Is Odoo UCS App actively maintained?

Hi@all,

I am currently working my way into Odoo because we want to use it in the future.
As server VM’s I like to use UCS and the app from it. The system maintenance and integration is just great.
The version of Odoo in the UCS App Store is 12, which is already two years old
Is it still actively maintained and is there a chance that there will be an update soon?

In the user administration of UCS you have the possibility to activate the app for a user after the Odoo installation.

What exactly happens here? I can’t log in with the UCS users in Odoo after activation. I have to create them in Odoo. Is this intended?

with best
sven

Hello Sven

Thanks or your interested in Odoo. I am Univention partner dedicated to Odoo projects and services. We are interested to push forward the status of Odoo integration in Univention UCS as we have customers running Nextcloud on UCS and Odoo in parallel, but without IDM integration, because obviously the SSO integration of Odoo with UCS requires additional development. I believe Univention needs some resource support to launch Odoo stable and ready for production on the platform…

i think the IDM integration is “nice to have” but not mandatory. I personally think that a general version update Odoo 13 or better 14 would be much more important

Yeah, I would say the priorities from highest to lowest are:

1. Block other ports than 80 and 443 from Internet to Odoo.
2. Enable SSL (forward http to https) with own subdomain for Odoo (e.g. odoo.ucs.example.com).
3. Versions 13 & 14.
4. Identity management integration enhancements.

I have that anyway. See point 2.

I do that for all servers. The pfSense runs as HA proxy with ACME for Let’ss Encrypt. This “connects” to the local server using the subdomain “odoo.mydomain.de” and takes care of the certificates.

that would be really important!

as I said. Nice to have.

pfSense with HA proxy, ACME and Let’s Encrypt sounds like an interesting solution. Can you @pixel (or any other) recommend any guide to create such setup? (Currently I am using Proxmox firewall for Ubuntu virtual machines hosting nginx, Odoo and Odoo related services.)

Unfortunately, I do not have a manual that is processed 1:1 and runs. I have basically followed these instructions (instructions are in German):

I have clarified problems in the netgate-forum.

It was a while ago but I remember that it took quite a while until it worked. This is because there are different approaches to both HAProxy and ACME (LE).

Do I understand correctly that you are not using pfSense so far?

@pixel Thanks for sharing the link. I will investigate it.

Correct, I am not (yet) using pfSense.

It is advisable to close all ports (including 8069) to Odoo, except 80 and 443, with a firewall. I am currently using Proxmox stack including firewall for that purpose. Thus, this seems to be relevant for me to extend the firewall for Odoo and UCS https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox.html#:~:text=on%20the%20host-,Basic%20Proxmox%20networking,eth0%20is%20for%20Proxmox%20management. (including HA Proxy, ACME, Let’s Encrypt)

I personally would not open unencrypted ports like 80 on the firewall to my LAN.

Maybe I didn’t express myself clearly. Proxy / web server should, of course, forward port 80 to 443.

Appreciate if anybody advise, how do I install odoo 14 in UCS instaad 12 (which is buit-in in app center)
regds

@pixel I finally found time to play with pfSense. Thanks again for sharing the guide – my pfSense <-> Odoo on UCS setup is working now!

But, not perfectly! Because Odoo on UCS runs directly on port 8069, the traffic between the reverse proxy (pfSense) and Odoo cannot be encrypted (this is why also “Encrypt(SSL)” for the HAProxy backend needs to set to “No”). This might not be a big problem if pfSense and the UCS system for Odoo are in the same private network (connected via VLAN), but neverthless, it is not totally a production grade professional setup because of the missing encryption.

Univention (@gulden) has asked help to solve this issue already in June 2019 (https://www.odoo.com/forum/help-1/howto-use-https-and-odoo-subfolder-with-odoo-12-official-docker-image-151737). It is after all just a proxy setup on local UCS system. My suggestion: make Odoo installable on subdomain, and forward HTTP to HTTPS and 443 to 8069. Hopefully Univention finds some time and/or money to fix this issue. Odoo is the most popular open source ERP in the world! Thus, Univention could gain new paying customers if it would offer platform to deploy latest versions of Odoo with integrated IDM, which is not yet the case.