使用Let's Encrypt SSL在Ubuntu 20.04上安装ODOO 14
时间:2020-02-23 14:39:17 来源:igfitidea点击:
Odoo是从单个控制台管理的基于Web的业务应用程序的开源套件。
ODOO上有一系列业务应用程序,包括开源CRM,建设器,电子商务,仓库管理,项目管理,计费和会计,销售点,人力资源,营销,制造,购买管理等。
在本文中,我们将潜入Ubuntu 20.04 Linux上的ODOO 14的安装和配置,Let’s Encrypt SSL证书。
ODOO业务应用程序可以安装并用作独立应用程序,但它们也无缝集成,以便在安装多个应用程序时获得全功能开源ERP。
本教程还将介绍如何配置NGINX代理与让我们的加密SSL证书,但可以使用任何其他自定义SSL证书,由已知的CA自签名或者签名。
第1步:更新Ubuntu系统
我们始终使用所有已安装的软件包的系统更新和升级开始安装。
sudo apt update sudo apt upgrade -y
等待要更新的所有包,然后重新启动系统。
当有内核更新时,这是必要的。
sudo systemctl reboot
第2步:安装PostgreSQL数据库服务器
ODOO需要存储数据的数据库服务器。
我们将在Ubuntu上游存储库上安装PostgreSQL Server的默认版本。
安装Ubuntu存储库中可用的默认版本。
运行:
sudo apt install postgresql postgresql-client -y
安装后,已启动数据库服务。
$systemctl status postgresql*
● Hyman@theitroad - PostgreSQL Cluster 12-main
Loaded: loaded (/lib/systemd/system/Hyman@theitroad; enabled-runtime; vendor preset: enabled)
Active: active (running) since Fri 2017-11-06 10:34:45 CET; 1min 6s ago
Main PID: 2177 (postgres)
Tasks: 7 (limit: 2286)
Memory: 18.0M
CGroup: /system.slice/system-postgresql.slice/Hyman@theitroad
├─2177 /usr/lib/postgresql/12/bin/postgres -D /var/lib/postgresql/12/main -c config_file=/etc/postgresql/12/main/postgresql.conf
├─2179 postgres: 12/main: checkpointer
├─2180 postgres: 12/main: background writer
├─2181 postgres: 12/main: walwriter
├─2182 postgres: 12/main: autovacuum launcher
├─2183 postgres: 12/main: stats collector
└─2184 postgres: 12/main: logical replication launcher
Nov 06 10:34:43 ubuntu systemd[1]: Starting PostgreSQL Cluster 12-main...
Nov 06 10:34:45 ubuntu systemd[1]: Started PostgreSQL Cluster 12-main.
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2017-11-06 10:34:40 CET; 1min 11s ago
Main PID: 1911 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 2286)
Memory: 0B
CGroup: /system.slice/postgresql.service
Nov 06 10:34:40 ubuntu systemd[1]: Starting PostgreSQL RDBMS...
Nov 06 10:34:40 ubuntu systemd[1]: Finished PostgreSQL RDBMS.
第3步:安装wkhtmltopdf
WKHTMLTopdf是打印报告所必需的,因为它将HTML转换为PDF。
ubuntu存储库中可用的wkhtmltopdf的版本不支持标题和页脚,以便它不被用作直接依赖性。
在Ubuntu/Linux上安装WKHTMLTopdf和WKHTMLTOMAGE
第4步:在Ubuntu 20.04/18.04 LTS上安装ODOO 14
添加ODOO DEB存储库,以便我们可以在Ubuntu 20.04 | 18.04上安装ODOO 14.
wget -O - https://nightly.odoo.com/odoo.key | sudo apt-key add echo "deb http://nightly.odoo.com/14.0/nightly/deb/./" | sudo tee /etc/apt/sources.list.d/odoo.list
更新APT缓存并在Ubuntu 20.04 |上安装ODOO 14 | 18.04.
