NGINX Configuration for Odoo 13 with Let's Encrypt SSL Certificate

Servers
, , , ,
1

NGINX is a powerful web server that can be used to enhance the performance and security of your Odoo 13 installation. In this article, we will guide you through configuring NGINX to work with Odoo 13 and enable SSL encryption using Let’s Encrypt.

Before proceeding, ensure that you have the necessary prerequisites in place:

  1. A domain name registered and pointing to your server’s IP address.
  2. Odoo 13 installed and running on your server.
  3. Let’s Encrypt SSL certificate obtained for your domain.

Now, let’s dive into the NGINX configuration file for Odoo 13:

upstream odoo {
    server 127.0.0.1:8069;
}

upstream odoo-chat {
    server 127.0.0.1:8072;
}

server {
    server_name yourdomain.com;
    return 301 https://yourdomain.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header Strict-Transport-Security max-age=15768000;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;

    access_log /var/log/nginx/odoo.access.log;
    error_log /var/log/nginx/odoo.error.log;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    location / {
        proxy_redirect off;
        proxy_pass http://odoo;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    location /longpolling {
        proxy_pass http://odoo-chat;
    }

    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip Compression
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

Let’s break down the key elements of this NGINX configuration:

  1. The upstream directive specifies the backend server for Odoo and Odoo chat.

  2. The first server block redirects HTTP requests to HTTPS for better security.

  3. The second server block listens on port 443 and handles HTTPS requests.

  4. The SSL certificate and key paths are specified for Let’s Encrypt certificates.

  5. Strict Transport Security (HSTS) is enabled to enforce HTTPS usage.

  6. SSL stapling is enabled to enhance the certificate’s validity.

  7. The resolver directive sets DNS servers for name resolution.

  8. Access and error logs are specified to track server activity.

  9. Proxy settings are configured to pass requests to the Odoo backend.

  10. Additional settings are applied for long-polling and static file caching.

  11. Gzip compression is enabled to optimize data transfer.

To apply these changes, follow these steps:

  1. Open the NGINX configuration file using a text editor:

    sudo vi /etc/nginx/sites-available/odoo.conf

  2. Replace the existing content with the improved configuration provided above.

  3. Save the file and exit the text editor.

  4. Test the NGINX configuration for syntax errors:

    sudo nginx -t

  5. If the test is successful, restart NGINX to apply the new configuration:

    sudo systemctl restart nginx

With these steps completed, your Odoo 13 installation should now be accessible via HTTPS using the Let’s Encrypt SSL certificate. NGINX will serve as a secure reverse proxy, providing enhanced performance and protection for your Odoo instance.

Feel free to customize the configuration based on your specific requirements and server setup.