Adding SSL to your Odoo website is fairly straightforward. The easiest way to accomplish this is by creating a Application Load Balancer and attaching an SSL certificate from AWS Certificate Manager (ACM) service. This will allow you to manage the SSL termination at the load balancer and enable scalability outside a single EC2 instance if needed. Once your AppXen Odoo instance is up and running:
- You will need a domains Hosted Zone to be within AWS Route53 in the same account your Odoo instance is running. You can either register a new domain via Route53 and create a hosted zone for that domain OR create a hosted zone and use the Name Servers that are generated for a domain you already own elsewhere.
- Generate a Public SSL Certificate via AWS ACM Console. See here for documentation.
Ensure you have a domain registered via Amazon Route53, and a Hosted Zone Created for the domain. This is the domain that will be used to serve the Odoo website and for which the SSL Certificate should be generated for
* (Use *.yourdomain.com to catch all subdomains like www).
- Create an Application Load Balancer (ALB) from within the AWS EC2 Console.
- Create two Protocol Groups for both SSL and Non-SSL e.g. HTTP:80 and HTTPS:443.
- for HTTP:80 - set a "redirect" rule to redirect all traffic to HTTPS:443
- for HTTPS:443 - choose the ALB certifcate you create previously for your domain name.
- Ensure the EC2 Security Group for the ALB allows traffic in only from HTTPS on port 443
- Within the Odoo EC2 instance security group, ensure you allow traffic in port 80, ONLY from the ALB security group (choose the actual security group you created as the source). This will ensure only the ALB can communicate with the instance on port 80 (HTTP) and the SSL will terminate at the ALB, further securing your EC2 instance.
- Create a Target Group for the ALB.
- Choose "Instances" and Name the Target Group whatever you want.
- Set the Protocol:Port to HTTP:80
- Set the HTTP version to HTTP1
- Health Checks should be set to HTTP and path should be set to /
- Click "Next" and associate the Target Group with your AppXen Odoo Instance
At this point you should have an Application Load Balancer, with SSL associated with the ALB (Created via ACM). A Target Group with at least HTTPS:443 traffic, and a health check on HTTP:80 / (root path) associated with your Odoo EC2 instance. You should now be able to access your Odoo application via your custom HTTPS enabled domain. Feel free to Contact Us if you need further assistance/support setting up your Odoo Server.