使用“让我们加密SSL”在Ubuntu 20.04上安装Odoo 14

Odoo是一个基于Web的业务应用程序的开源套件,可通过单个控制台进行管理。 Odoo具有各种业务应用程序,例如开源CRM,网站构建器,电子商务,仓库管理,项目管理,计费和记帐,POS,HR,市场营销,制造和购买管理。本文详细介绍了使用Let’s Encrypt SSL证书在Ubuntu 20.04 Linux上Odoo 14的安装和配置。

Odoo商业应用程序可以安装并用作独立应用程序,但它们无缝集成以实现全部功能。 开源ERP 安装多个应用程序时。本指南还描述了如何使用Let’s Encrypt SSL证书配置Nginx代理,但是您可以使用任何其他自签名或由已知CA签名的自定义SSL证书。

步骤1:更新您的Ubuntu系统

安装始终从系统更新和所有已安装软件包的升级开始。

sudo apt update
sudo apt upgrade -y

等待所有软件包更新,然后重新启动系统。如果有内核更新,这是必需的。

sudo systemctl reboot

步骤2:安装PostgreSQL数据库服务器

Odoo需要数据库服务器来存储数据。 安装Ubuntu上游存储库中可用的PostgreSQL服务器的默认版本。

安装Ubuntu版本库中可用的默认版本。执行:

sudo apt install postgresql postgresql-client -y

安装后,数据库服务将启动。

$ systemctl status postgresql*
● [email protected] - PostgreSQL Cluster 12-main
     Loaded: loaded (/lib/systemd/system/[email protected]; enabled-runtime; vendor preset: enabled)
     Active: active (running) since Fri 2020-11-06 10:34:45 CET; 1min 6s ago
   Main PID: 2177 (postgres)
      Tasks: 7 (limit: 2286)
     Memory: 18.0M
     CGroup: /system.slice/system-postgresql.slice/[email protected]
             ├─2177 /usr/lib/postgresql/12/bin/postgres -D /var/lib/postgresql/12/main -c config_file=/etc/postgresql/12/main/postgresql.conf
             ├─2179 postgres: 12/main: checkpointer
             ├─2180 postgres: 12/main: background writer
             ├─2181 postgres: 12/main: walwriter
             ├─2182 postgres: 12/main: autovacuum launcher
             ├─2183 postgres: 12/main: stats collector
             └─2184 postgres: 12/main: logical replication launcher

Nov 06 10:34:43 ubuntu systemd[1]: Starting PostgreSQL Cluster 12-main...
Nov 06 10:34:45 ubuntu systemd[1]: Started PostgreSQL Cluster 12-main.

● postgresql.service - PostgreSQL RDBMS
     Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
     Active: active (exited) since Fri 2020-11-06 10:34:40 CET; 1min 11s ago
   Main PID: 1911 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 2286)
     Memory: 0B
     CGroup: /system.slice/postgresql.service

Nov 06 10:34:40 ubuntu systemd[1]: Starting PostgreSQL RDBMS...
Nov 06 10:34:40 ubuntu systemd[1]: Finished PostgreSQL RDBMS.

步骤3:安装wkhtmltopdf

wkhtmltopdf是打印报告所必需的,因为它将html转换为pdf。版本 wkhtmltopdf Ubuntu存储库不支持页眉和页脚,因此不用作直接依赖项。

在Ubuntu / Linux上安装wkhtmltopdf和wkhtmltoimage

步骤4:在Ubuntu 20.04 / 18.04 LTS上安装Odoo 14

添加Odoo deb存储库,以便您可以在Ubuntu 20.04 | 18.04上安装Odoo 14。

wget -O - https://nightly.odoo.com/odoo.key | sudo apt-key add -
echo "deb http://nightly.odoo.com/14.0/nightly/deb/ ./" | sudo tee /etc/apt/sources.list.d/odoo.list

更新Apt缓存并在Ubuntu 20.04 | 18.04上安装Odoo 14。

sudo apt update
sudo apt install odoo

我同意开始安装。

The following NEW packages will be installed:
  docutils-common fonts-font-awesome fonts-inconsolata fonts-roboto-unhinted graphviz libann0 libcairo2 libcdt5 libcgraph6 libdatrie1 libgd3 libgraphite2-3
  libgts-0.7-5 libgvc6 libgvpr2 libharfbuzz0b libice6 libimagequant0 libjbig0 libjpeg8 libjs-jquery libjs-underscore liblab-gamut1 liblcms2-2 libpango-1.0-0
  libpangocairo-1.0-0 libpangoft2-1.0-0 libpathplan4 libpixman-1-0 libsass1 libsm6 libthai-data libthai0 libtiff5 libwebp6 libwebpdemux2 libwebpmux3 libxaw7
  libxcb-render0 libxcb-shm0 libxmu6 libxpm4 libxt6 odoo python-babel-localedata python3-aiohttp python3-appdirs python3-async-timeout python3-babel python3-bs4
  python3-cached-property python3-dateutil python3-decorator python3-defusedxml python3-docutils python3-feedparser python3-freezegun python3-gevent
  python3-greenlet python3-html2text python3-isodate python3-libsass python3-lxml python3-mako python3-mock python3-multidict python3-ofxparse python3-passlib
  python3-pbr python3-pil python3-polib python3-psutil python3-psycopg2 python3-pydot python3-pyparsing python3-pypdf2 python3-qrcode python3-reportlab
  python3-reportlab-accel python3-requests-toolbelt python3-roman python3-soupsieve python3-stdnum python3-suds python3-tz python3-usb python3-vobject
  python3-werkzeug python3-xlrd python3-xlsxwriter python3-xlwt python3-yarl python3-zeep sgml-base xml-core
0 upgraded, 95 newly installed, 0 to remove and 0 not upgraded.
Need to get 87.3 MB of archives.
After this operation, 665 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Ubuntu 20.04 | 18.04在Linux上安装Odoo时,该服务将自动启动。

