Tag Archive for: https

Securing Odoo for External Access with HTTPS using Nginx Proxy Manager

/in /by

Extend your local Odoo install with a reverse-proxy and Let’s Encrypt so users outside your office can connect via https://odoo.yourdomain.com:8443—no VPN needed.

1. DNS setup for your subdomain

Create an A record in your DNS provider:

  • Type: A
  • Name: odoo
  • Value: 2.179.165.134 (your public IP)
  • TTL: 2 hours (or default)

This ensures odoo.yourdomain.com resolves to your WAN address.

2. Update docker-compose.yml with Nginx Proxy Manager

version: '3.8'
services:
  odoo:
    image: odoo:18
    container_name: odoo
    depends_on: [db]
    ports:
      - "0.0.0.0:8069:8069"
    environment:
      - HOST=db
      - USER=odoo
      - PASSWORD=odoo
    volumes:
      - odoo-data:/var/lib/odoo
    networks: [odoo-net]

  db:
    image: postgres:16
    container_name: db
    environment:
      POSTGRES_DB: odoo
      POSTGRES_USER: odoo
      POSTGRES_PASSWORD: odoo
    volumes:
      - odoo-db-data:/var/lib/postgresql/data
    networks: [odoo-net]

  npm:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy-manager
    ports:
      - "80:80"      # HTTP for ACME challenges
      - "81:81"      # Admin UI
      - "8443:443"   # External HTTPS → internal 443
    volumes:
      - npm-data:/data
      - npm-letsencrypt:/etc/letsencrypt
    networks: [odoo-net]

networks:
  odoo-net:

volumes:
  odoo-data:
  odoo-db-data:
  npm-data:
  npm-letsencrypt:

3. Configure pfSense NAT & Firewall

3.1. Firewall / NAT / Port Forward

  • WAN port 81 → 192.168.121.145:8069:81
  • WAN port 8443 → 192.168.121.145:8069:8443

3.2. Firewall / Rules / WAN

  • Allow TCP 81 → WAN address
  • Allow TCP 8443 → WAN address.

(these rules are created automatic with the Port Forward)

3.3. System / Advanced / Firewall & NAT / Network Address Translation

  • Pure NAT
  • Enable NAT Reflection for 1:1 NAT
  • Enable automatic outbound NAT for Reflection

Note: NAT Relflection (Harpin NAT) allows connection with subdomian from the office. This will “loop” LAN requests back to the internal server correctly.

4. Set up your Proxy Host in Nginx Proxy Manager

  • Domain Names: odoo.yourdomain.com
  • Scheme: http
  • Forward Hostname/IP: 192.168.121.145
  • Forward Port: 8069
  • Websockets Support: ✅
  • Block Common Exploits: ✅

SSL (Let’s Encrypt)

  • Request a new SSL certificate
  • Force SSL, HTTP/2, HSTS
  • Enter your email, accept terms, Save

5. Access Odoo externally

➡️ URL:

https://odoo.yourdomain.com:8443
  • Fully encrypted with Let’s Encrypt
  • Uses port 8443 to avoid conflict with VPN on 443
  • No VPN required

Forcing the domain to serve securely using HTTPS (for any site)

/in /by

Is your WordPress site shown as No Secure Connection? Solve this easily forcing any http request to be rewritten using https. Just copy and paste the code below into your .htaccess file exactly as shown.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Header always set Content-Security-Policy: upgrade-insecure-requests