Configure Odoo with Nginx as a Reverse Proxy

By 

Updated on

5 min read

Configure Odoo with Nginx as a Reverse Proxy.

Odoo is one of the most popular business software platforms in the world, and it is packed with useful modules like customer relationship management (CRM), point of sale, project management, inventory management, automated invoicing, accounting, and e-commerce.

Odoo comes with a built-in web server, but in most cases it is recommended to have a reverse proxy in front of it which will act as an intermediary between the clients and the Odoo server.

This guide provides instructions on how to use Nginx as a SSL termination and reverse proxy to Odoo.

Prerequisites

Make sure that you have met the following prerequisites before continuing with this tutorial:

  • You have Odoo installed. If not, follow our guide on installing Odoo on Ubuntu .
  • You have a domain name pointing to your Odoo installation. In this article we will use odoo.example.com.
  • You have Nginx installed. If not, check the Nginx installation guide .
  • You have an SSL certificate installed for your domain. You can install a free Let’s Encrypt SSL certificate by following this guide .

Configure Nginx as a Reverse Proxy

Using a reverse proxy gives you a lot of benefits such as load balancing, SSL termination, caching, compression, and serving static content.

Below is a sample Nginx configuration file (server block ) that you can use for your Odoo installation. It listens on the standard HTTPS port, redirects all HTTP requests to HTTPS , proxies the live chat WebSocket connection, sets browser caching headers for static assets, and enables GZip compression.

Open your text editor and create the following file:

Terminal
sudo nano /etc/nginx/sites-available/odoo.example.com
/etc/nginx/sites-available/odoo.example.comnginx
# Odoo servers
upstream odoo {
    server 127.0.0.1:8069;
}

upstream odoochat {
    server 127.0.0.1:8072;
}

# HTTP -> HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name odoo.example.com;

    return 301 https://odoo.example.com$request_uri;
}

# Main server block
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name odoo.example.com;

    # SSL parameters
    ssl_certificate /etc/letsencrypt/live/odoo.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/odoo.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/odoo.example.com/chain.pem;

    # Log files
    access_log /var/log/nginx/odoo.access.log;
    error_log /var/log/nginx/odoo.error.log;

    # Proxy timeouts
    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Proxy headers
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # Websocket (live chat)
    location /websocket {
        proxy_pass http://odoochat;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Handle / requests
    location / {
        proxy_redirect off;
        proxy_pass http://odoo;
    }

    # Static file browser caching
    location ~* /web/static/ {
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip compression
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}
Info
Replace odoo.example.com with your own domain and update the SSL certificate paths to match your installation. The paths above match the default location used by Let’s Encrypt.

Enable the site by creating a symbolic link to the sites-enabled directory:

Terminal
sudo ln -s /etc/nginx/sites-available/odoo.example.com /etc/nginx/sites-enabled/

Test the configuration for syntax errors:

Terminal
sudo nginx -t

If there are no errors, restart the Nginx service to apply the changes:

Terminal
sudo systemctl restart nginx

Tell Odoo to Use the Proxy

When Odoo runs behind a reverse proxy, you need to enable proxy mode so that Odoo trusts the X-Forwarded-* headers Nginx sends. Without it, Odoo can build wrong URLs and redirect over plain HTTP.

Open the Odoo configuration file and add the following line. If your installation uses a versioned configuration file and service name, such as /etc/odoo19.conf and odoo19, use those names instead.

/etc/odoo.confini
proxy_mode = True

Save the file and restart the Odoo service:

Terminal
sudo systemctl restart odoo

Change the binding interface

This step is optional, but it is a good security practice.

By default, the Odoo server listens on port 8069 on all interfaces. To disable direct access to your Odoo instance, open the Odoo configuration file and bind the HTTP interface to localhost by adding the following line at the end of the file:

/etc/odoo.confini
http_interface = 127.0.0.1

Save the configuration file and restart the Odoo server for the change to take effect:

Terminal
sudo systemctl restart odoo

Now Odoo only accepts connections from the local machine, and all traffic must go through Nginx.

Troubleshooting

If something does not work after reloading Nginx, the cause is usually one of the following:

502 Bad Gateway
Nginx cannot reach Odoo. Confirm that the Odoo service is running and listening on port 8069. If you bound the interface to 127.0.0.1, make sure Nginx and Odoo run on the same host. Check /var/log/nginx/odoo.error.log for the exact upstream error.

Live chat or notifications do not work
The live chat uses a WebSocket connection on port 8072. Verify that the /websocket location is present and proxies to the odoochat upstream, and that the Upgrade and Connection headers are set. On Odoo versions older than 16, the endpoint is named /longpolling instead of /websocket, so use that location name and proxy it to port 8072.

Too many redirects
A redirect loop usually means Odoo does not know the request arrived over HTTPS. Make sure proxy_mode = True is set in the Odoo configuration and that Nginx forwards the X-Forwarded-Proto header.

Missing styling or broken assets
If the page loads without CSS, reload the page with the browser cache disabled and confirm the /web/static/ location proxies to the odoo upstream.

Conclusion

You have configured Nginx as an SSL termination and reverse proxy in front of Odoo, with HTTP to HTTPS redirection, WebSocket proxying, and browser caching headers for static assets. To keep your data safe, set up scheduled backups by following our guide on automatic Odoo backups .

Linuxize Weekly Newsletter

A quick weekly roundup of new tutorials, news, and tips.

About the authors

Dejan Panovski

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page