Hello, here is the current way that I was successful setting up Odoo on Windows Server with HTTPS, and HTTP.
Download the latest Odoo build for Windows which installs itself as a service that will work on port 8069.
Install and Configure Odoo as you would like it to be.
After configuring your Odoo, you will need to setup a reverse proxy so
that IIS can route traffic that comes into your server on port 80 and
443 to your local Odoo service which works on port 8069. This involves
installing 2 web platform components called URL Rewrite, and Application
Request Routing. If you don’t already have URL Rewrite 2.1 and
Application Request Routing 3.0 installed you can do so easily with the
Web Platform Installer.
After installing both of the above
items, you must create a website on your public web server that has the
public bindings that you need. Alternately, you can use an existing site
and route using conditions for certain traffic.
After you’ve created your site then open up URL Rewrite at the site level.
Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.
If you receive a prompt (the first time) that the proxy functionality
needs to be enabled, select OK. This is telling you that a proxy can
route traffic outside of your web server, which happens to be our goal
in this case. Be aware that reverse proxy rules can be dangerous if you
open sites from inside you network to the world, so just be aware of
what you’re doing and why.
The next and final step of the template asks a few questions.
The first textbox asks the name of the internal web server. In our
example, it’s 10.10.0.50:8111. This can be any URL, including a
subfolder like internal.mysite.com/blog. Don’t include the http or https
here. The template assumes that it’s not entered.
You can
choose whether to perform SSL Offloading or not. Leave this checked so
that you can access Odoo with a secure connection. The traffic only
passed unecrypted whilst on this server to itself.
Next, the
template enables you to create an outbound rule. This is used to rewrite
links in the page to look like your public domain name rather than the
internal domain name. Outbound rules have a lot of CPU overhead because
the entire web content needs to be parsed and updated. However, if you
need it, then it’s well worth the extra CPU hit on the web server.
If you check the “Rewrite the domain names of the links in HTTP
responses” checkbox then the From textbox will be filled in with what
you entered for the inbound rule. You can enter your friendly public URL
for the outbound rule. This will essentially replace any reference to
10.10.0.50:8111 (or whatever you enter) with tools.mysite.com in all
<a>, <form>, and <img> tags on your site.
That’s it! Well, there is a lot more that you can do, this but will
give you the base configuration. You can now visit www.mysite.com on
your public web server and it will serve up the site from your internal
web server.
You should see two rules show up; one inbound and
one outbound. You can edit these, add conditions, and tweak them
further as needed.
Once you have configured this correctly,
check your web.config file at the root of your site, and compare it to
below to ensure it works with Let's Encrypt's free SSL certificates.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="SSL_LetsEncrypt_Fixer" stopProcessing="true">
<!-- If url contains .well-known/acme-challenge then it matches,
& don't process any other rules -->
<match url="^(?:(?!\.well-known\/acme-challenge).)*$" negate="true" />
<action type="None" />
</rule>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="^(?:(?!\.well-known\/acme-challenge).)*$" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}"
redirectType="Permanent" appendQueryString="false" />
</rule>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://LOCAL_IP_ADDRESS_ODOO_IS_INSTALLED_ON:8069/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.254.20:8069/(.*)" />
<action type="Rewrite" value="http{R:1}://PUBLIC_DOMAIN_ADDRESS/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*"/>
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true"/>
</conditions>
<action type="Rewrite" value="max-age=31536000"/>
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Please let me know if you have any problems with this, or request further guidance.
Vince
