ScrollLaunchpadJobsSearchBlog

Mark Kaharo

Jul 21, 2025 • 2 min read

🔐 Securely Deploying Odoo with Nginx and Let's Encrypt on Debian 11

🎯 Objective

This guide walks you through securely deploying an Odoo application on a Debian 11 server behind Nginx, with HTTPS enabled via Let's Encrypt.
We'll use a sample subdomain: your-subdomain.example.com — Make sure to replace this with your actual domain or subdomain.

🧰 Step 1: Install Required Packages

Begin by installing Nginx, Certbot, and the Certbot Nginx plugin:

sudo apt update
sudo apt install nginx certbot python3-certbot-nginx -y

🔍 What this does:

  • apt update: Refreshes the package list from repositories.

  • apt install nginx: Installs the Nginx web server.

  • apt install certbot python3-certbot-nginx: Installs Certbot and its Nginx plugin to handle SSL certificates automatically.

📄 Step 2: Create Nginx Configuration for Your Subdomain

Create a new Nginx site configuration file:

sudo nano /etc/nginx/sites-available/your-subdomain.example.com

Paste the following configuration, updating your-subdomain.example.com with your actual subdomain:

server {
    server_name your-subdomain.example.com;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    client_max_body_size 200m;

    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;

    access_log /var/log/nginx/odoo-access.log;
    error_log /var/log/nginx/odoo-error.log;

    location / {
        proxy_pass http://127.0.0.1:8069;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /.well-known/acme-challenge {
        allow all;
    }

    listen 80;
}

🔗 Step 3: Enable the Site Configuration

Enable the newly created configuration:

sudo ln -s /etc/nginx/sites-available/your-subdomain.example.com /etc/nginx/sites-enabled/

Then test and reload Nginx:

sudo nginx -t sudo systemctl reload nginx

✅ Explanation:

  • ln -s: Creates a symbolic link to enable the site.

  • nginx -t: Tests for syntax errors in your config.

  • systemctl reload nginx: Reloads Nginx to apply changes.

🔥 Step 4: (Optional) Configure UFW Firewall

If using UFW (Uncomplicated Firewall), allow Nginx traffic:

sudo ufw allow 'Nginx Full'

🔐 Opens:

  • Port 80 (HTTP)

  • Port 443 (HTTPS)

🔒 Step 5: Obtain and Install SSL Certificate

Use Certbot to obtain and configure the SSL certificate:

sudo certbot --nginx -d your-subdomain.example.com

✅ What this does:

  • Automatically fetches a free SSL certificate from Let's Encrypt.

  • Updates your Nginx config for HTTPS.

  • Sets up automatic HTTP → HTTPS redirection.

🔁 Step 6: Test Auto-Renewal

Let’s ensure SSL will renew automatically:

sudo certbot renew --dry-run

🔄 This dry run simulates the renewal process to ensure your certificate will be automatically renewed before expiration.

🚀 Result

Your Odoo application is now live and securely accessible at:

👉 https://your-subdomain.example.com

It’s protected with a Let's Encrypt SSL certificate and routed through Nginx for better performance, security, and scalability.

✅ End of Guide

Need help deploying multiple Odoo instances or hardening your production environment?
Let’s connect on Peerlist or LinkedIn!

Join Mark on Peerlist!

Join amazing folks like Mark and thousands of other builders on Peerlist.

peerlist.io/

It’s available... this username is available! 😃

Claim your username before it's too late!

This username is already taken, you’re a little late.😐

0

5

0