lets make use of it.

# apt-get install software-properties-common
# add-apt-repository ppa:certbot/certbot
# apt-get update
# apt-get install python-certbot-nginx
# sudo certbot –nginx certonly
Enter email address:
youremail@gmail.com
(A)gree/(C)ancel:
A
(Y)es/(N)o:
Y
Which names would you like to activate HTTPS for?
Select the appropriate numbers:
1 # pick the one for your new domain

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/yourserver.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yourserver.com/privkey.pem
Your cert will expire on 2018-06-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”

And your sertification is done!

But like you can read, the sertificate is only valid for 90 days. You can manually renew it every 90 days, but you can also let the server do it automaically. For this job we use cronjob.

# cronjob -e

Cron will ask you what editor to use, after this it will show you a configuration file with some explanation on how it works. I want to check every first day of the week for certificates that need renewal, next line will check weekly at 3:30am.

30 03 * * 0 certbot renew

Finishing the nginx configuration

Now the time has come to finish up our configuration for https access. We chould want to keep the connection safe at all times. Therefor we will rederect port 80 to port 443.

# vim /etc/nginx/sites-enabled/default

## OpenERP backend ##
upstream openerp {
   server 127.0.0.1:8069;
}

server {
    index index.html index.htm;
    server_name yourserver.com www.yourserver.com;
    location / {
        proxy_pass  http://openerp;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }
    
    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/yourserver.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourserver.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    if ($host = yourserver.com) {
        return 301 https://$host$request_uri;
    }
    listen 80 ;
    listen [::]:80 ;
    server_name yourserver.com www.yourserver.com;
    return 301 https://$host$request_uri;
}

# systemctr restart nginx

Now your Odoo installation is up and running

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *