mirror of
https://github.com/odoo/documentation.git
synced 2026-01-04 10:46:04 +07:00
[I18N] *: export translations
closes odoo/documentation#6081
X-original-commit: a2bbd060ed
Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>
This commit is contained in:
Martin Trigaux
@@ -8,7 +8,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: Odoo saas-16.1\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2023-09-14 05:10+0000\n"
|
||||
"POT-Creation-Date: 2023-10-10 06:13+0000\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
@@ -231,7 +231,7 @@ msgstr ""
|
||||
#: ../../content/administration/install/deploy.rst:46
|
||||
#: ../../content/administration/install/deploy.rst:58
|
||||
#: ../../content/administration/install/deploy.rst:153
|
||||
#: ../../content/administration/install/deploy.rst:276
|
||||
#: ../../content/administration/install/deploy.rst:280
|
||||
msgid "in :ref:`the configuration file <reference/cmdline/config_file>` set:"
|
||||
msgstr ""
|
||||
|
||||
@@ -266,8 +266,8 @@ msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:95
|
||||
#: ../../content/administration/install/deploy.rst:145
|
||||
#: ../../content/administration/install/deploy.rst:231
|
||||
#: ../../content/administration/install/deploy.rst:271
|
||||
#: ../../content/administration/install/deploy.rst:235
|
||||
#: ../../content/administration/install/deploy.rst:275
|
||||
msgid "Configuration sample"
|
||||
msgstr ""
|
||||
|
||||
@@ -352,335 +352,315 @@ msgid "Builtin server"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:182
|
||||
msgid "Odoo includes built-in HTTP servers, using either multithreading or multiprocessing."
|
||||
msgid "Odoo includes built-in HTTP, cron, and live-chat servers, using either multi-threading or multi-processing."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:185
|
||||
msgid "For production use, it is recommended to use the multiprocessing server as it increases stability, makes somewhat better use of computing resources and can be better monitored and resource-restricted."
|
||||
msgid "The **multi-threaded** server is a simpler server primarily used for development, demonstrations, and its compatibility with various operating systems (including Windows). A new thread is spawned for every new HTTP request, even for long-lived connections such as websocket. Extra daemonic cron threads are spawned too. Due to a Python limitation (GIL), it doesn't make the best use of the hardware."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:189
|
||||
msgid "Multiprocessing is enabled by configuring :option:`a non-zero number of worker processes <odoo-bin --workers>`, the number of workers should be based on the number of cores in the machine (possibly with some room for cron workers depending on how much cron work is predicted)"
|
||||
#: ../../content/administration/install/deploy.rst:191
|
||||
msgid "The multi-threaded server is the default server, also for docker containers. It is selected by leaving the :option:`--workers <odoo-bin --workers>` option out or setting it to ``0``."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:193
|
||||
msgid "Worker limits can be configured based on the hardware configuration to avoid resources exhaustion"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:196
|
||||
msgid "multiprocessing mode currently isn't available on Windows"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:199
|
||||
msgid "Worker number calculation"
|
||||
#: ../../content/administration/install/deploy.rst:194
|
||||
msgid "The **multi-processing** server is a full-blown server primarily used for production. It is not liable to the same Python limitation (GIL) on resource usage and hence makes the best use of the hardware. A pool of workers is created upon server startup. New HTTP requests are queued by the OS until there are workers ready to process them. An extra event-driven HTTP worker for the live chat is spawned on an alternative port. Extra cron workers are spawned too. A configurable process reaper monitors resource usage and can kill/restart failed workers."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:201
|
||||
msgid "Rule of thumb : (#CPU * 2) + 1"
|
||||
msgid "The multi-processing server is opt-in. It is selected by setting the :option:`--workers <odoo-bin --workers>` option to a non-null integer."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:202
|
||||
msgid "Cron workers need CPU"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:203
|
||||
msgid "1 worker ~= 6 concurrent users"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:206
|
||||
msgid "memory size calculation"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:208
|
||||
msgid "We consider 20% of the requests are heavy requests, while 80% are simpler ones"
|
||||
#: ../../content/administration/install/deploy.rst:205
|
||||
msgid "Because it is highly customized for Linux servers, the multi-processing server is not available on Windows."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:209
|
||||
msgid "A heavy worker, when all computed field are well designed, SQL requests are well designed, ... is estimated to consume around 1GB of RAM"
|
||||
msgid "Worker number calculation"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:210
|
||||
msgid "A lighter worker, in the same scenario, is estimated to consume around 150MB of RAM"
|
||||
#: ../../content/administration/install/deploy.rst:211
|
||||
msgid "Rule of thumb : (#CPU * 2) + 1"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:212
|
||||
msgid "Cron workers need CPU"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:213
|
||||
msgid "1 worker ~= 6 concurrent users"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:216
|
||||
msgid "memory size calculation"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:218
|
||||
msgid "We consider 20% of the requests are heavy requests, while 80% are simpler ones"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:219
|
||||
