|
@ -23,10 +23,11 @@ After installation, trigger the cronjob `Update letsencrypt certificates` and |
|
|
watch your log for messages. |
|
|
watch your log for messages. |
|
|
|
|
|
|
|
|
This addon depends on the ``openssl`` binary and the ``acme_tiny`` and ``IPy`` |
|
|
This addon depends on the ``openssl`` binary and the ``acme_tiny`` and ``IPy`` |
|
|
python modules. |
|
|
|
|
|
|
|
|
python modules. If you use https in your nginx or apache configuration, |
|
|
|
|
|
openssl should already be installed. |
|
|
|
|
|
|
|
|
For installing the OpenSSL binary you can use your distro package manager. |
|
|
|
|
|
For Debian and Ubuntu, that would be: |
|
|
|
|
|
|
|
|
If you still need to install the OpenSSL binary you can use your distro |
|
|
|
|
|
package manager. For Debian and Ubuntu, that would be: |
|
|
|
|
|
|
|
|
sudo apt-get install openssl |
|
|
sudo apt-get install openssl |
|
|
|
|
|
|
|
@ -88,7 +89,22 @@ You'll also need a matching sudo configuration, like:: |
|
|
|
|
|
|
|
|
your_odoo_user ALL = NOPASSWD: /usr/sbin/service nginx reload |
|
|
your_odoo_user ALL = NOPASSWD: /usr/sbin/service nginx reload |
|
|
|
|
|
|
|
|
Further, if you force users to https, you'll need something like for nginx:: |
|
|
|
|
|
|
|
|
The line above can be added to /etc/sudoers through the visudo command. |
|
|
|
|
|
|
|
|
|
|
|
If your distribution supports it, like Debian does, you can create and edit |
|
|
|
|
|
an automatically included file through |
|
|
|
|
|
``visudo -f /etc/sudoers.d/letsencrypt``. This will also put the right |
|
|
|
|
|
authorities on the file (-r--r-----). |
|
|
|
|
|
|
|
|
|
|
|
The server that provides the certificates will try to check that you actually |
|
|
|
|
|
control the host that you request a certificate for. It will do this by |
|
|
|
|
|
requesting through http a file from an uri that contains |
|
|
|
|
|
``/.well-known/acme-challenge/xxx``. The letsencrypt module provides a |
|
|
|
|
|
controller that will provide this uri from the Odoo server, but we have to |
|
|
|
|
|
configure the frontend nginx or apache server to accept http for these uri's. |
|
|
|
|
|
|
|
|
|
|
|
Therefore, if you force users to https, you'll need something like this |
|
|
|
|
|
for nginx:: |
|
|
|
|
|
|
|
|
if ($scheme = "http") { |
|
|
if ($scheme = "http") { |
|
|
set $redirect_https 1; |
|
|
set $redirect_https 1; |
|
@ -116,7 +132,7 @@ an upstream for your odoo instance and do something like:: |
|
|
|
|
|
|
|
|
If you're using a multi-database installation (with or without dbfilter option) |
|
|
If you're using a multi-database installation (with or without dbfilter option) |
|
|
where /web/databse/selector returns a list of more than one database, then |
|
|
where /web/databse/selector returns a list of more than one database, then |
|
|
you need to add ``letsencrypt`` addon to wide load addons list |
|
|
|
|
|
|
|
|
you need to add ``letsencrypt`` addon to serverwide load addons list |
|
|
(by default, only ``web`` addon), setting ``--load`` option. |
|
|
(by default, only ``web`` addon), setting ``--load`` option. |
|
|
For example, ``--load=web,letsencrypt`` |
|
|
For example, ``--load=web,letsencrypt`` |
|
|
|
|
|
|
|
|