After installing Apache2 as a reverse proxy for Odoo, we can proceed to set up HTTPS for your Odoo instance running on Apache. If you have a domain name and want to serve Odoo through the Internet, you can use Let’s Encrypt for a free SSL certificate. For local area network (LAN) use, create a self-signed certificate if you don’t need a publicly trusted certificate. Here’s how to do both:
Option 1: Using Let’s Encrypt (for Public Access)
Step 1: Install Certbot
First, install Certbot, which is the recommended tool for obtaining and managing Let’s Encrypt SSL certificates:
sudo apt update
sudo apt install certbot python3-certbot-apache
Step 2: Obtain an SSL Certificate
Run the following command to obtain an SSL certificate. Replace your_domain with your actual domain name:
sudo certbot --apache -d your_domainFollow the prompts to complete the certificate issuance process. Certbot will automatically configure Apache to use the new certificate.
Step 3: Verify HTTPS Configuration
After obtaining the certificate, you can verify that HTTPS is working by navigating to https://your_domain_or_ip in your web browser. You should see a secure connection indicator.
Step 4: Set Up Automatic Renewal
Let’s Encrypt certificates are valid for 90 days. To automatically renew the certificates, you can set up a cron job. Certbot usually installs a cron job automatically, but you can verify it with:
sudo systemctl status certbot.timer
Option 2: Creating a Self-Signed Certificate (For LAN Use)
If you are setting this up for internal use and do not need a publicly trusted certificate, you can create a self-signed certificate.
Step 1: Create a Self-Signed Certificate
Run the following commands to create a self-signed certificate:
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/odoo.key -out /etc/apache2/ssl/odoo.crt
You will be prompted to enter information for the certificate. You can fill in the details as needed.
Step 2: Configure Apache to Use the Self-Signed Certificate
Edit your Apache configuration file for Odoo (e.g., /etc/apache2/sites-available/odoo.conf) to include the SSL configuration:
<VirtualHost *:443>
ServerName your_domain_or_ip
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/odoo.crt
SSLCertificateKeyFile /etc/apache2/ssl/odoo.key
ProxyRequests Off
ProxyPass / http://localhost:8069/
ProxyPassReverse / http://localhost:8069/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ErrorLog ${APACHE_LOG_DIR}/odoo_error.log
CustomLog ${APACHE_LOG_DIR}/odoo_access.log combined
</VirtualHost>
Step 3: Enable SSL Module and Site
Enable the SSL module and the new site configuration:
sudo a2enmod ssl
sudo a2ensite odoo.confStep 4: Restart Apache
Restart Apache to apply the changes:
sudo systemctl restart apache2Step 5: Access Odoo via HTTPS
Open your web browser and navigate to https://your_domain_or_ip. You may receive a warning about the self-signed certificate, which is expected. You can proceed to access the site.
Conclusion
By following these steps, you can set up HTTPS for your Odoo instance on Apache for LAN use. Using Let’s Encrypt is recommended for public access, while a self-signed certificate is suitable for internal use.