RobFauls-Com
/
website-scripts
1
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
website-scripts/Odoo/Install-Odoo16-Debian11.sh

341 lines
12 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#
# Install Odoo 16 on Debian 11 with LetsEncrypt SSL certificate
# Created by Rob Fauls 10/27/2022
#
# Description:
# This script automates the installation of Odoo 16 on a fresh Debian 11 system.
# It configures Nginx as a reverse proxy and sets up Let's Encrypt SSL certificate.
#
# Usage:
# - Run the script as a user with sudo privileges.
# - Make sure you have a fresh install of Debian 11 with a domain name and accessible ports 80 and 443.
# - Follow the prompts to enter the domain name and email address associated with the SSL certificate.
# - The script will update the system, install prerequisites, install Odoo 16, configure Let's Encrypt, and set up Nginx.
#
# Dependencies:
# - wget, gnupg2, certbot, python3-certbot-nginx
#
# Note: Please review the script and modify it to fit your specific requirements.
#
# Feel free to use and modify this script, ensuring that you contribute any improvements back to the source.
#
if [ "$EUID" -ne 0 ]
then
echo "This script must be run with sudo privileges. Exiting."
exit 1
fi
#If anything fails, exit the script.
set -e
# Set the log file path
LOG_FILE="$(dirname "$0")/OdooInstall.log"
# Redirect stdout and stderr to the log file
exec > >(tee -a "$LOG_FILE") 2>&1
# Function to print print_to_terminal commands to the terminal
print_to_terminal() {
echo ">> $@"
}
print_to_terminal "SYSTEM REQUIREMENTS"
print_to_terminal "Fresh install of Debian 11"
print_to_terminal "Domain name"
print_to_terminal "Public IP with ports 80 and 443 accessible (LetsEncrypt)"
print_to_terminal ""
print_to_terminal "Please be sure everything is properly configured."
print_to_terminal "If you are missing the domain name or ports, LetsEncrypt and Nginx will not be properly configured"
#Install prerequisites
print_to_terminal "Making sure we have the basics installed before beginning..."
DEBIAN_FRONTEND=noninteractive apt-get install -qq -y wget gnupg2 curl >/dev/null 2>&1
# Check the installation status
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to install prerequisites. Exiting."
exit 1
fi
# Create an empty crontab for root if it doesn't exist
if ! crontab -l -u root >/dev/null 2>&1; then
echo | crontab -u root -
fi
###START Check if user would like to update the script###
read -rp "Would you like to check for an updated script? [y/N]: " response
# Convert the response to lowercase for case-insensitive comparison
response=${response,,}
# Check if the user wants to check for an updated script
if [[ $response == "y" || $response == "yes" ]]; then
# Retrieve the latest version of the script
curl -s -o odoo_install_update.sh https://code.flatironnetworks.com/RobFauls-Com/website-scripts/raw/branch/main/Odoo/Install-Odoo16-Debian11.sh
# Calculate the hash values
current_hash=$(md5sum "$0" | awk '{print $1}')
updated_hash=$(md5sum odoo_install_update.sh | awk '{print $1}')
# Compare the hash values
if [[ $current_hash != $updated_hash ]]; then
print_to_terminal "An update is available. Performing self-update..."
# Replace the existing script with the updated script
mv odoo_install_update.sh "$0"
chmod +x "$0"
# Run the updated script
exec "$0" "$@"
else
print_to_terminal "The script is already up to date."
fi
else
print_to_terminal "Skipping script update."
fi
###FINISH Check if user would like to update the script###
###START Unattended Upgrades###
read -rp "Would you like to enable unattended upgrades for automatic security updates? [y/N]: " response
# Convert the response to lowercase for case-insensitive comparison
response=${response,,}
if [[ $response == "y" || $response == "yes" ]]; then
# Install unattended-upgrades package
apt-get update >/dev/null 2>&1
apt-get install unattended-upgrades -y >/dev/null 2>&1
# Configure unattended-upgrades
cat <<EOT > /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOT
# Customize the configuration as needed
cat <<EOT > /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"\${distro_id}:\${distro_codename}-security";
"\${distro_id}:\${distro_codename}-updates";
"\${distro_id}:\${distro_codename}-proposed";
"\${distro_id}:\${distro_codename}-backports";
};
Unattended-Upgrade::Package-Blacklist {
// Uncomment the following line to exclude specific packages from automatic upgrades
// "package-name";
};
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Mail "false";
EOT
# Enable and start the unattended-upgrades service
systemctl enable unattended-upgrades
systemctl start unattended-upgrades
print_to_terminal "Unattended upgrades have been enabled."
else
print_to_terminal "Unattended upgrades have not been enabled."