$ systemctl status odoo
● odoo.service - Odoo Open Source ERP and CRM
     Loaded: loaded (/lib/systemd/system/odoo.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-11-06 10:50:50 CET; 11min ago
   Main PID: 9090 (odoo)
      Tasks: 4 (limit: 2286)
     Memory: 68.9M
     CGroup: /system.slice/odoo.service
             └─9090 /usr/bin/python3 /usr/bin/odoo --config /etc/odoo/odoo.conf --logfile /var/log/odoo/odoo-server.log

Nov 06 10:50:50 ubuntu systemd[1]: Started Odoo Open Source ERP and CRM.

将服务设置为在每次重新启动系统时启动。

$ sudo systemctl enable --now odoo
enabled

该服务将从端口8069开始。可以使用以下命令进行验证:

$ ss -tunelp | grep 8069
tcp   LISTEN  0       128                  0.0.0.0:8069           0.0.0.0:*      uid:113 ino:1906251 sk:d <-> 

步骤5:为Odoo13配置Nginx代理

在您的Ubuntu系统上安装Nginx Web Server。

sudo apt -y install vim nginx

Nginx代理配置有两种方案–使用HTTPS以及不通过安全连接提供流量时。本节将同时考虑这两种设置。

为Odoo设置Nginx HTTP代理

为odoo创建一个新的配置文件。

sudo vim /etc/nginx/conf.d/odoo.conf

修改此配置代码段以适合您的设置。

# Odoo Upstreams
upstream odooserver {
 server 127.0.0.1:8069;
}

server {
    listen 80;
    server_name erp.computingforgeeks.com;
    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;


    # Proxy settings
    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # Request for root domain
    location / {
       proxy_redirect off;
       proxy_pass http://odooserver;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odooserver;
    }

    # Gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

在此示例中,我的服务域是 erp.computingforgeeks.com,替换为与Odoo一起使用的正确域。您还需要有效的DNS记录才能进行外部访问。

检查配置语法。

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

如果设置正确,请重新启动Nginx服务。

sudo systemctl restart nginx

重新启动时没有错误。

$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-10-19 17:34:39 UTC; 5s ago
     Docs: man:nginx(8)
  Process: 626 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 615 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 631 (nginx)
    Tasks: 2 (limit: 2362)
   CGroup: /system.slice/nginx.service
           ├─631 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─632 nginx: worker process
....

用Nginx加密Odoo的SSL证书

我们始终建议在生产环境中使用SSL加密。 让我们加密是一种免费的SSL产品,您可以在设置中使用它。

加密您域的SSL证书。

wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo systemctl stop nginx

export DOMAIN="erp.computingforgeeks.com"
export EMAIL="[email protected]"
sudo /usr/local/bin/certbot-auto certonly --standalone -d ${DOMAIN} --preferred-challenges http --agree-tos -n -m ${EMAIL} --keep-until-expiring

执行完成后,将打印证书和链文件的路径。

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/erp.computingforgeeks.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/erp.computingforgeeks.com/privkey.pem
   Your cert will expire on 2020-01-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

创建一个cron来更新证书。

$ sudo crontab -e
15 3 * * * /usr/local/bin/certbot-auto renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

创建一个Nginx配置文件。

sudo vim /etc/nginx/conf.d/odoo.conf

修改以下内容以将其添加到文件中。

# Odoo Upstreams
upstream odooserver {
 server 127.0.0.1:8069;
}

# http to https redirection
server {
    listen 80;
    server_name erp.computingforgeeks.com;
    return 301 https://erp.computingforgeeks.com$request_uri;
}

server {
    listen 443 ssl;
    server_name erp.computingforgeeks.com;
    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;
   
   # SSL
    ssl_certificate /etc/letsencrypt/live/erp.computingforgeeks.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/erp.computingforgeeks.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/erp.computingforgeeks.com/chain.pem;


    # Proxy settings
    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # Request for root domain
    location / {
       proxy_redirect off;
       proxy_pass http://odooserver;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odooserver;
    }

    # Gzip Compression
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

别忘了更换 erp.computingforgeeks.com 用你的域名。

重新启动Nginx。

sudo systemctl restart nginx

步骤6:访问Odoo Web界面

从网络浏览器访问域名Odoo网页。

输入创建数据库所需的详细信息。 单击创建数据库将带您到管理页面,您可以在其中安装Odoo业务应用程序。使用“让我们加密SSL”在Ubuntu 20.04上安装Odoo 14

如果已配置https,则必须通过安全隧道加载页面。使用“让我们加密SSL”在Ubuntu 20.04上安装Odoo 14

访问 Odoo文件页面 想要查询更多的信息。

类似指南:

使用“让我们加密SSL”在CentOS 8上安装Odoo 14

Sidebar