I have Odoo v11 running on Odoo.sh and am using Cloudflare for DNS management. SSL is turned on at Cloudflare and it works when I visit my site with https://, but I would like to force SSL even when someone types http://. I changed the web.base.url to use https: under Technical->System Parameters, but that doesn't seem to force the URLs to use SSL. Any other thoughts?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project management
- MRP
This question has been flagged
3
Replies
11527
Views
Odoo.sh does not support SSL (yet). Odoo does recommend to use a third party service such as Cloudflare, but this is not a real solution. Please read first how it works and why Cloudflare itself does not recommend to use this option "Flexible SSL" for security reasons: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-
It should only be used as a last resort if you are not able to setup SSL on your own web server, but it is less secure than any other option (even “Off”), and could even cause you trouble when you decide to switch away from it: How do I fix the infinite redirect loop...
So you should not downvote the messenger, but the lack of service from Odoo. To me this is a show stopper for odoo.sh.
Actually, the FAQ at odoo.sh says this about SSL- "To enable SSL, you can use a third-party CDN service provider such as CloudFlare.com.". I've setup SSL at Cloudflare and I can access my site using https:
You can be sure that I'm very well able to read the documentation. Secondly, you should really try to understand what it is all about in the first place. Cloudflare is a third party provider and not Odoo. Therefore my statement is 100% correct and you should well be aware about the corresponding security risks, as elaborated in my amended answer.
First, I should clarify that I am not using this website for ecommerce or anything that requires a valid SSL solution. I am just addressing the fancy green lock symbol issue for SEO and the Cloudflare SSL addresses this. Your answers are entirely correct and I completely agree that Odoo needs to fix this on Odoo.sh. For me to implement a complete secure solution for a client, we would move to our own servers and not use odoo.sh.
This is actually a good and valid answer, which shouldn't have had a downvote honestly. I've accepted your answer as it is the truth and it is a lack in SH.
Guys, we have implemented Cloudflare on a customer website eFlorist.pk successfully. powered by Odoo community version 14. We have installed Let's Encrypt SSL + enable Cloudflare SSL/TLS encryption mode as full or flexible. Please see picture below. You also need to enabled Cloudflare proxy in Cloudflare DNS.
Thanks to Ermin's answer, I just checked the Cloudflare support articles and found the answer. In the Crypto section, there is an option called Always use HTTPS. It will redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone. Seems to work perfectly!
Seeing a fancy green lock symbol in your browser is not the whole story. Read first what it is all about and why Cloudflare itself is not recommending using "Flexible SSL" in the link of my amended answer.
