In steps 1 and 2, we installed certbot and generated the SSL certificate for the odoo.example.com website. The certbot program is a command-line utility that eases interacting with letsencrypt.org to generate a free SSL certificate. The complete documentation is available at https://certbot.eff.org/docs/. In this recipe, we used a subcommand, certbot certonly <options>, which will request a signed certificate from Let's Encrypt for the domains passed to the -d option. Use the -m option to specify your email address. The --standalone option asks certbot to set up a local temporary web server, which Let's Encrypt will attempt to contact to check that you control the domain for which you are requesting a certificate. It is, therefore, important that the command is run on the server that will be hosting Odoo, that the DNS is pointing to that server, and that no firewall is blocking port 80 and 443 on the server.

We are using nginx as a reverse HTTP proxy. Incoming HTTP and HTTPS connections are handled by nginx, which delegates the processing of the requests to the Odoo server. The Odoo server is configured to only listen on the local loopback interface (127.0.0.1) on port 8069 for normal requests (http_port) and port 8072 for long polling requests (longpolling_port). You may need to adapt the port numbers to your configuration:

In step 4, we added the /etc/nginx/sites-available/odoo-ssl nginx configuration file. In this file, we added an upstream reference. This is the reference of your local server and we are going to use it in the next steps. 

In step 5, we added server configuration to manage incoming connections on port 80 using the HTTP protocol. We don't want to serve our website on HTTP because the data is transferred in clear text, meaning that the passwords can be sniffed. Consequently, we add a URL and rewrite a rule in order to permanently redirect URLs to port 443 using the encrypted HTTPS protocol.

Steps 6-13 are bit more complex and the configurations are added to handle connections using the HTTPS protocol. Here are the details of different blocks of configurations:

• The configuration block in step six configures the server to handle the requests of the odoo.example.com domain on port 433.
• The configuration block in step seven configures the SSL protocol, the encryption key, and the certificate.
• The configuration block in step eight adds the log file's location. Whenever the request is served through Nginx, this file will be used to store logs.
• Step nine adds the gzip block, which is used to compress files. This plays an important role in reducing the page size.
• The configuration block in step 10 adds extra headers to provide more information with each request. These extra headers are used to provide more information to the Odoo server.
• Step 11 adds the location / block, which defines the default processing of incoming requests they will be proxied to the Odoo server listening on port 8069.
• Step 11 also adds the location /longpolling block, which is used to handle queries made on URLs starting with /longpolling, which are then forwarded to Odoo on port 8072. These connections are used by the bus add-on module to send notifications to the web client.
• Step 12 adds the location ~* /web/static/ block, which uses a regular expression to match the URLs of the static files of Odoo modules. These files are rarely updated, and so we ask nginx to cache them in order to lighten the load on the Odoo server.

In the last step, we used the certbot renew command, which checks for certificates pending renewal, and automatically renews them. By default, Let's Encrypt certificates have a validity of 90 days, which is quite short. Thanks to this utility, which we run on a daily basis, certificates that are about to expire are automatically renewed.