OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1053 Commits
13 Branches
0 Tags
45 MiB
Tree: 3069ca0e59
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3069ca0e59'
${ noResults }
server-tools/letsencrypt/README.rst

125 lines
4.2 KiB
Raw Normal View History

[ADD] letsencrypt
9 years ago
  1. .. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
  2. :alt: License: AGPL-3
  4. =============================================
  5. Request SSL certificates from letsencrypt.org
  6. =============================================
  8. This module was written to have your Odoo installation request SSL certificates
  9. from https://letsencrypt.org automatically.
  11. Installation
  12. ============
  14. After installation, this module generates a private key for your account at
  15. letsencrypt.org automatically in ``$data_dir/letsencrypt/account.key``. If you
  16. want or need to use your own account key, replace the file.
  18. For certificate requests to work, your site needs to be accessible via plain
  19. HTTP, see below for configuration examples in case you force your clients to
  20. the SSL version.
  22. After installation, trigger the cronjob `Update letsencrypt certificates` and
  23. watch your log for messages.
  25. Configuration
  26. =============
  28. This addons requests a certificate for the domain named in the configuration
  29. parameter ``web.base.url`` - if this comes back as ``localhost`` or the like,
  30. the module doesn't request anything.
  32. If you want your certificate to contain multiple alternative names, just add
  33. them as configuration parameters ``letsencrypt.altname.N`` with ``N`` starting
  34. from ``0``. The amount of domains that can be added are subject to `rate
  35. limiting <https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769>`_.
  37. Note that all those domains must be publicly reachable on port 80 via HTTP, and
  38. they must have an entry for ``.well-known/acme-challenge`` pointing to your odoo
  39. instance.
  41. Usage
  42. =====
  44. The module sets up a cronjob that requests and renews certificates automatically.
  46. After the first run, you'll find a file called ``domain.crt`` in
  47. ``$datadir/letsencrypt``, configure your SSL proxy to use this file as certificate.
  49. .. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
  50. :alt: Try me on Runbot
  51. :target: https://runbot.odoo-community.org/runbot/149/8.0
  53. For further information, please visit:
  55. * https://www.odoo.com/forum/help-1
  57. In depth configuration
  58. ======================
  60. This module uses ``openssl`` to generate CSRs suitable to be submitted to
  61. letsencrypt.org. In order to do this, it copies ``/etc/ssl/openssl.cnf`` to a
  62. temporary and adapts it according to its needs (currently, that's just adding a
  63. ``[SAN]`` section if necessary). If you want the module to use another configuration
  64. template, set config parameter ``letsencrypt.openssl.cnf``.
  66. After refreshing the certificate, the module attempts to run the content of
  67. ``letsencrypt.reload_command``, which is by default ``sudo service nginx reload``.
  68. Change this to match your server's configuration.
  70. You'll also need a matching sudo configuration, like::
  72. your_odoo_user ALL = NOPASSWD: /usr/sbin/service nginx reload
  74. Further, if you force users to https, you'll need something like::
  76. if ($scheme = "http") {
  77. set $redirect_https 1;
  78. }
  79. if ($request_uri ~ ^/.well-known/acme-challenge/) {
  80. set $redirect_https 0;
  81. }
  82. if ($redirect_https) {
  83. rewrite ^ https://$server_name$request_uri? permanent;
  84. }
  86. Bug Tracker
  87. ===========
  89. Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
  90. In case of trouble, please check there if your issue has already been reported.
  91. If you spotted it first, help us smashing it by providing a detailed and welcomed feedback
  92. `here <https://github.com/OCA/server-tools/issues/new?body=module:%20letsencrypt%0Aversion:%208.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
  94. Credits
  95. =======
  97. Contributors
  98. ------------
  100. * Holger Brunn <hbrunn@therp.nl>
  102. ACME implementation
  103. -------------------
  105. * https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py
  107. Icon
  108. ----
  110. * https://helloworld.letsencrypt.org
  112. Maintainer
  113. ----------
  115. .. image:: https://odoo-community.org/logo.png
  116. :alt: Odoo Community Association
  117. :target: https://odoo-community.org
  119. This module is maintained by the OCA.
  121. OCA, or the Odoo Community Association, is a nonprofit organization whose
  122. mission is to support the collaborative development of Odoo features and
  123. promote its widespread use.
  125. To contribute to this module, please visit https://odoo-community.org.