Most of the recipe is identical to what is described in Chapter 1, Installing the Odoo Development Environment, but there are a few key differences.

We are using a dedicated system user with an Odoo login. This enables us to control who has access to the account, for example, by configuring the sudo or ssh authorized keys. It also allows us to give this user as few permissions as possible, in case the instance is compromised.

The database user linked to this account does not have any privileges – not even database creation. We create the database externally, just once. If the instance is compromised, an attacker won't be able to create additional databases on the server.

The Odoo script we are creating will be used in the Setting-up Odoo as a system service recipe later in this chapter. It uses the production.conf configuration file, which is explained in the next recipe, Adapting the configuration file for production.

We uninstall gcc at the end of the process so that if an attacker gains access, they will not be able to use this to recompile executables locally.

At the end of this recipe, your server will not be ready yet. You will need to refer to the Adapting the configuration file for production, Setting-up Odoo as a system service, and Configuring a reverse proxy and SSL recipes, which are included in this chapter.