fi
###FINISH Unattended Upgrades###
###BEGIN Gather user input###
print_to_terminal "Let's collect some information about your environment"
# Validate domain name
while true; do
print_to_terminal "Please enter your domain name:"
read -r DOMAIN
# Validate domain name using regular expression
if [[ ! $DOMAIN =~ ^[a-zA-Z0-9]+([-.][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}$ ]]; then
print_to_terminal "Invalid domain name. Please enter a valid domain name."
else
break
fi
done
# Validate email address
while true; do
print_to_terminal "Please enter the email address you'd like to associate with the SSL certificate:"
read -r EMAIL
# Validate email address using regular expression
if [[ ! $EMAIL =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$ ]]; then
print_to_terminal "Invalid email address. Please enter a valid email address."
else
break
fi
done
###END Gather user input###
#Make sure system is up to date and remove any unnecessary packages
print_to_terminal "Checking for updates."
apt update >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to update packages. Exiting."
exit 1
fi
print_to_terminal "Applying system updates."
apt upgrade -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to install packages. Exiting."
exit 1
fi
print_to_terminal "Autoremoving unnecessary packages."
apt autoremove -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to auto-remove packages. Exiting."
exit 1
fi
#Install wkhtmltopdf
print_to_terminal "Installing wkhtmltopdf"
wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox_0.12.6.1-2.bullseye_amd64.deb >/dev/null 2>&1
apt install ./wkhtmltox*bullseye_amd64.deb -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to install wkhtmltopdf. Exiting."
exit 1
fi
#Install Odoo 16
print_to_terminal "Installing Odoo 16."
print_to_terminal "This may take a few minutes, as Odoo's servers can be a bit slow..."
wget https://nightly.odoo.com/odoo.key >/dev/null 2>&1
cat odoo.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/odoo.gpg >/dev/null 2>&1
echo "deb http://nightly.odoo.com/16.0/nightly/deb/ ./" | tee -a /etc/apt/sources.list.d/odoo.list >/dev/null
apt update >/dev/null 2>&1
apt install odoo -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to install Odoo. Exiting."
exit 1
fi
#Install LetsEncrypt and configure SSL certificates
print_to_terminal "Installing LetsEncrypt and configuring SSL certificates."
apt install certbot python3-certbot-nginx -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to install Let's Encrypt and Certbot. Exiting."
exit 1
fi
systemctl stop nginx
/usr/bin/certbot certonly --standalone -d ${DOMAIN} --preferred-challenges http --agree-tos -n -m ${EMAIL} --keep-until-expiring >/dev/null 2>&1
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to configure SSL certificates with Let's Encrypt. Exiting."
exit 1
fi
#Insert cron job for LetsEncypt refresh certs into crontab
print_to_terminal "Configuring cron job to renew LetsEncrypt Certificates"
crontab -l; echo "15 3 * * * /usr/bin/certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx'" | sort -u | crontab - >/dev/null 2>&1
#Create Nginx configuration file:
cat <<EOF >/etc/nginx/sites-available/odoo.conf
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
# http -> https
server {
listen 80;
server_name $DOMAIN;
rewrite ^(.*) https://\$host$1 permanent;
}
server {
listen 443 ssl;
server_name $DOMAIN;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Real-IP \$remote_addr;
# SSL parameters
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$DOMAIN/chain.pem;
ssl_session_timeout 30m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect websocket requests to odoo gevent port
location /websocket {
proxy_pass http://odoochat;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Real-IP \$remote_addr;
}
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
EOF
#Create symlink to enable the site
ln -s /etc/nginx/sites-available/odoo.conf /etc/nginx/sites-enabled/
if [ $? -ne 0 ]; then
print_to_terminal "Error: Failed to create symlink for Nginx configuration. Exiting."
exit 1
fi
# Check health of Nginx configuration
print_to_terminal "Checking health of NGINX configuration."
if ! nginx -t; then
print_to_terminal "Error: Nginx configuration test failed. Exiting."
exit 1
fi
#Modify odoo.conf to properly use Nginx, allow chat to work, and define the default addons path
cat <<EOF >>/etc/odoo/odoo.conf
proxy_mode = True
max_cron_threads = 1
workers = 2
longpolling_port = 8072
addons_path = /var/lib/odoo/.local/share/Odoo/addons/16.0
EOF
#Restart Odoo and Nginx
systemctl restart odoo
systemctl restart nginx
print_to_terminal
print_to_terminal
print_to_terminal "Odoo16 installation has completed!"
print_to_terminal "If you're using CloudFlare, you may need to modify the SSL/TLS encryption mode."
print_to_terminal "Without modifying the encryption mode, you may be unable to access the site"
print_to_terminal
print_to_terminal "Please go to https://"${DOMAIN}"/ to access your installation."
print_to_terminal ${RED}"https://"${DOMAIN}":8069 is also currently accessible."${RESET}
print_to_terminal ${YELLOW}"You may consider blocking port 8069 to avoid unsecure or uncached connections to Odoo."${RESET}
Reference in New Issue View Git Blame Copy Permalink