brett.spaulding
/
InstallScript_Odoo
mirror of https://github.com/Yenthe666/InstallScript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed multiple if statements to PROXY_MODE installation

Browse Source
pull/233/head
Carlitos Melgar 6 years ago
parent 43a7f51897
commit 62e3a97fe1
1 changed files with 174 additions and 97 deletions
Show Stats Download Patch File Download Diff File

121
odoo_install.sh
Unescape View File

@ -266,26 +266,53 @@ sudo chown root: /etc/init.d/$OE_CONFIG
echo -e "\n---- Start ODOO on Startup ----\n" echo -e "\n---- Start ODOO on Startup ----\n"
sudo update-rc.d $OE_CONFIG defaults sudo update-rc.d $OE_CONFIG defaults
#-------------------------------------------------- #-----------------------------------------------------------------------
# Install Nginx if needed # PROXY_MODE != PROXY_NONE (Nginx will be install to port 80 and/or 443)
#-------------------------------------------------- #-----------------------------------------------------------------------
if [ $INSTALL_NGINX = "True" ]; then if [ $PROXY_MODE != "PROXY_NONE" ]; then
echo -e "\n---- Installing and setting up Nginx ----" echo -e "\n---- Installing and setting up Nginx ----\n"
sudo apt install nginx -y sudo apt install nginx -y
cat <<EOF > ~/odoo
server {
listen 80;
# set proper server name after domain set cat <<EOF >~/odoo
server_name $WEBSITE_NAME; upstream odoo {
server 127.0.0.1:$OE_PORT;
}
upstream odoochat {
server 127.0.0.1:$LONGPOLLING_PORT;
}
$(
if [ "$PROXY_MODE" = "PROXY_HTTP" ]; then
echo "# PROXY MODE USES HTTP"
echo " server {"
echo " listen 80;"
echo " server_name "$WEBSITE_NAME";"
fi
if [ "$PROXY_MODE" = "PROXY_LETSENCRYPT" ]; then
echo "# PROXY MODE USES LETSENCRYPT"
echo " server {"
echo " listen 80;"
echo " server_name "$WEBSITE_NAME";"
echo " "
echo " rewrite ^(.*) https://\$host\$1 permanent;"
echo " }"
echo " "
echo " server {"
echo " listen 443 ssl http2;"
echo " server_name "$WEBSITE_NAME";"
echo " "
echo " include snippets/ssl.conf;"
echo " include snippets/letsencrypt.conf;"
fi
)
# Add Headers for odoo proxy mode # Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host \$host; proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Real-IP \$remote_addr;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
proxy_set_header X-Client-IP \$remote_addr; proxy_set_header X-Client-IP \$remote_addr;
proxy_set_header HTTP_X_FORWARDED_HOST \$remote_addr; proxy_set_header HTTP_X_FORWARDED_HOST \$remote_addr;
@ -302,8 +329,7 @@ if [ $INSTALL_NGINX = "True" ]; then
proxy_send_timeout 900s; proxy_send_timeout 900s;
# force timeouts if the backend dies # force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
http_503;
types { types {
text/less less; text/less less;
@ -314,33 +340,34 @@ if [ $INSTALL_NGINX = "True" ]; then
gzip on; gzip on;
gzip_min_length 1100; gzip_min_length 1100;
gzip_buffers 4 32k; gzip_buffers 4 32k;
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript application/pdf image/jpeg image/png; gzip_types text/css text/scss text/less text/plain text/xml application/xml application/json application/javascript application/pdf image/jpeg image/png;
gzip_vary on; gzip_vary on;
client_header_buffer_size 4k; client_header_buffer_size 4k;
large_client_header_buffers 4 64k; large_client_header_buffers 4 64k;
client_max_body_size 0; client_max_body_size 0;
location / { location / {
proxy_pass http://127.0.0.1:$OE_PORT; proxy_pass http://odoo;
# by default, do not forward anything proxy_redirect off; # by default, do not forward anything
proxy_redirect off;
} }
location /longpolling { location /longpolling {
proxy_pass http://127.0.0.1:$LONGPOLLING_PORT; proxy_pass http://odoochat;
