让我们使用SSL加密在CentOS 8上安装Odoo 14
时间:2020-02-23 14:31:14 来源:igfitidea点击:
撰写这篇文章是为了指导Linux用户在CentOS 8上安装Odoo 14 ERP系统。Odoo是一个开源业务管理应用程序,具有POS,CRM,项目管理,构建器,市场营销,仓库管理,电子商务,计费等功能。与会计,制造和许多其他很酷的功能。这些额外的功能可以通过大量可用于安装的Odoo插件来解锁。
在本文更新时,Odoo ERP软件的最新版本为版本14. 我们将通过系统升级开始安装,安装所有必需的依赖项(如PostgreSQL数据库服务器),最后在CentOS 8上进行Odoo ERP 14的实际安装。 Nginx将用作CentOS 8上Odoo 14 ERP和CRM系统的前端代理。
更新操作系统,设置主机名和DNS
登录到CentOS 8服务器并执行系统更新,然后重新启动。
sudo dnf -y update sudo reboot
重新引导系统后,配置正确的主机名。
sudo hostnamectl set-hostname erp.hirebestengineers.com --static sudo hostnamectl set-hostname erp.hirebestengineers.com --transient
还要在DNS服务器中添加有效的A记录。
保存记录并通过ping或者dig验证其是否正常工作。
$sudo dnf -y install bind-utils $dig A erp.hirebestengineers.com +short 168.119.127.45
将EPEL储存库添加到CentOS服务器
通过运行命令将EPEL存储库添加到CentOS 8.
sudo yum -y install epel-release vim bash-completion
将SELinux置于宽松模式。
sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
运行yum repolist命令。
$sudo yum repolist repo id repo name AppStream CentOS-8 - AppStream BaseOS CentOS-8 - Base epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 extras CentOS-8 - Extras
安装PostgreSQL数据库服务器
Odoo ERP资源库使用PostgreSQL数据库服务器进行数据存储。软件包在DNF模块中可用。
禁用当前的默认PostgreSQL模块。
sudo dnf -qy module disable postgresql
启用PostgreSQL 12模块。
sudo dnf module -y enable postgresql:12
然后安装PostgreSQL服务器和客户端软件包。
sudo dnf -y install @postgresql
安装后,需要先进行数据库初始化,然后才能启动服务。
$sudo /usr/bin/postgresql-setup --initdb --unit postgresql * Initializing database in '/var/lib/pgsql/data' * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log
启动并启用数据库服务器。
$sudo systemctl enable --now postgresql Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service.
创建odoo数据库用户。
sudo su - postgres -c "createuser -s odoo"
在CentOS 8上安装wkhtmltopdf
Odoo使用wkhtmltopdf生成PDF格式的报告。 wkhtmltopdf的建议安装版本为0.12.5,可在wkhtmltopdf下载页面的"归档"部分中找到。
sudo dnf install -y https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox-0.12.5-1.centos8.x86_64.rpm
确认安装的版本。
$wkhtmltopdf --version wkhtmltopdf 0.12.5 (with patched qt)
我们可以继续下一步在CentOS 8上实际安装Odoo 14的步骤。
在CentOS 8上安装Odoo 14
添加EPEL存储库:
yum -y install epel-release
同时启用PowerTools存储库。
sudo dnf config-manager --set-enabled PowerTools
安装Python和其他构建依赖项:
sudo yum -y install vim bash-completion zip git gcc openldap-devel python3 python3-devel redhat-rpm-config libxslt-devel libjpeg-devel freetype-devel bzip2-devel
添加Odoo系统用户和组。
sudo useradd -r -m -U -d /opt/odoo -s /bin/bash odoo
为创建的用户帐户设置密码。
$sudo passwd odoo Changing password for user odoo. New password: Retype new password: passwd: all authentication tokens updated successfully.
查看用户详细信息:
$id odoo uid=992(odoo) gid=989(odoo) groups=989(odoo)
切换到创建的用户帐户:
$sudo su - odoo
从Github复制版本14分支。
git -C /opt/odoo/clone https://www.github.com/odoo/odoo --depth 1 --branch 14.0
创建Python Virtualenv。
cd /opt/odoo python3 -m venv odoo-venv
激活创建的虚拟环境。
source odoo-venv/bin/activate
在需求文件中安装Python依赖项。
pip3 install -r odoo/requirements.txt
成功安装后,停用虚拟环境,
deactivate exit
创建Odoo日志文件:
sudo touch /var/log/odoo.log
创建自定义插件路径:
sudo mkdir /opt/odoo/odoo/custom-addons
设置正确的目录权限:
sudo chown -R odoo:odoo /opt/odoo//var/log/odoo.log
创建Odoo实例配置文件:
sudo tee /etc/odoo.conf<<EOF [options] proxy_mode = True ; This is the password that allows database operations: admin_passwd = theitroad@localhost db_host = False db_port = False db_user = odoo db_password = False xmlrpc_port = 8069 logfile = /var/log/odoo.log logrotate = True addons_path = /opt/odoo/odoo/addons,/opt/odoo/odoo/custom-addons EOF
创建系统服务单元文件。
sudo tee /etc/systemd/system/odoo.service<<EOF [Unit] Description=Odoo ERP Server Requires=postgresql.service After=network.target postgresql.service [Service] User=odoo Group=odoo Type=simple SyslogIdentifier=odoo PermissionsStartOnly=true ExecStart=/opt/odoo/odoo-venv/bin/python3 /opt/odoo/odoo/odoo-bin -c /etc/odoo.conf StandardOutput=journal+console [Install] WantedBy=multi-user.target EOF
重新加载系统服务:
sudo systemctl daemon-reload
启动创建的odoo服务。
sudo systemctl start odoo sudo systemctl restart odoo
使它在启动时启动。
$sudo systemctl enable odoo Created symlink /etc/systemd/system/multi-user.target.wants/odoo.service → /etc/systemd/system/odoo.service.