sudo apt update sudo apt install odoo
同意开始安装:
The following NEW packages will be installed: docutils-common fonts-font-awesome fonts-inconsolata fonts-roboto-unhinted graphviz libann0 libcairo2 libcdt5 libcgraph6 libdatrie1 libgd3 libgraphite2-3 libgts-0.7-5 libgvc6 libgvpr2 libharfbuzz0b libice6 libimagequant0 libjbig0 libjpeg8 libjs-jquery libjs-underscore liblab-gamut1 liblcms2-2 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpathplan4 libpixman-1-0 libsass1 libsm6 libthai-data libthai0 libtiff5 libwebp6 libwebpdemux2 libwebpmux3 libxaw7 libxcb-render0 libxcb-shm0 libxmu6 libxpm4 libxt6 odoo python-babel-localedata python3-aiohttp python3-appdirs python3-async-timeout python3-babel python3-bs4 python3-cached-property python3-dateutil python3-decorator python3-defusedxml python3-docutils python3-feedparser python3-freezegun python3-gevent python3-greenlet python3-html2text python3-isodate python3-libsass python3-lxml python3-mako python3-mock python3-multidict python3-ofxparse python3-passlib python3-pbr python3-pil python3-polib python3-psutil python3-psycopg2 python3-pydot python3-pyparsing python3-pypdf2 python3-qrcode python3-reportlab python3-reportlab-accel python3-requests-toolbelt python3-roman python3-soupsieve python3-stdnum python3-suds python3-tz python3-usb python3-vobject python3-werkzeug python3-xlrd python3-xlsxwriter python3-xlwt python3-yarl python3-zeep sgml-base xml-core 0 upgraded, 95 newly installed, 0 to remove and 0 not upgraded. Need to get 87.3 MB of archives. After this operation, 665 MB of additional disk space will be used. Do you want to continue? [Y/n] y
在Ubuntu 20.04 | 18.04 Linux上安装ODOO后,该服务将自动启动。
$systemctl status odoo
● odoo.service - Odoo Open Source ERP and CRM
Loaded: loaded (/lib/systemd/system/odoo.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2017-11-06 10:50:50 CET; 11min ago
Main PID: 9090 (odoo)
Tasks: 4 (limit: 2286)
Memory: 68.9M
CGroup: /system.slice/odoo.service
└─9090 /usr/bin/python3 /usr/bin/odoo --config /etc/odoo/odoo.conf --logfile /var/log/odoo/odoo-server.log
Nov 06 10:50:50 ubuntu systemd[1]: Started Odoo Open Source ERP and CRM.
设置服务以启动每个系统重新启动。
$sudo systemctl enable --now odoo enabled
该服务在端口8069上启动。
可以使用以下命令确认这一点。
$ss -tunelp | grep 8069 tcp LISTEN 0 128 0.0.0.0:8069 0.0.0.0:* uid:113 ino:1906251 sk:d <->
第5步:为ODOO 13配置Nginx代理
在Ubuntu系统上安装nginx Web服务器:
sudo apt -y install vim nginx
nginx代理配置有两种方案 - 使用HTTPS以及在安全连接上不提供流量时。
在本节中,我们将考虑两个设置。
为ODOO设置nginx http代理
为ODOO创建新的配置文件。
sudo vim /etc/nginx/conf.d/odoo.conf
修改此配置代码段以适合设置。
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name erp.theitroad.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location/{
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/{
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
我的服务域在此示例中是ERP.ONITOAD.COM,用正确的域替换它以与ODOO一起使用。
外部访问也需要有效的DNS记录。
检查配置语法:
$sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
如果设置正常,请重新启动nginx服务。
sudo systemctl restart nginx
重启时不会遇到任何错误。
$systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-10-19 17:34:39 UTC; 5s ago
Docs: man:nginx(8)
Process: 626 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 615 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 631 (nginx)
Tasks: 2 (limit: 2362)
CGroup: /system.slice/nginx.service
├─631 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─632 nginx: worker process
....
使用让我们在nginx上的ODOO加密SSL证书
始终建议使用SSL加密进行生产部署。
Let’s Encrypt 是一个免费的SSL,我们可以在设置中使用。
获取让我们为域加密SSL证书。
wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo systemctl stop nginx
export DOMAIN="erp.theitroad.com"
export EMAIL="Hyman@theitroad"
sudo /usr/local/bin/certbot-auto certonly --standalone -d ${DOMAIN} --preferred-challenges http --agree-tos -n -m ${EMAIL} --keep-until-expiring
如果执行通过,将打印出证书和链文件的路径。
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/erp.theitroad.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/erp.theitroad.com/privkey.pem Your cert will expire on 2017-01-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG/Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
创建Cron续订证书。
$sudo crontab -e 15 3 * * * /usr/local/bin/certbot-auto renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
创建nginx配置文件。
sudo vim /etc/nginx/conf.d/odoo.conf
修改下面并添加到文件。
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
# http to https redirection
server {
listen 80;
server_name erp.theitroad.com;
return 301 https://erp.theitroad.com$request_uri;
}
server {
listen 443 ssl;
server_name erp.theitroad.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# SSL
ssl_certificate /etc/letsencrypt/live/erp.theitroad.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/erp.theitroad.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/erp.theitroad.com/chain.pem;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location/{
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/{
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip Compression
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
不要忘记使用域名替换erp.theitroad.com。
重新启动nginx。
sudo systemctl restart nginx
第6步:访问ODOO Web界面
从Web浏览器访问域名上的ODOO网页。
输入必填详细信息以创建数据库。
单击"创建数据库"后,我们将从可以安装ODOO业务应用程序的位置重定向到管理页面。