msgid "A heavy worker, when all computed field are well designed, SQL requests are well designed, ... is estimated to consume around 1GB of RAM"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:220
|
||||
msgid "A lighter worker, in the same scenario, is estimated to consume around 150MB of RAM"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:222
|
||||
msgid "Needed RAM = #worker * ( (light_worker_ratio * light_worker_ram_estimation) + (heavy_worker_ratio * heavy_worker_ram_estimation) )"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:215
|
||||
#: ../../content/administration/install/deploy.rst:378
|
||||
#: ../../content/administration/install/deploy.rst:225
|
||||
#: ../../content/administration/install/deploy.rst:382
|
||||
msgid "LiveChat"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:217
|
||||
msgid "In multiprocessing, a dedicated LiveChat worker is automatically started and listening on :option:`the gevent port <odoo-bin --gevent-port>` but the client will not connect to it."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:221
|
||||
msgid "Instead you must have a proxy redirecting requests whose URL starts with ``/websocket/`` to the gevent port. Other request should be proxied to the :option:`normal HTTP port <odoo-bin --http-port>`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:225
|
||||
msgid "To achieve such a thing, you'll need to deploy a reverse proxy in front of Odoo, like nginx or apache. When doing so, you'll need to forward some more http Headers to Odoo, and activate the proxy_mode in Odoo configuration to have Odoo read those headers."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:233
|
||||
msgid "Server with 4 CPU, 8 Thread"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:234
|
||||
msgid "60 concurrent users"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:236
|
||||
msgid "60 users / 6 = 10 <- theoretical number of worker needed"
|
||||
#: ../../content/administration/install/deploy.rst:227
|
||||
msgid "In multi-processing, a dedicated LiveChat worker is automatically started and listens on the :option:`--gevent-port <odoo-bin --gevent-port>`. By default, the HTTP requests will keep accessing the normal HTTP workers instead of the LiveChat one. You must deploy a proxy in front of Odoo and redirect incoming requests whose path starts with ``/websocket/`` to the LiveChat worker. You must also start Odoo in :option:`--proxy-mode <odoo-bin --proxy-mode>` so it uses the real client headers (such as hostname, scheme, and IP) instead of the proxy ones."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:237
|
||||
msgid "(4 * 2) + 1 = 9 <- theoretical maximal number of worker"
|
||||
msgid "Server with 4 CPU, 8 Thread"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:238
|
||||
msgid "We'll use 8 workers + 1 for cron. We'll also use a monitoring system to measure cpu load, and check if it's between 7 and 7.5 ."
|
||||
msgid "60 concurrent users"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:239
|
||||
msgid "RAM = 9 * ((0.8*150) + (0.2*1024)) ~= 3Go RAM for Odoo"
|
||||
#: ../../content/administration/install/deploy.rst:240
|
||||
msgid "60 users / 6 = 10 <- theoretical number of worker needed"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:241
|
||||
msgid "(4 * 2) + 1 = 9 <- theoretical maximal number of worker"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:242
|
||||
msgid "We'll use 8 workers + 1 for cron. We'll also use a monitoring system to measure cpu load, and check if it's between 7 and 7.5 ."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:243
|
||||
msgid "RAM = 9 * ((0.8*150) + (0.2*1024)) ~= 3Go RAM for Odoo"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:245
|
||||
msgid "in :ref:`the configuration file <reference/cmdline/config_file>`:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:257
|
||||
#: ../../content/administration/install/deploy.rst:261
|
||||
msgid "HTTPS"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:259
|
||||
#: ../../content/administration/install/deploy.rst:263
|
||||
msgid "Whether it's accessed via website/web client or web service, Odoo transmits authentication information in cleartext. This means a secure deployment of Odoo must use HTTPS\\ [#switching]_. SSL termination can be implemented via just about any SSL termination proxy, but requires the following setup:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:264
|
||||
#: ../../content/administration/install/deploy.rst:268
|
||||
msgid "Enable Odoo's :option:`proxy mode <odoo-bin --proxy-mode>`. This should only be enabled when Odoo is behind a reverse proxy"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:265
|
||||
#: ../../content/administration/install/deploy.rst:269
|
||||
msgid "Set up the SSL termination proxy (`Nginx termination example`_)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:266
|
||||
#: ../../content/administration/install/deploy.rst:270
|
||||
msgid "Set up the proxying itself (`Nginx proxying example`_)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:267
|
||||
#: ../../content/administration/install/deploy.rst:271
|
||||
msgid "Your SSL termination proxy should also automatically redirect non-secure connections to the secure port"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:273
|
||||
#: ../../content/administration/install/deploy.rst:277
|
||||
msgid "Redirect http requests to https"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:274
|
||||
#: ../../content/administration/install/deploy.rst:278
|
||||
msgid "Proxy requests to odoo"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:282
|
||||
#: ../../content/administration/install/deploy.rst:286
|
||||
msgid "in ``/etc/nginx/sites-enabled/odoo.conf`` set:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:352
|
||||
#: ../../content/administration/install/deploy.rst:356
|
||||
msgid "Odoo as a WSGI Application"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:354
|
||||
#: ../../content/administration/install/deploy.rst:358
|
||||
