使用“让我们加密SSL”在Ubuntu 20.04上安装Odoo 14
Odoo是一个基于Web的业务应用程序的开源套件,可通过单个控制台进行管理。 Odoo具有各种业务应用程序,例如开源CRM,网站构建器,电子商务,仓库管理,项目管理,计费和记帐,POS,HR,市场营销,制造和购买管理。本文详细介绍了使用Let’s Encrypt SSL证书在Ubuntu 20.04 Linux上Odoo 14的安装和配置。
Odoo商业应用程序可以安装并用作独立应用程序,但它们无缝集成以实现全部功能。 开源ERP 安装多个应用程序时。本指南还描述了如何使用Let’s Encrypt SSL证书配置Nginx代理,但是您可以使用任何其他自签名或由已知CA签名的自定义SSL证书。
步骤1:更新您的Ubuntu系统
安装始终从系统更新和所有已安装软件包的升级开始。
sudo apt update
sudo apt upgrade -y
等待所有软件包更新,然后重新启动系统。如果有内核更新,这是必需的。
sudo systemctl reboot
步骤2:安装PostgreSQL数据库服务器
Odoo需要数据库服务器来存储数据。 安装Ubuntu上游存储库中可用的PostgreSQL服务器的默认版本。
安装Ubuntu版本库中可用的默认版本。执行:
sudo apt install postgresql postgresql-client -y
安装后,数据库服务将启动。
$ systemctl status postgresql*
● [email protected] - PostgreSQL Cluster 12-main
Loaded: loaded (/lib/systemd/system/[email protected]; enabled-runtime; vendor preset: enabled)
Active: active (running) since Fri 2020-11-06 10:34:45 CET; 1min 6s ago
Main PID: 2177 (postgres)
Tasks: 7 (limit: 2286)
Memory: 18.0M
CGroup: /system.slice/system-postgresql.slice/[email protected]
├─2177 /usr/lib/postgresql/12/bin/postgres -D /var/lib/postgresql/12/main -c config_file=/etc/postgresql/12/main/postgresql.conf
├─2179 postgres: 12/main: checkpointer
├─2180 postgres: 12/main: background writer
├─2181 postgres: 12/main: walwriter
├─2182 postgres: 12/main: autovacuum launcher
├─2183 postgres: 12/main: stats collector
└─2184 postgres: 12/main: logical replication launcher
Nov 06 10:34:43 ubuntu systemd[1]: Starting PostgreSQL Cluster 12-main...
Nov 06 10:34:45 ubuntu systemd[1]: Started PostgreSQL Cluster 12-main.
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2020-11-06 10:34:40 CET; 1min 11s ago
Main PID: 1911 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 2286)
Memory: 0B
CGroup: /system.slice/postgresql.service
Nov 06 10:34:40 ubuntu systemd[1]: Starting PostgreSQL RDBMS...
Nov 06 10:34:40 ubuntu systemd[1]: Finished PostgreSQL RDBMS.
步骤3:安装wkhtmltopdf
wkhtmltopdf是打印报告所必需的,因为它将html转换为pdf。版本 wkhtmltopdf Ubuntu存储库不支持页眉和页脚,因此不用作直接依赖项。
在Ubuntu / Linux上安装wkhtmltopdf和wkhtmltoimage
步骤4:在Ubuntu 20.04 / 18.04 LTS上安装Odoo 14
添加Odoo deb存储库,以便您可以在Ubuntu 20.04 | 18.04上安装Odoo 14。
wget -O - https://nightly.odoo.com/odoo.key | sudo apt-key add -
echo "deb http://nightly.odoo.com/14.0/nightly/deb/ ./" | sudo tee /etc/apt/sources.list.d/odoo.list
更新Apt缓存并在Ubuntu 20.04 | 18.04上安装Odoo 14。
sudo apt update
sudo apt install odoo
我同意开始安装。
The following NEW packages will be installed:
docutils-common fonts-font-awesome fonts-inconsolata fonts-roboto-unhinted graphviz libann0 libcairo2 libcdt5 libcgraph6 libdatrie1 libgd3 libgraphite2-3
libgts-0.7-5 libgvc6 libgvpr2 libharfbuzz0b libice6 libimagequant0 libjbig0 libjpeg8 libjs-jquery libjs-underscore liblab-gamut1 liblcms2-2 libpango-1.0-0
libpangocairo-1.0-0 libpangoft2-1.0-0 libpathplan4 libpixman-1-0 libsass1 libsm6 libthai-data libthai0 libtiff5 libwebp6 libwebpdemux2 libwebpmux3 libxaw7
libxcb-render0 libxcb-shm0 libxmu6 libxpm4 libxt6 odoo python-babel-localedata python3-aiohttp python3-appdirs python3-async-timeout python3-babel python3-bs4
python3-cached-property python3-dateutil python3-decorator python3-defusedxml python3-docutils python3-feedparser python3-freezegun python3-gevent
python3-greenlet python3-html2text python3-isodate python3-libsass python3-lxml python3-mako python3-mock python3-multidict python3-ofxparse python3-passlib
python3-pbr python3-pil python3-polib python3-psutil python3-psycopg2 python3-pydot python3-pyparsing python3-pypdf2 python3-qrcode python3-reportlab
python3-reportlab-accel python3-requests-toolbelt python3-roman python3-soupsieve python3-stdnum python3-suds python3-tz python3-usb python3-vobject
python3-werkzeug python3-xlrd python3-xlsxwriter python3-xlwt python3-yarl python3-zeep sgml-base xml-core
0 upgraded, 95 newly installed, 0 to remove and 0 not upgraded.
