Đầy đủ hướng dẫn cài docker odoo có ssl và timezero trên windows 10

Nội dung

    Nạp IP lên noip bằng DUC, SSL mua dịch vụ của noip 19,99$ (520K).

    Dùng cloudflare thì tạo file bat để nó chạy

    @ECHO OFF 
    
    :: This batch file details networking configuration.
    
    TITLE Update IP to Cloudflare.
    
    ECHO Please wait... Update IP to Cloudflare.
    
    G:\docker\odoo14\cloudflare-sync.exe -api-token eVzLcWs3yrSF-bIaT -records-file-name odoo.json -zone-id 0c8761ac1fbd -frequency 10000
    

    odoo.json thì có nội dung:

    [
    {
    "type": "A",
    "name": "pkp.vn",
    "proxied": false,
    "ttl": 1200,
    "priority": 1
    }
    ]

    Còn SSL thì mua dùng, sử dụng zerossl chỉ cho 3 lần gia hạn.

    Nội dung trong file docker-compose.yml: Nội dung thay đổi trong file yml, dùng câu lệnh để update: docker compose up –build Để cập nhật ver mới phải xóa image odoo rồi cho build lại. Chạy lệnh: docker compose up -d docker compose down
    version: "3.9"
    services:
        db:
            image: postgres:13
            user: root
            environment:
                - POSTGRES_PASSWORD=odoo
                - POSTGRES_USER=odoo
                - POSTGRES_DB=postgres
                - TZ=Asia/Ho_Chi_Minh
                - PGTZ=Asia/Ho_Chi_Minh
                - DEBIAN_FRONTEND=noninteractive
            restart: always             # run as a service
            volumes:
                - ./postgresql:/var/lib/postgresql/data
    
        odoo14:
            image: odoo:14
            user: root
            depends_on:
                - db
            ports:
                - 80:8069
                - 8072:8072
            tty: true
            command: --
        #    command: odoo scaffold /mnt/extra-addons/custom_module
            environment:
                - HOST=db
                - USER=
                - PASSWORD=
                - TZ=Asia/Ho_Chi_Minh
                - PGTZ=Asia/Ho_Chi_Minh
                - DEBIAN_FRONTEND=noninteractive
            volumes:
                #- /etc/timezone:/etc/timezone:ro
                #- /etc/localtime:/etc/localtime:ro
                #- ./entrypoint.sh:/entrypoint.sh   # if you want to install additional Python packages, uncomment this line!
                - ./addons:/mnt/extra-addons
                - ./etc:/etc/odoo
            
            restart: always             # run as a service
    
        nginx:
            container_name: nginx
            image: nginx:latest
            restart: always
            depends_on:
                - odoo14
            ports:            
                - 443:443
            volumes:
                - ./nginx/conf:/etc/nginx/conf.d
                - ./ssl:/etc/ssl
                - ./nginx/site:/usr/share/nginx/html
       

    Các câu lệnh chạy trong Terminal:

    pip3 install html2text
    

    Set timezore trực tiếp trong command

    apt-get update && \
    apt-get install -yq tzdata && \ 
    ln -fs /usr/share/zoneinfo/Asia/Ho_Chi_Minh /etc/localtime && \ 
    dpkg-reconfigure -f noninteractive tzdata
    
    ENV TZ="Asia/Ho_Chi_Minh"

    Nội dung trong file conf của nginx:

    upstream odoo {
    server odoo14:8069 weight=1 fail_timeout=0;
    }
    
    server {
    
    listen 443 ssl;
    charset         utf-8;
    server_name pkp.vn www.pkp.vn;
    root /usr/share/nginx/html;
    index index.html index.htm;
    
    # log files
        access_log  /usr/share/nginx/html/openerp.access.log;
        error_log   /usr/share/nginx/html/openerp.error.log;
    
        ssl_certificate /etc/ssl/certificate.crt; 
        ssl_certificate_key /etc/ssl/private.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers         HIGH:!aNULL:!MD5;
     
    proxy_read_timeout 3000s;
    proxy_connect_timeout 3000s;
    proxy_send_timeout 3000s;
    
