Securing Odoo for External Access with HTTPS using Nginx Proxy Manager
Extend your local Odoo install with a reverse-proxy and Let’s Encrypt so users outside your office can connect via https://odoo.yourdomain.com:8443
—no VPN needed.
1. DNS setup for your subdomain
Create an A record in your DNS provider:
- Type: A
- Name: odoo
- Value: 2.179.165.134 (your public IP)
- TTL: 2 hours (or default)
This ensures odoo.yourdomain.com
resolves to your WAN address.
2. Update docker-compose.yml
with Nginx Proxy Manager
version: '3.8'
services:
odoo:
image: odoo:18
container_name: odoo
depends_on: [db]
ports:
- "0.0.0.0:8069:8069"
environment:
- HOST=db
- USER=odoo
- PASSWORD=odoo
volumes:
- odoo-data:/var/lib/odoo
networks: [odoo-net]
db:
image: postgres:16
container_name: db
environment:
POSTGRES_DB: odoo
POSTGRES_USER: odoo
POSTGRES_PASSWORD: odoo
volumes:
- odoo-db-data:/var/lib/postgresql/data
networks: [odoo-net]
npm:
image: jc21/nginx-proxy-manager:latest
container_name: nginx-proxy-manager
ports:
- "80:80" # HTTP for ACME challenges
- "81:81" # Admin UI
- "8443:443" # External HTTPS → internal 443
volumes:
- npm-data:/data
- npm-letsencrypt:/etc/letsencrypt
networks: [odoo-net]
networks:
odoo-net:
volumes:
odoo-data:
odoo-db-data:
npm-data:
npm-letsencrypt:
3. Configure pfSense NAT & Firewall
3.1. Firewall / NAT / Port Forward
- WAN port 81 → 192.168.121.145:8069:81
- WAN port 8443 → 192.168.121.145:8069:8443
3.2. Firewall / Rules / WAN
- Allow TCP 81 → WAN address
- Allow TCP 8443 → WAN address.
(these rules are created automatic with the Port Forward)
3.3. System / Advanced / Firewall & NAT / Network Address Translation
- Pure NAT
- Enable NAT Reflection for 1:1 NAT
- Enable automatic outbound NAT for Reflection
Note: NAT Relflection (Harpin NAT) allows connection with subdomian from the office. This will “loop” LAN requests back to the internal server correctly.
4. Set up your Proxy Host in Nginx Proxy Manager
- Domain Names: odoo.yourdomain.com
- Scheme: http
- Forward Hostname/IP: 192.168.121.145
- Forward Port: 8069
- Websockets Support: ✅
- Block Common Exploits: ✅
SSL (Let’s Encrypt)
- Request a new SSL certificate
- Force SSL, HTTP/2, HSTS
- Enter your email, accept terms, Save
5. Access Odoo externally
➡️ URL:
https://odoo.yourdomain.com:8443
- Fully encrypted with Let’s Encrypt
- Uses port 8443 to avoid conflict with VPN on 443
- No VPN required