确认Odoo服务是否设置为在启动时启动。
$systemctl is-enabled odoo enabled
检查是否正在运行。
$systemctl status odoo
● odoo.service - Odoo ERP Server
Loaded: loaded (/etc/systemd/system/odoo.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2017-10-11 18:38:30 CEST; 48s ago
Main PID: 25201 (python3)
Tasks: 4 (limit: 24392)
Memory: 59.2M
CGroup: /system.slice/odoo.service
└─25201 /opt/odoo/odoo-venv/bin/python3 /opt/odoo/odoo/odoo-bin -c /etc/odoo.conf
Oct 11 18:38:30 erp.hirebestengineers.com systemd[1]: Started Odoo ERP Server.
一旦启动,Odoo服务应绑定到TCP端口8069.
$sudo ss -tunelp | grep 8069
tcp LISTEN 0 128 0.0.0.0:8069 0.0.0.0:* users:(("python3",pid=25201,fd=4)) uid:992 ino:64882 sk:5 <->
配置Nginx代理(不使用SSL)不推荐
在CentOS 8上安装Nginx Web服务器:
sudo yum -y install nginx sudo systemctl enable --now nginx
为odoo创建一个新的配置文件。
sudo vim /etc/nginx/conf.d/odoo.conf
修改此配置代码段以适合设置。
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name erp.hirebestengineers.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location/{
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/{
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
用域名替换Replacep.theitroad,然后验证Nginx配置文件。
$sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
如果一切正常,请重新启动Nginx。
sudo systemctl restart nginx
配置Nginx代理(使用SSL证书)推荐
如果服务器具有公共IP,则可以为域创建DNS A记录以指向Odoo Server并请求免费的Lets Encrypt SSL证书。
在CentOS 8服务器上安装Nginx。
sudo yum -y install nginx sudo systemctl enable --now nginx
安装certbot-auto工具。
sudo yum -y install wget wget https://dl.eff.org/certbot-auto chmod +x certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto
停止Nginx服务。
sudo systemctl stop nginx
获取让域加密SSL证书。
export DOMAIN="erp.hirebestengineers.com"
export EMAIL="theitroad@localhost"
sudo /usr/local/bin/certbot-auto certonly --standalone -d ${DOMAIN} --preferred-challenges http --agree-tos -n -m ${EMAIL} --keep-until-expiring
证书文件的路径显示在"重要说明"部分中。
IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/erp.hirebestengineers.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/erp.hirebestengineers.com/privkey.pem Your cert will expire on 2021-01-09. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run "certbot-auto renew" Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. If you like Certbot, please consider supporting our work by: Donating to ISRG/Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
创建cron以进行证书续订。
$sudo crontab -e 15 3 * * * /usr/local/bin/certbot-auto renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
创建Nginx配置文件。
sudo vim /etc/nginx/conf.d/odoo.conf
将以下内容粘贴到文件中并进行修改以适合环境。
# Odoo Upstreams
upstream odooserver {
server 127.0.0.1:8069;
}
# http to https redirection
server {
listen 80;
server_name erp.hirebestengineers.com;
return 301 https://erp.hirebestengineers.com$request_uri;
}
server {
listen 443 ssl;
server_name erp.hirebestengineers.com;
access_log /var/log/nginx/odoo_access.log;
error_log /var/log/nginx/odoo_error.log;
# SSL
ssl_certificate /etc/letsencrypt/live/erp.hirebestengineers.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/erp.hirebestengineers.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/erp.hirebestengineers.com/chain.pem;
# Proxy settings
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Request for root domain
location/{
proxy_redirect off;
proxy_pass http://odooserver;
}
# Cache static files
location ~* /web/static/{
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odooserver;
}
# Gzip Compression
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
验证Nginx配置。
$sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
重新启动Nginx。
sudo systemctl restart nginx
在CentOS 8服务器上访问Odoo 14
从Web https://DNShostname访问我们域名上的Odoo网页。
我们也可以直接在以下位置访问Odoo网页:
http://<your_server_IP_address>:8069
在第一页上,设置数据库名称,管理员用户的电子邮件地址和管理员用户的密码。
我们现在已经在CentOS 8服务器上安装并运行了Odoo ERP。
