Guides and tutorials

Hundreds of tutorials and step by step guides carefully written by our support team.

How to install SSL certificate in Odoo 11

Odoo by default transmits unencrypted information including authentication.

That is why we consider that a secure deployment of Odoo, must have HTTPS, which requires SSL certificates that we will tell you how to configure and install.

To carry out this procedure, the following is required:

  • SSL certificates (.pem and .key files) corresponding to the same domain ,through which your Odoo will be accessed.

  • SSH credentials of "root" user to your Odoo Cloud that you received by email at the time of hiring.

If you do not have an SSL certificate yet, you can create one now in:

SWPanel > Domains and SSL (left menu) > SSL Certificate Portfolio > Create SSL.

For more information, please refer to the following manual.

Installing SSL certificate in Odoo 11

  1. Connect to your Odoo Cloud via SSH as "root" user.

  2. Copy the .pem file of your SSL certificate in the directory:

/etc/ssl/

  1. Copy the .key file of your SSL certificate to the directory:

/etc/ssl/private/

  • In this example, we have the following:

/etc/ssl/swhosting.com.pem

/etc/ssl/private/swhosting.com.key

  1. Launch these commands to make a backup copy of the configuration files to be modified:

cp -p /etc/odoo/odoo.conf /etc/odoo/odoo.conf.backup

cp -p /etc/nginx/sites-enabled/odoo.conf /etc/nginx/sites-available/odoo.conf.backup

  1. Edit the following file:

/etc/odoo/odoo.conf

  • Add the following line:

proxy_mode = True

  • Outcome:
[options]
; This is the password that allows database operations:
; admin_passwd = admin
db_host = False
db_port = False
db_user = odoo
db_password = False
;addons_path = /usr/lib/python3/dist-packages/odoo/addons
proxy_mode = True
  1. Edit the following file:

/etc/nginx/sites-enabled/odoo.conf

  • Replace its entire contents with the following:
#odoo server
upstream odoo {
 server 127.0.0.1:8069;
}
upstream odoochat {
 server 127.0.0.1:8072;
}

# http -> https
server {
   listen 80;
   server_name odoo.mycompany.com;
   rewrite ^(.*) https://$host$1 permanent;
}

server {
 listen 443;
 server_name odoo.mycompany.com;
 proxy_read_timeout 720s;
 proxy_connect_timeout 720s;
 proxy_send_timeout 720s;

 # Add Headers for odoo proxy mode
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;

 # SSL parameters
 ssl on;
 ssl_certificate /etc/ssl/certificado.pem;
 ssl_certificate_key /etc/ssl/private/certificado.key;
 ssl_session_timeout 30m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 ssl_prefer_server_ciphers on;

 # log
 access_log /var/log/nginx/odoo.access.log;
 error_log /var/log/nginx/odoo.error.log;

 # Redirect longpoll requests to odoo longpolling port
 location /longpolling {
 proxy_pass http://odoochat;
 }

 # Redirect requests to odoo backend server
 location / {
   proxy_redirect off;
   proxy_pass http://odoo;
 }

 # common gzip
 gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
 gzip on;
}
  1. Modify the following parameters of the previous file:

server_name odoo.mycompany.com;.

  • It appears in duplicate. In both, replace "odoo.mycompany.com" with your domain. Example: "swhosting.com".

ssl_certificate /etc/ssl/certificate.pem;

  • Replace the path with the one corresponding to the .pem file of your SSL certificate.

ssl_certificate_key /etc/ssl/private/certificate.key;

  • Replace the path with the one corresponding to the .key file of your SSL certificate.

  • As an example, the resulting configuration would be as follows:

#odoo server
upstream odoo {
 server 127.0.0.1:8069;
}
upstream odoochat {
 server 127.0.0.1:8072;
}

# http -> https
server {
   listen 80;
   server_name swhosting.com;
   rewrite ^(.*) https://$host$1 permanent;
}

server {
 listen 443;
 server_name swhosting.com;
 proxy_read_timeout 720s;
 proxy_connect_timeout 720s;
 proxy_send_timeout 720s;

 # Add Headers for odoo proxy mode
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;

 # SSL parameters
 ssl on;
 ssl_certificate /etc/ssl/swhosting.com.pem;
 ssl_certificate_key /etc/ssl/private/swhosting.com.key;
 ssl_session_timeout 30m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 ssl_prefer_server_ciphers on;

 # log
 access_log /var/log/nginx/odoo.access.log;
 error_log /var/log/nginx/odoo.error.log;

 # Redirect longpoll requests to odoo longpolling port
 location /longpolling {
 proxy_pass http://odoochat;
 }

 # Redirect requests to odoo backend server
 location / {
   proxy_redirect off;
   proxy_pass http://odoo;
 }

 # common gzip
 gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
 gzip on;
}
  1. For the changes to take effect, restart the services involved:
systemctl restart nginx.service
systemctl restart odoo.service
  1. Verify that you can access via HTTPS:

https://www.DominioOdoo.es

💡 Remember that the DNS zone of your domain must point to your Odoo Cloud. If you have not already done so, you will need to configure in the A Registry the same IP as your Odoo Cloud.

If something went wrong, you need to restore the backups of the configuration files:

cp -p /etc/odoo/odoo/odoo.conf.backup /etc/odoo/odoo/odoo.conf.

cp -p /etc/nginx/sites-available/odoo.conf.backup /etc/nginx/sites-available/odoo.conf.

If everything went well, you can optionally delete the backups of the configuration files:

rm /etc/odoo/odoo.conf.backup

rm /etc/nginx/sites-available/odoo.conf.backup

More than 2000 m² of own facilities and Data Centers in Spain
Your privacy is important for us
We use our own cookies for the proper functioning of the site. In addition, third-party cookies are used for analytical purposes only. This information is not associated with any person so that personal identifying data is not stored, but is only information that is collected to identify the session, with the aim of facilitating the analysis of the website. You can change your preferences at any time by entering this website again. For more information about our cookie policy you can visit our Cookies. You can press the "Accept and close" button to give us your consent or you can access more detailed information and manage cookies.
More than 2000 m² of own facilities and Data Centers in Spain
Your privacy is important for us
We use our own cookies for the proper functioning of the site. In addition, third-party cookies are used for analytical purposes only. This information is not associated with any person so that personal identifying data is not stored, but is only information that is collected to identify the session, with the aim of facilitating the analysis of the website. You can change your preferences at any time by entering this website again. For more information about our cookie policy you can visit our Cookies. You can press the "Accept and close" button to give us your consent or you can access more detailed information and manage cookies.