This recipe focuses on the nginx configuration. You may be more familiar with other tools such as the Apache web server and mod_proxy. In this case, you can of course use these to achieve a similar setup.
If you would rather not rely on Let's Encrypt and prefer using another Certification Authority (CA), you can use the following process:
- Install openssl:
$ sudo apt-get install openssl
- Generate the key for your server:
$ mkdir ~/sslkey $ openssl genrsa -out ~/sslkey/server.key 2048
- Generate a signing request:
$ openssl req -new -key ~/sslkey/server.key
-out ~/sslkey/server.csr
- The preceding command will ask you a series of questions about your company and your Odoo server's URL. Don't get these wrong or your certificate will be unusable.
- You will be able to send the file, ~/sslkey/server.csr, to a Certification Authority (CA) of your choice. The CA will send you back a file called server.crt.
- You will need to store the file in the directory /etc/nginx/ssl/ together with the file server.key generated in step 2:
# mkdir -p /etc/nginx/ssl # chown www-data /etc/nginx/ssl # mv server.key server.crt /etc/nginx/ssl # chmod 710 /etc/nginx/ssl # chown root:www-data /etc/nginx/ssl/* # chmod 640 /etc/nginx/ssl/*
- Then, in the nginx configuration file /etc/nginx/sites-available/odoo-443 provided in the recipe, rewrite the ssl_certificate and ssl_certificate_key lines, as follows:
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
- Finally, restart nginx