} }
location ~* .(js|css|png|jpg|jpeg|gif|ico)$ { location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires 2d; expires 2d;
proxy_pass http://127.0.0.1:$OE_PORT; proxy_pass http://odoo;
add_header Cache-Control "public, no-transform"; add_header Cache-Control "public, no-transform";
} }
# cache some static data in memory for 60mins. # cache some static data in memory for 60mins.
location ~ /[a-zA-Z0-9_-]*/static/ { location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_cache_valid 200 302 60m; proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m; proxy_cache_valid 404 1m;
proxy_buffering on; proxy_buffering on;
expires 864000; expires 864000;
proxy_pass http://127.0.0.1:$OE_PORT; proxy_pass http://odoo;
} }
} }
EOF EOF
@ -358,12 +385,59 @@ fi
# Enable ssl with certbot # Enable ssl with certbot
#-------------------------------------------------- #--------------------------------------------------
if [ $INSTALL_NGINX = "True" ] && [ $ENABLE_SSL = "True" ] && [ $ADMIN_EMAIL != "odoo@example.com" ] && [ $WEBSITE_NAME != "_" ];then if [ $PROXY_MODE = "PROXY_LETSENCRYPT" ] && [ $ADMIN_EMAIL != "odoo@example.com" ] && [ $WEBSITE_NAME != "_" ]; then
echo -e "\n---- Installing and setting up Cerbot ----\n"
sudo add-apt-repository ppa:certbot/certbot -y && sudo apt-get update -y sudo add-apt-repository ppa:certbot/certbot -y && sudo apt-get update -y
sudo apt-get install python-certbot-nginx -y sudo apt-get install python-certbot-nginx -y
echo -e "\n---- Generating dhparam ----\n"
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt
echo -e "\n---- Wrting snippets: ssl.conf + letsencrypt.conf ----\n"
cat <<EOF >/etc/nginx/snippets/ssl.conf
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
EOF
cat <<EOF >/etc/nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/lib/letsencrypt/;
default_type "text/plain";
try_files \$uri =404;
}
EOF
echo -e "\n---- Generating and installing SSL certificates ----\n"
sudo certbot --nginx -d $WEBSITE_NAME --noninteractive --agree-tos --email $ADMIN_EMAIL --redirect sudo certbot --nginx -d $WEBSITE_NAME --noninteractive --agree-tos --email $ADMIN_EMAIL --redirect
sudo service nginx reload sudo service nginx reload
echo -e "\n---- SSL/HTTPS is enabled! ----\n" echo -e "\n---- SSL/HTTPS is enabled! ----\n"
echo -e "\n---- Updating cron job to renew certificate ----\n"
sudo sed -i 's/43200/3600/g' /etc/cron.d/certbot
sudo sed -i 's/-q renew/-q renew --renew-hook "systemctl reload nginx"/g' /etc/cron.d/certbot
else else
echo -e "\n---- SSL/HTTPS isn't enabled due to choice of the user or because of a misconfiguration! ----\n" echo -e "\n---- SSL/HTTPS isn't enabled due to choice of the user or because of a misconfiguration! ----\n"
fi fi
@ -381,6 +455,9 @@ echo "Password superadmin (database): $OE_SUPERADMIN"
echo "Start Odoo service: sudo service $OE_CONFIG start" echo "Start Odoo service: sudo service $OE_CONFIG start"
echo "Stop Odoo service: sudo service $OE_CONFIG stop" echo "Stop Odoo service: sudo service $OE_CONFIG stop"
echo "Restart Odoo service: sudo service $OE_CONFIG restart" echo "Restart Odoo service: sudo service $OE_CONFIG restart"
if [ $PROXY_MODE != "PROXY_NONE" ]; then
echo -e "\n---- Nginx configuration file: /etc/nginx/sites-available/odoo ----\n" echo -e "\n---- Nginx configuration file: /etc/nginx/sites-available/odoo ----\n"
else
echo -e "\n---- Nginx was not installed because PROXY_MODE is PROXY_NONE ----\n"
fi fi
echo "-----------------------------------------------------------" echo "-----------------------------------------------------------"

Write Preview
Loading…
Cancel
Save