Odoo is a powerful open source platform that offers a suite of business applications including: HR management, Employee Management, Payroll, Website Creation/CMS, CRM, and much more! It's an all in one/open source platform to run your entire business on. And yes, It's open source and offers full customization. This AppXen server features Odoo 16 fully containerized and running on Amazon EC2. It allows you to get up and running immediately with Odoo for free. It also provides mounted volumes so you can manage your data, build themes, and develop on top of the Odoo platform.
When launching your instance, provide the following security group rules:
TCP, 22, 22, YOUR-IP-ADDRESS*
TCP, 80, 80, 0.0.0.0/0
Always lock-down the SSH port to a single IP address. Opening your SSH port to the world i.e., `0.0.0.0/0` is a security risk and can compromise your instance.
Adding SSL to your Odoo website is fairly straightforward. The easiest way to accomplish this is by creating a Application Load Balancer and attaching an SSL certificate from AWS Certificate Manager (ACM) service. This will allow you to manage the SSL termination at the load balancer and enable scalability outside a single EC2 instance if needed. Once your AppXen Odoo instance is up and running:
- You will need a domains Hosted Zone to be within AWS Route53 in the same account your Odoo instance is running. You can either register a new domain via Route53 and create a hosted zone for that domain OR create a hosted zone and use the Name Servers that are generated for a domain you already own elsewhere.
- Generate a Public SSL Certificate via AWS ACM Console. See here for documentation.
- Create an Application Load Balancer (ALB) from within the AWS EC2 Console.
- Create two Protocol Groups for both SSL and Non-SSL e.g. HTTP:80 and HTTPS:443.
- for HTTP:80 - set a "redirect" rule to redirect all traffic to HTTPS:443
- for HTTPS:443 - choose the ALB certifcate you create previously for your domain name.
- Ensure the EC2 Security Group for the ALB allows traffic in only from HTTPS on port 443
- Within the Odoo EC2 instance security group, ensure you allow traffic in port 80, ONLY from the ALB security group (choose the actual security group you created as the source). This will ensure only the ALB can communicate with the instance on port 80 (HTTP) and the SSL will terminate at the ALB, further securing your EC2 instance.
- Create a Target Group for the ALB.
- Choose "Instances" and Name the Target Group whatever you want.
- Set the Protocol:Port to HTTP:80
- Set the HTTP version to HTTP1
- Health Checks should be set to HTTP and path should be set to /
- Click "Next" and associate the Target Group with your AppXen Odoo Instance
At this point you should have an Application Load Balancer, with SSL associated with the ALB (Created via ACM). A Target Group with at least HTTPS:443 traffic, and a health check on HTTP:80 / (root path) associated with your Odoo EC2 instance. You should now be able to access your Odoo application via your custom HTTPS enabled domain. Feel free to Contact Us if you need further assistance/support setting up your Odoo Server.