OpenERP SSL Connection
One of the main feautres of an enterprise system is security. To provide a secure connection between OpenERP web and users's browser you can enable SSL (https protocol). The following steps do this:
1- sudo su -
2- Install Apache web server and enable SSL module:
apt-get install apache2
apt-get install libapache2-mod-gnutls
apt-get install libapache2-mod-python
apt-get install libapache2-mod-wsgi
apt-get install libapache2-modxsltsudo /etc/init.d/apache2 restart
a2enmod headers
a2enmod proxy
a2enmod proxy_connect
a2enmod proxy_ftp
a2enmod proxy_http
a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart
3- Generating a key pair and X509 certificate file:
this could be done with OpenSSL command or some other packages like XCA or TinyCA.
I will explain this step in another post. For now just install XCA.
apt-get install xca
4- Edit Apache config file for SSL:
vi /etc/apache2/sites-available/default-ssl
4-1 make sure that SSL engine is on.
SSLEngine on
4-2 add the path of private key file and certificate file.
SSLCertificateFile $PATH_TO_CERTIFICATE_FILE
SSLCertificateKeyFile $PATH_TO_PRIVATE_KEY_FILE
4-3 add the following lines before ending VirtualHost tag.
<Proxy "*">
AddDefaultCharset off
order deny,allow
allow from all
</Proxy>
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set "X-Forwarded-Proto" "https"
SetEnv proxy-nokeepalive 1
4-4 restart Apache server
/etc/init.d/apache2 restart
5- open OpenERP config file, it is usually in your home folder, named
.openerp_serverrc (it is hidden) and enable proxy mode.
proxy_mode = True
6- start OpenERP server and point your browser to:
https://localhost
These steps has been tested on Ubuntu 10.04 but should work with little or no changes on other versions of Ubuntu.
