OpenERP SSL Connection

One of the main feautres of an enterprise system is security. To provide a secure connection between OpenERP web and users's browser you can enable SSL (https protocol). The following steps do this:

1- sudo su -

2- Install Apache web server and enable SSL module:

apt-get install apache2
apt-get install libapache2-mod-gnutls
apt-get install libapache2-mod-python
apt-get install libapache2-mod-wsgi
apt-get install libapache2-modxsltsudo /etc/init.d/apache2 restart
a2enmod headers
a2enmod proxy
a2enmod proxy_connect
a2enmod proxy_ftp
a2enmod proxy_http
a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart

3- Generating a key pair and X509 certificate file:

this could be done with OpenSSL command or some other packages like XCA or TinyCA.
I will explain this step in another post. For now just install XCA.

apt-get install xca

4- Edit Apache config file for SSL:

vi /etc/apache2/sites-available/default-ssl

4-1 make sure that SSL engine is on.

SSLEngine on

4-2 add the path of private key file and certificate file.

SSLCertificateFile $PATH_TO_CERTIFICATE_FILE
SSLCertificateKeyFile $PATH_TO_PRIVATE_KEY_FILE

4-3 add the following lines before ending VirtualHost tag.

<Proxy "*">
AddDefaultCharset off
order deny,allow
allow from all
</Proxy>
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set "X-Forwarded-Proto" "https"
SetEnv proxy-nokeepalive 1

4-4 restart Apache server

/etc/init.d/apache2 restart

5- open OpenERP config file, it is usually in your home folder, named
.openerp_serverrc (it is hidden) and enable proxy mode.

proxy_mode = True

6- start OpenERP server and point your browser to:

https://localhost



These steps has been tested on Ubuntu 10.04 but should work with little or no changes on other versions of Ubuntu.