    # Add Headers for odoo proxy mode
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
     
    
    
        location / {        
    proxy_redirect     off;
            proxy_pass http://odoo;
          
        }
    location ~* /web/static/ {
               proxy_cache_valid 200 90m;
               proxy_buffering    on;
               expires 864000;
               proxy_pass http://odoo;
           }
    #  common gzip
    gzip_types text/css text/scss text/plain text/xml application/xml application/json applicat$
    gzip on;
    client_max_body_size 3G;
    }
    server {
    
    listen 443 ssl;
    charset         utf-8;
    server_name phankienphat.net www.phankienphat.net;
    root /usr/share/nginx/html;
    index index.html index.htm;
    
    # log files
        access_log  /usr/share/nginx/html/openerp.access.log;
        error_log   /usr/share/nginx/html/openerp.error.log;
    
    ssl_certificate /etc/ssl/phankienphat.net.pem;
    ssl_certificate_key /etc/ssl/phankienphat.net.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
       ssl_prefer_server_ciphers on;
    
       add_header Strict-Transport-Security max-age=15768000;
    
     
    proxy_read_timeout 3000s;
    proxy_connect_timeout 3000s;
    proxy_send_timeout 3000s;
    
    # Add Headers for odoo proxy mode
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
     
    
        location / {        
    proxy_redirect     off;
            proxy_pass http://odoo;
          
        }
    location ~* /web/static/ {
               proxy_cache_valid 200 90m;
               proxy_buffering    on;
               expires 864000;
               proxy_pass http://odoo;
           }
    #  common gzip
    gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
    gzip on;
    client_max_body_size 3G;
    }

    Do proxy cho odoo chat không mở cho phương thức http, nên cho post 8072 và 80 nên cho chạy bình thường. Để app Discuss nhận tin và chuông.

    Cấu hình cho odoo

    [options]
    addons_path = /mnt/extra-addons
    admin_passwd = $pbQ
    csv_internal_sep = ,
    data_dir = /etc/odoo
    db_host = db
    db_maxconn = 1064
    db_name = False
    db_password = odoo
    db_port = 5432
    db_sslmode = prefer
    db_template = template0
    db_user = odoo
    dbfilter = 
    demo = {}
    email_from = False
    geoip_database = /usr/share/GeoIP/GeoLite2-City.mmdb
    http_enable = True
    http_interface = 
    http_port = 8069
    import_partial = 
    limit_memory_hard = 3221225472
    limit_memory_soft = 2684354560
    limit_request = 8192
    limit_time_cpu = 600
    limit_time_real = 1200
    limit_time_real_cron = -1
    list_db = True
    log_db = False
    log_db_level = warning
    log_handler = :INFO
    log_level = info
    logfile = /etc/odoo/odoo-server.log
    logrotate = False
    longpolling_port = 8072
    max_cron_threads = 1
    max_connections = 800
    osv_memory_age_limit = False
    osv_memory_count_limit = False
    pg_path = None
    pidfile = False
    proxy_mode = True
    reportgz = False
    screencasts = 
    screenshots = /tmp/odoo_tests
    server_wide_modules = base,web
    smtp_password = False
    smtp_port = 25
    smtp_server = localhost
    smtp_ssl = False
    smtp_user = False
    syslog = False
    test_enable = False
    test_file = False
    test_tags = None
    transient_age_limit = 1.0
    translate_modules = ['all']
    unaccent = False
    upgrade_path = 
    without_demo = False
    workers = 2
    timezone = Asia/Ho_Chi_Minh
    

    Kết nối data bị Scheduled Actions kích hoạch dưới 5s, đôi khi do workers = 2. Nên phải set timezero. workers = 0.

    Trả lời

    Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *