Odoo Help

1

How to set up SSL connection on Windows?

By
thenon
on 4/3/13, 1:19 PM 4,841 views

My .conf has the following lines:

xmlrpcs = True

xmlrpcs_interface =

xmlrpcs_port = 8071

Do they refer to the https interface? Where do I set up a certificate/specify domain name etc? When I go to https://localhost:8071, nothing is there, and indeed, netstat shows nothig listening on that port.

Thanks

I also note these lines: secure_pkey_file = server.pkey secure_cert_file = server.cert but those files don't exist. What format do they need to be in?

thenon
on 4/4/13, 2:58 PM

For anyone else that comes across this, it appears these configs are misleading. I can't find any evidence SSL mode works (in Windows, don't know about linux) and the community doesn't seem to know either. So I'm resorting to a reverse proxy SSL offload to try make it happen.

thenon
on 4/30/13, 6:01 PM

SSL needs to be done with another server. I think these values are left overs from OE6.

patrick
on 5/21/13, 4:34 PM
0
Vince Pike
On 9/29/17, 11:14 AM
Hello, here is the current way that I was successful setting up Odoo on Windows Server with HTTPS, and HTTP.

    Download the latest Odoo build for Windows which installs itself as a service that will work on port 8069.

    Install and Configure Odoo as you would like it to be.

    After configuring your Odoo, you will need to setup a reverse proxy so that IIS can route traffic that comes into your server on port 80 and 443 to your local Odoo service which works on port 8069. This involves installing 2 web platform components called URL Rewrite, and Application Request Routing. If you don’t already have URL Rewrite 2.1 and Application Request Routing 3.0 installed you can do so easily with the Web Platform Installer.

    After installing both of the above items, you must create a website on your public web server that has the public bindings that you need. Alternately, you can use an existing site and route using conditions for certain traffic.

    After you’ve created your site then open up URL Rewrite at the site level.


    Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.


    If you receive a prompt (the first time) that the proxy functionality needs to be enabled, select OK. This is telling you that a proxy can route traffic outside of your web server, which happens to be our goal in this case. Be aware that reverse proxy rules can be dangerous if you open sites from inside you network to the world, so just be aware of what you’re doing and why.


    The next and final step of the template asks a few questions.


    The first textbox asks the name of the internal web server. In our example, it’s 10.10.0.50:8111. This can be any URL, including a subfolder like internal.mysite.com/blog. Don’t include the http or https here. The template assumes that it’s not entered.

    You can choose whether to perform SSL Offloading or not. Leave this checked so that you can access Odoo with a secure connection. The traffic only passed unecrypted whilst on this server to itself.

    Next, the template enables you to create an outbound rule. This is used to rewrite links in the page to look like your public domain name rather than the internal domain name. Outbound rules have a lot of CPU overhead because the entire web content needs to be parsed and updated. However, if you need it, then it’s well worth the extra CPU hit on the web server.

    If you check the “Rewrite the domain names of the links in HTTP responses” checkbox then the From textbox will be filled in with what you entered for the inbound rule. You can enter your friendly public URL for the outbound rule. This will essentially replace any reference to 10.10.0.50:8111 (or whatever you enter) with tools.mysite.com in all <a>, <form>, and <img> tags on your site.


    That’s it! Well, there is a lot more that you can do, this but will give you the base configuration. You can now visit www.mysite.com on your public web server and it will serve up the site from your internal web server.

    You should see two rules show up; one inbound and one outbound. You can edit these, add conditions, and tweak them further as needed.

    Once you have configured this correctly, check your web.config file at the root of your site, and compare it to below to ensure it works with Let's Encrypt's free SSL certificates.

    <?xml version="1.0" encoding="UTF-8"?>

    <configuration>

        <system.webServer>

            <rewrite>

                <rules>

                    <rule name="SSL_LetsEncrypt_Fixer" stopProcessing="true">

                    <!-- If url contains .well-known/acme-challenge then it matches, & don't process any other rules -->

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" negate="true" />                   

                        <action type="None" />

                    </rule>

                   

                    <rule name="Redirect HTTP to HTTPS" stopProcessing="true">

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" />

                        <conditions>

                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />

                        </conditions>

                        <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}"

                            redirectType="Permanent" appendQueryString="false" />

                    </rule>

                   

                    <rule name="ReverseProxyInboundRule1" stopProcessing="true">

                        <match url="(.*)" />

                        <action type="Rewrite" url="http://LOCAL_IP_ADDRESS_ODOO_IS_INSTALLED_ON:8069/{R:1}" />

                    </rule>

               

                </rules>

               

                <outboundRules>

               

               

                    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">

                        <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.254.20:8069/(.*)" />

                        <action type="Rewrite" value="http{R:1}://PUBLIC_DOMAIN_ADDRESS/{R:2}" />

                    </rule>

                    <preConditions>

                        <preCondition name="ResponseIsHtml1">

                            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

                        </preCondition>

                    </preConditions>

                   

                    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">

                    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*"/>

                    <conditions>

                        <add input="{HTTPS}" pattern="on" ignoreCase="true"/>

                    </conditions>

                    <action type="Rewrite" value="max-age=31536000"/>

                    </rule>

                   

                </outboundRules>

            </rewrite>

        </system.webServer>

    </configuration>


Please let me know if you have any problems with this, or request further guidance.
Vince
0
patrick
On 5/21/13, 4:37 PM

On Linux, there are various examples to install another webserver (like Apache or NGINX) to do HTTPS and connect it locally to openERP.

NGINX is available for Windows, so try the following guide.

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

Register

Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)

Stats

Asked: 4/3/13, 1:19 PM
Seen: 4841 times
Last updated: 9/29/17, 11:14 AM