Need to get 87.3 MB of archives.
After this operation, 665 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Ubuntu 20.04 | 18.04在Linux上安装Odoo时,该服务将自动启动。
$ systemctl status odoo
● odoo.service - Odoo Open Source ERP and CRM
Loaded: loaded (/lib/systemd/system/odoo.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-06 10:50:50 CET; 11min ago
Main PID: 9090 (odoo)
Tasks: 4 (limit: 2286)
Memory: 68.9M
CGroup: /system.slice/odoo.service
└─9090 /usr/bin/python3 /usr/bin/odoo --config /etc/odoo/odoo.conf --logfile /var/log/odoo/odoo-server.log
Nov 06 10:50:50 ubuntu systemd[1]: Started Odoo Open Source ERP and CRM.
将服务设置为在每次重新启动系统时启动。
$ sudo systemctl enable --now odoo enabled
该服务将从端口8069开始。可以使用以下命令进行验证:
$ ss -tunelp | grep 8069 tcp LISTEN 0 128 0.0.0.0:8069 0.0.0.0:* uid:113 ino:1906251 sk:d <->
步骤5:为Odoo13配置Nginx代理
在您的Ubuntu系统上安装Nginx Web Server。
sudo apt -y install vim nginx
Nginx代理配置有两种方案–使用HTTPS以及不通过安全连接提供流量时。本节将同时考虑这两种设置。
为Odoo设置Nginx HTTP代理
为odoo创建一个新的配置文件。
sudo vim /etc/nginx/conf.d/odoo.conf
修改此配置代码段以适合您的设置。
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name erp.computingforgeeks.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location / {
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
在此示例中,我的服务域是 erp.computingforgeeks.com,替换为与Odoo一起使用的正确域。您还需要有效的DNS记录才能进行外部访问。
检查配置语法。
$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
如果设置正确,请重新启动Nginx服务。
sudo systemctl restart nginx
重新启动时没有错误。
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-10-19 17:34:39 UTC; 5s ago
Docs: man:nginx(8)
Process: 626 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 615 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 631 (nginx)
Tasks: 2 (limit: 2362)
CGroup: /system.slice/nginx.service
├─631 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─632 nginx: worker process
....
用Nginx加密Odoo的SSL证书
我们始终建议在生产环境中使用SSL加密。 让我们加密是一种免费的SSL产品,您可以在设置中使用它。
加密您域的SSL证书。
wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo systemctl stop nginx
export DOMAIN="erp.computingforgeeks.com"
export EMAIL="[email protected]"
sudo /usr/local/bin/certbot-auto certonly --standalone -d ${DOMAIN} --preferred-challenges http --agree-tos -n -m ${EMAIL} --keep-until-expiring
执行完成后,将打印证书和链文件的路径。
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/erp.computingforgeeks.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/erp.computingforgeeks.com/privkey.pem Your cert will expire on 2020-01-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
创建一个cron来更新证书。
$ sudo crontab -e
15 3 * * * /usr/local/bin/certbot-auto renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
创建一个Nginx配置文件。
sudo vim /etc/nginx/conf.d/odoo.conf
修改以下内容以将其添加到文件中。
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
# http to https redirection
server {
listen 80;
server_name erp.computingforgeeks.com;
return 301 https://erp.computingforgeeks.com$request_uri;
}
server {
listen 443 ssl;
server_name erp.computingforgeeks.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# SSL
ssl_certificate /etc/letsencrypt/live/erp.computingforgeeks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/erp.computingforgeeks.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/erp.computingforgeeks.com/chain.pem;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location / {
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip Compression
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
别忘了更换 erp.computingforgeeks.com 用你的域名。
重新启动Nginx。
sudo systemctl restart nginx
步骤6:访问Odoo Web界面
从网络浏览器访问域名Odoo网页。
输入创建数据库所需的详细信息。 单击创建数据库将带您到管理页面,您可以在其中安装Odoo业务应用程序。
如果已配置https,则必须通过安全隧道加载页面。
访问 Odoo文件页面 想要查询更多的信息。
类似指南:
使用“让我们加密SSL”在CentOS 8上安装Odoo 14