Odoo 中文社区

    • Register
    • Login
    • Search
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Odoo中文社区可以通过以下两个域名访问:shine-it.net , odoo.net.cn

    由于系统升迁的原因,本论坛部分较早期的内容存在格式和链接损坏失效的问题,并非本论坛系统本身的缺陷,望谅解

    本社区没有维护任何QQ群讨论组,任何与本社区同名的QQ群讨论组的言论与本社区无关!

    开发人员可以登录gitter讨论组: http://gitter.im/odoo-china/Talk, 需要github账号

    如果您登录系统碰到问题,请在微信公众号留言:

    如何使用SSL加密

    Odoo 开发与实施交流
    3
    5
    5352
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      d_yang last edited by

      常在公网上跑,必须要加SSL.
      没有证书,去找StartSSL.com.

      Openerp的6.1似乎没有考虑这个,patch上。
      打开wsgi/core.py
      serve方法:

      <br /><br />&nbsp; &nbsp; try:<br />&nbsp; &nbsp; &nbsp; &nbsp; import werkzeug.serving<br />&nbsp; &nbsp; &nbsp; &nbsp; if config&#91;&#039;proxy_mode&#039;]:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from werkzeug.contrib.fixers import ProxyFix<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; app = ProxyFix(application)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; suffix = &#039; (in proxy mode)&#039;<br />&nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; app = application<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; suffix = &#039;&#039;<br />&nbsp; &nbsp; &nbsp; &nbsp; if config.has_ssl and config&#91;&#039;secure_pkey_file&#039;] and config&#91;&#039;secure_cert_file&#039;]:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx = {}<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import SSL<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx = SSL.Context(SSL.SSLv23_METHOD)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(config&#91;&#039;secure_cert_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; httpd = werkzeug.serving.make_server(interface, port, app, threaded=True, ssl_context=ctx)<br />&nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; httpd = werkzeug.serving.make_server(interface, port, app, threaded=True)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; _logger.info(&#039;HTTP service (werkzeug) running on %s:%s%s&#039;, interface, port, suffix)<br />&nbsp; &nbsp; except ImportError:<br />&nbsp; &nbsp; &nbsp; &nbsp; import wsgiref.simple_server<br />&nbsp; &nbsp; &nbsp; &nbsp; _logger.warning(&#039;Werkzeug module unavailable, falling back to wsgiref.&#039;)<br />&nbsp; &nbsp; &nbsp; &nbsp; if config&#91;&#039;proxy_mode&#039;]:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; _logger.warning(&#039;Werkzeug module unavailable, not using proxy mode.&#039;)<br />&nbsp; &nbsp; &nbsp; &nbsp; httpd = wsgiref.simple_server.make_server(interface, port, application)<br />&nbsp; &nbsp; &nbsp; &nbsp; _logger.info(&#039;HTTP service (wsgiref) running on %s:%s&#039;, interface, port)<br /><br />
      




      (需要Openssl的支持)

      启动服务时,别忘记加上 --cert-file, --pkey-file两个参数。

      over.

      1 Reply Last reply Reply Quote 0
      • C
        ccdos last edited by

        强人

        1 Reply Last reply Reply Quote 0
        • W
          wangbuke last edited by

          谢谢楼主贡献~

          补充下:StartSSL.com 提供单域名为期一年的SSL证书服务。下面提供一个自己制作SSL证书方法:

          $ openssl genrsa 1024 > server.key    生成密钥
          $ openssl req -new -key server.key > server.csr  生成csr证书
          $ openssl req -x509 -days 3650 -key server.key -in server.csr > server.crt  生成crt证书,期限10年

          自己生成的证书是未经各大机构签名,部署上去浏览器会提示证书无效,可以不管直接忽略。当然安全性可没有打折,还是SSL 1024  位加密。

          1 Reply Last reply Reply Quote 0
          • D
            d_yang last edited by

            StartSSL 可以续签的。不过,revoke需要钱。。。


            [quote author=wangbuke link=topic=4335.msg11875#msg11875 date=1346395837]
            谢谢楼主贡献~

            补充下:StartSSL.com 提供单域名为期一年的SSL证书服务。下面提供一个自己制作SSL证书方法:

            $ openssl genrsa 1024 > server.key    生成密钥
            $ openssl req -new -key server.key > server.csr  生成csr证书
            $ openssl req -x509 -days 3650 -key server.key -in server.csr > server.crt  生成crt证书,期限10年

            自己生成的证书是未经各大机构签名,部署上去浏览器会提示证书无效,可以不管直接忽略。当然安全性可没有打折,还是SSL 1024  位加密。
            [/quote]

            1 Reply Last reply Reply Quote 0
            • First post
              Last post