Deploying Odoo 17 Using Nginx on Ubuntu

In another post we have discussed the whole process of deploying an Odoo 17 instance using Nginx and PostgreSQL on Ubuntu. In this post we only discuss the step of serving Odoo behind Nginx proxy.

First go through the steps discussed in this post to obtain a Let's Encrypt certificate for your domain:
How to Obtain a Let's Encrypt Certificate using Certbot

After obtaining ssl certificates change nginx site onfiguration to this. Remember to change the domain to your own site domain:

# Odoo servers
upstream odoo {
 server 127.0.0.1:8069;
}

upstream odoochat {
 server 127.0.0.1:8072;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

# HTTP -> HTTPS
server {
    listen 80;
    server_name https://www.example.com/ https://example.co;/

    include snippets/letsencrypt.conf;
    return 301 https://example.com$request_uri;/
}

# WWW -> NON WWW
server {
    listen 443 ssl http2;
    server_name https://www.example.com;/

    ssl_certificate /etc/letsencrypt/live/https://example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/https://example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/https://example.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    return 301 https://example.com$request_uri;/
}

server {
    listen 443 ssl http2;
    server_name https://example.com;/

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Proxy headers
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # SSL parameters
    ssl_certificate /etc/letsencrypt/live/https://example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/https://example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/https://example.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    # log files
    access_log /var/log/nginx/https://odoo.access.log;/
    error_log /var/log/nginx/https://odoo.error.log;/

    # Redirect websocket requests to odoo gevent port
  location /websocket {
    proxy_pass http://odoochat;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
  }

    # Handle longpoll requests
    location /longpolling {
        proxy_pass http://odoochat;
    }

    # Redirect requests to odoo backend server
  location / {
    # Add Headers for odoo proxy mode
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_pass http://odoo;

    # Enable HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    # requires nginx 1.19.8
    #proxy_cookie_flags session_id samesite=lax secure;
  }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

Test Nginx configuration and restart it:

$ sudo nginx -t

$ sudo systemctl restart nginx