This recipe focuses on the nginx configuration. You may be more familiar with other tools, such as the Apache web server and mod_proxy. In this case, you can, of course, use these to achieve a similar setup.
If you would rather not rely on Let's Encrypt and prefer using another Certification Authority (CA), you can use the following process:
- Install openssl:
$ sudo apt-get install openssl
- Generate the key for your server:
$ mkdir ~/sslkey $ openssl genrsa -out ~/sslkey/server.key 2048
- Generate a signing request:
$ openssl req -new -key ~/sslkey/server.key
-out ~/sslkey/server.csr
- The preceding command will ask you a series of questions about your company and your Odoo server's URL. Don't get these wrong, or your certificate will be unusable.
- You will be able to send the ~/sslkey/server.csr file to a Certification Authority (CA) of your choice. The CA will send you back a file called server.crt.
- You will need to store the file in the /etc/nginx/ssl/ directory, together with the server.key file generated in step two:
# mkdir -p /etc/nginx/ssl # chown www-data /etc/nginx/ssl # mv server.key server.crt /etc/nginx/ssl # chmod 710 /etc/nginx/ssl # chown root:www-data /etc/nginx/ssl/* # chmod 640 /etc/nginx/ssl/*
- Then, in the nginx /etc/nginx/sites-available/odoo-443 configuration file provided in the recipe, rewrite the ssl_certificate and ssl_certificate_key lines, as follows:
ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key;
- Finally, restart nginx.