@Yenthe,
I'll write a guide later, however i'd recommend you refer to this post:
https://www.odoo.com/forum/help-1/question/how-to-show-the-manage-database-page-for-particular-user-like-administrator-in-openerp-v8-57036#answer-64772
as follows:
In order to restrict access to /web/database/selector and /web/database/manager I have setup nginx as a frontend proxy in front of Odoo's webserver and applied the following rules to the /sites-enabled/examplewebsite.com (add inside server {}):
location ~ ^ /web/database(manager|selector) {
allow 1.2.3.4;
deny all;
}
simply replace 1.2.3.4 with an ip (preferably fixed ip) of your choice. I have replaced it with an ip address inside my internal LAN. This will provide anyone who is not trying to access that URL from that IP address a 403 Forbidden error from nginx.
In order to setup Nginx as a frontend proxy for Odoo I have used the following steps on Debian 7.6:
1) sudo apt-get install nginx
2) sudo pico -w /etc/nginx/sites-enabled/examplewebsite.com
3) paste the following and replace examplewebsite.com with your domain, and 1.2.3.4 with the fixed IP address you would like to access your /web/database/manager and /web/database/selector links from:
server {
listen 80;
server_name www.examplewebsite.com examplewebsite.com;
charset utf-8;
access_log /var/log/nginx/prolv-access.log;
error_log /var/log/nginx/prolv-error.log;
location ~ ^/web/database/(manager|selector) {
allow 1.2.3.4;
deny all;
}
location / {
proxy_pass http://127.0.0.1:8072/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-OpenERP-dbfilter prolv;
client_max_body_size 200m;
# proxy_connect_timeout 90;
# proxy_send_timeout 90;
# proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 16 64k;
# proxy_busy_buffers_size 64k;
# proxy_temp_file_write_size 64k;
}
# Static files location
#location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
# root /spool/www/members_ng;
#}
}
Credit to Viktor for his basic Nginx config for Odoo 8.0 here
http://www.prolv.net/forum/help-1/question/nginix-setup-for-odoo-6
and NixCraft for their explanation of Nginx Access rules here:
http://www.cyberciti.biz/faq/nginx-block-url-access-all-except-one-ip-address/
Although this is by no means a complete or production ready configuration it has at least helped me to achieve restricting access to those URL's to a specific IP. I will be rolling a more complete nginx configuration into my Odoo 8.0 install script (forked and modified from Andre Schenkel's here - https://github.com/lukebranch/openerp-install-scripts/blob/master/odoo-saas4/ubuntu-14-04/odoo_install.sh).
There are probably better ways to do this and I welcome any comments on how this might be better implemented.
You'll need to setup a frontend proxy for Odoo (eg. I have used Nginx above), and you'll need to point your domain's A records for the over to the IP of your VPS. I'd recommend either using DNS hosting (such as google's DNS - https://cloud.google.com/dns/) or any other DNS hosting service in order to do this. I'm currently using the above explained setup to host a number of Odoo instances for public websites now so I know it works at a basic level.
I'll be forking my script (forked and modified from Andre Schenkel's original script here - https://github.com/lukebranch/openerp-install-scripts/blob/master/odoo-saas4/ubuntu-14-04/odoo_install.sh) very shortly to create a complete server setup with Nginx as a frontend proxy for Odoo, as well as a full open-source control panel using Ajenti (http://ajenti.org/) as soon as I can find time. In the meantime you may want to refer to Ivan Yelizariev's answer on my post here:
https://www.odoo.com/forum/help-1/question/how-to-install-odoo-from-github-on-ubuntu-14-04-for-testing-purposes-only-ie-not-for-production-52627
