OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

[ENH] A little bit more explanation in README.rst. (#475)

pull/478/head
Ronald Portier 9 years ago
committed by Holger Brunn
parent
99974027a2
commit
7918cc641b
1 changed files with 21 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      letsencrypt/README.rst

26
letsencrypt/README.rst
View File

@ -23,10 +23,11 @@ After installation, trigger the cronjob `Update letsencrypt certificates` and
watch your log for messages.
This addon depends on the ``openssl`` binary and the ``acme_tiny`` and ``IPy``
python modules.
python modules. If you use https in your nginx or apache configuration,
openssl should already be installed.
For installing the OpenSSL binary you can use your distro package manager.
For Debian and Ubuntu, that would be:
If you still need to install the OpenSSL binary you can use your distro
package manager. For Debian and Ubuntu, that would be:
sudo apt-get install openssl
@ -88,7 +89,22 @@ You'll also need a matching sudo configuration, like::
your_odoo_user ALL = NOPASSWD: /usr/sbin/service nginx reload
Further, if you force users to https, you'll need something like for nginx::
The line above can be added to /etc/sudoers through the visudo command.
If your distribution supports it, like Debian does, you can create and edit
an automatically included file through
``visudo -f /etc/sudoers.d/letsencrypt``. This will also put the right
authorities on the file (-r--r-----).
The server that provides the certificates will try to check that you actually
control the host that you request a certificate for. It will do this by
requesting through http a file from an uri that contains
``/.well-known/acme-challenge/xxx``. The letsencrypt module provides a
controller that will provide this uri from the Odoo server, but we have to
configure the frontend nginx or apache server to accept http for these uri's.
Therefore, if you force users to https, you'll need something like this
for nginx::
if ($scheme = "http") {
set $redirect_https 1;
@ -116,7 +132,7 @@ an upstream for your odoo instance and do something like::
If you're using a multi-database installation (with or without dbfilter option)
where /web/databse/selector returns a list of more than one database, then
you need to add ``letsencrypt`` addon to wide load addons list
you need to add ``letsencrypt`` addon to serverwide load addons list
(by default, only ``web`` addon), setting ``--load`` option.
For example, ``--load=web,letsencrypt``

Write Preview
Loading…
Cancel
Save