This document describes basic steps to set up Odoo in production. It follows installation, but should not be used for development systems.
Odoo is a multi-tenant system: a single Odoo system may run and serve a number of database instances. It is also highly customizable, with customizations (starting from the modules being loaded) depending on the “current database”.
This is not an issue when working with the backend (web client) as a logged-in company user: the database can be selected when logging in, and customizations loaded afterwards.
However it is an issue for non-logged users (portal, website) which aren’t bound to a database: Odoo need to know which database should be used for the operations or to get the data. If multi-tenancy is not used that is not an issue, there’s only one database to use, but if there are multiple databases accessible Odoo needs a rule to know which one it should use.
That is one of the purposes of --db-filter: it specifies the default database for the Odoo system. The value is a regular expression, possibly including the dynamically injected hostname or subdomain through which the Odoo system is accessed.
If an Odoo hosts multiple databases in production, especially if website is used, it must use a dbfilter or a number of features will not work correctly or not use at all.
By default, PostgreSQL only allows connection over UNIX sockets and loopback connections (from “localhost”, the same machine the PostgreSQL server is installed on).
UNIX socket is fine if you want Odoo and PostgreSQL to execute on the same machine, and the default when no host is provided, but if you want Odoo and PostgreSQL to execute on different machines  it will need to listen to network interfaces , either:
Out of the box, Odoo connects to a local postgres over UNIX socket via port 5432. This can be overridden using the database options when your Postgres deployment is not local and/or does not use the installation defaults.
The packaged installers will automatically create a new user (odoo) and set it as the database user.
The database management screens are protected by the admin_passwd setting. This setting can only be set using configuration files, and is simply checked before performing database alterations. It should be set to a randomly generated value to ensure third parties can not use this interface.
all database operations use the database options, including the database management screen. For the database management screen to work requires that the user have createdb right.
users can always drop databases they own. For the database management screen to be completely non-functional, the user needs to be created with no-createdb and the database must be owned by a different user.
the user also needs to not be a superuser
Whether it’s accessed via website/web client or the webservice, Odoo transmits authentication information in cleatext. This means a secure deployment of Odoo must use HTTPS. SSL termination can be implemented via just about any SSL termination proxy, but requires the following setup:
Odoo includes built-in HTTP servers, using either multithreading or multiprocessing.
For production use, it is recommended to use the multiprocessing server as it increases stability, makes somewhat better use of computing resources and can be better monitored and resource-restricted.
multiprocessing mode currently isn’t available on Windows
In multiprocessing, a dedicated LiveChat worker is automatically started and listening on the longpolling port but the client will not connect to it.
Instead you must have a proxy redirecting requests whose URL starts with /longpolling/ to the longpolling port. Other request should be proxied to the normal HTTP port
It is also possible to mount Odoo as a standard WSGI application. Odoo provides the base for a WSGI launcher script as openerp-wsgi.py. That script should be customized (possibly after copying it) to correctly set the configuration directly in openerp.tools.config rather than through the command-line or a configuration file.
However the WSGI server will only expose the main HTTP endpoint for the web client, website and webservice API. Because Odoo does not control the creation of workers anymore it can not setup cron or livechat workers
To run cron jobs for an Odoo deployment as a WSGI application requires
The second problematic subsystem for WSGI deployments is the LiveChat: where most HTTP connections are relatively short and quickly free up their worker process for the next request, LiveChat require a long-lived connection for each client in order to implement near-real-time notifications.
This is in conflict with the process-based worker model, as it’s going to tie up worker processes and prevent new users from accessing the system. However, those long-lived connections do very little and mostly stay parked waiting for notifications.
The solutions to support livechat/motifications in a WSGI application are:
For development convenience, Odoo directly serves all static files in its modules. This may not be ideal when it comes to performances, and static files should generally be served by a static HTTP server.
Odoo static files live in each module’s static/ folder, so static files can be served by intercepting all requests to /MODULE/static/FILE, and looking up the right module (and file) in the various addons paths.
Configuring Odoo mentioned admin_passwd in passing.
This setting is used on all database management screens (to create, delete, dump or restore databases).
If the management screens must not be accessible, or must only be accessible from a selected set of machines, use the proxy server’s features to block access to all routes starting with /web/database except (maybe) /web/database/selector which displays the database-selection screen.
If the database-management screen should be left accessible, the admin_passwd setting must be changed from its admin default: this password is checked before allowing database-alteration operations.
It should be stored securely, and should be generated randomly e.g.
$ python -c 'import base64, os; print(base64.b64encode(os.urandom(24)))'
which will generate a 32 characters pseudorandom printable string.
|||to have multiple Odoo installations use the same PostgreSQL database, or to provide more computing resources to both software.|
|||technically a tool like socat can be used to proxy UNIX sockets across networks, but that is mostly for software which can only be used over UNIX sockets|
|||or be accessible only over an internal packet-switched network, but that requires secured switches, protections against ARP spoofing and precludes usage of WiFi. Even over secure packet-switched networks, deployment over HTTPS is recommended, and possible costs are lowered as “self-signed” certificates are easier to deploy on a controlled environment than over the internet.|