This question has been flagged
3 Replies
27736 Views

My .conf has the following lines:

xmlrpcs = True

xmlrpcs_interface =

xmlrpcs_port = 8071

Do they refer to the https interface? Where do I set up a certificate/specify domain name etc? When I go to https://localhost:8071, nothing is there, and indeed, netstat shows nothig listening on that port.

Thanks

Avatar
Discard
Author

I also note these lines: secure_pkey_file = server.pkey secure_cert_file = server.cert but those files don't exist. What format do they need to be in?

Author

For anyone else that comes across this, it appears these configs are misleading. I can't find any evidence SSL mode works (in Windows, don't know about linux) and the community doesn't seem to know either. So I'm resorting to a reverse proxy SSL offload to try make it happen.

SSL needs to be done with another server. I think these values are left overs from OE6.

Hello, here is the current way that I was successful setting up Odoo on Windows Server with HTTPS, and HTTP.

    Download the latest Odoo build for Windows which installs itself as a service that will work on port 8069.

    Install and Configure Odoo as you would like it to be.

    After configuring your Odoo, you will need to setup a reverse proxy so that IIS can route traffic that comes into your server on port 80 and 443 to your local Odoo service which works on port 8069. This involves installing 2 web platform components called URL Rewrite, and Application Request Routing. If you don’t already have URL Rewrite 2.1 and Application Request Routing 3.0 installed you can do so easily with the Web Platform Installer.

    After installing both of the above items, you must create a website on your public web server that has the public bindings that you need. Alternately, you can use an existing site and route using conditions for certain traffic.

    After you’ve created your site then open up URL Rewrite at the site level.


    Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.


    If you receive a prompt (the first time) that the proxy functionality needs to be enabled, select OK. This is telling you that a proxy can route traffic outside of your web server, which happens to be our goal in this case. Be aware that reverse proxy rules can be dangerous if you open sites from inside you network to the world, so just be aware of what you’re doing and why.


    The next and final step of the template asks a few questions.


    The first textbox asks the name of the internal web server. In our example, it’s 10.10.0.50:8111. This can be any URL, including a subfolder like internal.mysite.com/blog. Don’t include the http or https here. The template assumes that it’s not entered.

    You can choose whether to perform SSL Offloading or not. Leave this checked so that you can access Odoo with a secure connection. The traffic only passed unecrypted whilst on this server to itself.

    Next, the template enables you to create an outbound rule. This is used to rewrite links in the page to look like your public domain name rather than the internal domain name. Outbound rules have a lot of CPU overhead because the entire web content needs to be parsed and updated. However, if you need it, then it’s well worth the extra CPU hit on the web server.

    If you check the “Rewrite the domain names of the links in HTTP responses” checkbox then the From textbox will be filled in with what you entered for the inbound rule. You can enter your friendly public URL for the outbound rule. This will essentially replace any reference to 10.10.0.50:8111 (or whatever you enter) with tools.mysite.com in all <a>, <form>, and <img> tags on your site.


    That’s it! Well, there is a lot more that you can do, this but will give you the base configuration. You can now visit www.mysite.com on your public web server and it will serve up the site from your internal web server.

    You should see two rules show up; one inbound and one outbound. You can edit these, add conditions, and tweak them further as needed.

    Once you have configured this correctly, check your web.config file at the root of your site, and compare it to below to ensure it works with Let's Encrypt's free SSL certificates.

    <?xml version="1.0" encoding="UTF-8"?>

    <configuration>

        <system.webServer>

            <rewrite>

                <rules>

                    <rule name="SSL_LetsEncrypt_Fixer" stopProcessing="true">

                    <!-- If url contains .well-known/acme-challenge then it matches, & don't process any other rules -->

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" negate="true" />                   

                        <action type="None" />

                    </rule>

                   

                    <rule name="Redirect HTTP to HTTPS" stopProcessing="true">

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" />

                        <conditions>

                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />

                        </conditions>

                        <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}"

                            redirectType="Permanent" appendQueryString="false" />

                    </rule>

                   

                    <rule name="ReverseProxyInboundRule1" stopProcessing="true">

                        <match url="(.*)" />

                        <action type="Rewrite" url="http://LOCAL_IP_ADDRESS_ODOO_IS_INSTALLED_ON:8069/{R:1}" />

                    </rule>

               

                </rules>

               

                <outboundRules>

               

               

                    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">

                        <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.254.20:8069/(.*)" />

                        <action type="Rewrite" value="http{R:1}://PUBLIC_DOMAIN_ADDRESS/{R:2}" />

                    </rule>

                    <preConditions>

                        <preCondition name="ResponseIsHtml1">

                            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

                        </preCondition>

                    </preConditions>

                   

                    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">

                    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*"/>

                    <conditions>

                        <add input="{HTTPS}" pattern="on" ignoreCase="true"/>

                    </conditions>

                    <action type="Rewrite" value="max-age=31536000"/>

                    </rule>

                   

                </outboundRules>

            </rewrite>

        </system.webServer>

    </configuration>


Please let me know if you have any problems with this, or request further guidance.
Vince
Best Answer

Tôi đã thử nghiệm trên Windows Server 2019 với IIS 10. Bạn cần cài đặt URL Rewrite cho IIS. Các bước làm như sau:

 - Cài đặt IIS cho server

 - Cài Module Url Rewrite ( không cần phải cấu hình nó vì file web.config bên dưới là lệnh tạo).

 - Cài đặt SSL Let's Encrypt cho IIS

 - Copy nội dung bên dưới và thay thế file web.config như bên dưới:

 

redirectType="Permanent" appendQueryString="false" />


Avatar
Discard
Best Answer

Hello Vince, im new in this community and struckling with the ssl setup.

Maybe you could help me out a little.

Regards. Bert

Avatar
Discard
Best Answer

On Linux, there are various examples to install another webserver (like Apache or NGINX) to do HTTPS and connect it locally to openERP.

NGINX is available for Windows, so try the following guide.

Avatar
Discard