Skip to content

HTTPS

Port Forwarding

路由器 Router 要先設定轉port

Info

IP * port 80 → 192.168.0.X port 80
IP * port 443 → 192.168.0.X port 443

動態 IP

參考Google 動態 DNS

安裝 Nginx

sudo apt install nginx -y

編輯網站參數,Reverse proxy(反向代理)

cd /etc/nginx/
cd site-available
sudo nano odoo.conf
內容如附件
建立 link 到 site-enable 
sudo ln -s ./odoo.conf ../site-enable/odoo.conf

相關檔案

測試參數檔

sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

這樣表示成功,可進行下一步

Reload Nginx

sudo nginx -s reload
# 或者
sudo systemctl restart nginx.servise

出錯時,檢查log

access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log; 

sudo tail -f /var/log/nginx/odoo.access.log
sudo tail -f /var/log/nginx/odoo.error.log

處理 odoo 設定

停止 odoo service

sudo systemctl stop odoo.service

修改 odoo 參數

sudo nano /etc/odoo.conf
加上 proxy_mode = True

相關檔案

重新啟動 odoo

sudo systemctl start odoo.service

重新啟動 Nginx

sudo systemctl restart nginx

certbot

安裝 certbot

sudo apt install certbot pythons3-certbot-nginx -y

Reload Nginx

sudo systemctl reload nginx

取得認證

sudo certbot --nginx -d inv.fufeng.com
如果出現 Another instance of certbot is already running. 
find / -type f -name ".certbot.lock" -exec rm {} \;

Enter email address (used for urgent renewal and security notices)

輸入Email

後面的問題都輸入 [Y] 即可

認證成功訊息

Tip

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for inv.fufeng.com

Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/inv.fufeng.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/inv.fufeng.com/privkey.pem This certificate expires on 2023-07-11. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate Successfully deployed certificate for inv.fufeng.com to /etc/nginx/sites-enabled/odoo.conf Congratulations! You have successfully enabled HTTPS on https://inv.fufeng.com

If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le

certbot 修改過後的nginx conf

相關檔案