Odoo 15 on CentOS 8 Configure Nginx Proxy (With SSL) – Recommended

If your server has a public IP, you can create a DNS A record for your domain to point to Odoo Server and request for free Let’s Encrypt SSL certificate.

Install Nginx on CentOS 8 Server.

Step 1:- sudo yum -y install nginx
Step 2:- sudo systemctl enable --now nginx

Install certbot tool.

sudo yum -y install epel-release wget
sudo yum -y install certbot

Stop Nginx service.

sudo systemctl stop nginx

Get Let’s Encrypt SSL certificates for your domain.

export DOMAIN="erpcall.com"
export EMAIL="erpcall@gmail.com"
sudo certbot certonly --standalone -d ${DOMAIN} --preferred-challenges http --agree-tos -n -m ${EMAIL} --keep-until-expiring

The path to certificate files is shown in the “IMPORTANT NOTES” section.

IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/erpcall.com.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/erpcall.com.com/privkey.pem
Your cert will expire on 2021-01-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew all of your certificates, run
"certbot-auto renew"
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Create cron for certificate renewal.

$ sudo crontab -e
15 3 * * * /usr/bin/certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

Create Nginx configuration file.

sudo vim /etc/nginx/conf.d/odoo.conf

Paste below into the file and modify it to suit your environment.

# Odoo Upstreams
upstream odooserver {
 server 127.0.0.1:8069;
}

# http to https redirection
server {
    listen 80;
    server_name erpcall.com.com;
    return 301 https://erpcall.com$request_uri;
}

server {
    listen 443 ssl;
    server_name erpcall.com.com;
    access_log /var/log/nginx/odoo_access.log;
    error_log /var/log/nginx/odoo_error.log;
   
   # SSL
    ssl_certificate /etc/letsencrypt/live/erpcall.com.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/erpcall.com.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/erpcall.com.com/chain.pem;


    # Proxy settings
    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # Request for root domain
    location / {
       proxy_redirect off;
       proxy_pass http://odooserver;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odooserver;
    }

    # Gzip Compression
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

Validate your Nginx configurations.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart Nginx.

$ sudo systemctl restart nginx

If Any help in odoo NGINX setup then feel free to call for the setup: +91-91709-63131 or drop email at business@erpcall.com