msgid "It is also possible to mount Odoo as a standard WSGI_ application. Odoo provides the base for a WSGI launcher script as ``odoo-wsgi.example.py``. That script should be customized (possibly after copying it from the setup directory) to correctly set the configuration directly in :mod:`odoo.tools.config` rather than through the command-line or a configuration file."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:360
|
||||
#: ../../content/administration/install/deploy.rst:364
|
||||
msgid "However the WSGI server will only expose the main HTTP endpoint for the web client, website and webservice API. Because Odoo does not control the creation of workers anymore it can not setup cron or livechat workers"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:365
|
||||
#: ../../content/administration/install/deploy.rst:369
|
||||
msgid "Cron Workers"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:367
|
||||
msgid "To run cron jobs for an Odoo deployment as a WSGI application requires"
|
||||
#: ../../content/administration/install/deploy.rst:371
|
||||
msgid "Starting one of the built-in Odoo servers next to the WSGI server is required to process cron jobs. That server must be configured to only process crons and not HTTP requests using the :option:`--no-http <odoo-bin --no-http>` cli option or the ``http_enable = False`` configuration file setting."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:369
|
||||
msgid "A classical Odoo (run via ``odoo-bin``)"
|
||||
#: ../../content/administration/install/deploy.rst:376
|
||||
msgid "On Linux-like systems, using the multi-processing server over the multi-threading one is recommended to benefit from better hardware usage and increased stability, i.e., using the :option:`--workers=-1 <odoo-bin --workers>` and :option:`--max-cron-threads=n <odoo-bin --max-cron-threads>` cli options."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:370
|
||||
msgid "Connected to the database in which cron jobs have to be run (via :option:`odoo-bin -d`)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:372
|
||||
msgid "Which should not be exposed to the network. To ensure cron runners are not network-accessible, it is possible to disable the built-in HTTP server entirely with :option:`odoo-bin --no-http` or setting ``http_enable = False`` in the configuration file"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:380
|
||||
msgid "The second problematic subsystem for WSGI deployments is the LiveChat: where most HTTP connections are relatively short and quickly free up their worker process for the next request, LiveChat require a long-lived connection for each client in order to implement near-real-time notifications."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:385
|
||||
msgid "This is in conflict with the process-based worker model, as it will tie up worker processes and prevent new users from accessing the system. However, those long-lived connections do very little and mostly stay parked waiting for notifications."
|
||||
#: ../../content/administration/install/deploy.rst:384
|
||||
msgid "Using a gevent-compatible WSGI server is required for the correct operation of the live chat feature. That server should be able to handle many simultaneous long-lived connections but doesn't need a lot of processing power. All requests whose path starts with ``/websocket/`` should be directed to that server. A regular (thread/process-based) WSGI server should be used for all other requests."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:390
|
||||
msgid "The solutions to support livechat/motifications in a WSGI application are:"
|
||||
msgid "The Odoo cron server can also be used to serve the live chat requests. Just drop the :option:`--no-http <odoo-bin --no-http>` cli option from the cron server and make sure requests whose path starts with ``/websocket/`` are directed to this server, either on the :option:`--http-port <odoo-bin --http-port>` (multi-threading server) or on the :option:`--gevent-port <odoo-bin --gevent-port>` (multi-processing server)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:392
|
||||
msgid "Deploy a threaded version of Odoo (instead of a process-based preforking one) and redirect only requests to URLs starting with ``/websocket/`` to that Odoo, this is the simplest and the websocket URL can double up as the cron instance."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:396
|
||||
msgid "Deploy an evented Odoo via ``odoo-gevent`` and proxy requests starting with ``/websocket/`` to :option:`the gevent port <odoo-bin --gevent-port>`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:403
|
||||
#: ../../content/administration/install/deploy.rst:399
|
||||
msgid "Serving static files and attachments"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:405
|
||||
#: ../../content/administration/install/deploy.rst:401
|
||||
msgid "For development convenience, Odoo directly serves all static files and attachments in its modules. This may not be ideal when it comes to performances, and static files should generally be served by a static HTTP server."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:410
|
||||
#: ../../content/administration/install/deploy.rst:406
|
||||
msgid "Serving static files"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:412
|
||||
#: ../../content/administration/install/deploy.rst:408
|
||||
msgid "Odoo static files are located in each module's :file:`static/` folder, so static files can be served by intercepting all requests to :samp:`/{MODULE}/static/{FILE}`, and looking up the right module (and file) in the various addons paths."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:417
|
||||
#: ../../content/administration/install/deploy.rst:413
|
||||
msgid "Say Odoo has been installed via the **debian packages** for Community and Enterprise and the :option:`--addons-path <odoo-bin --addons-path>` is ``'/usr/lib/python3/dist-packages/odoo/addons'``."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:420
|
||||
#: ../../content/administration/install/deploy.rst:442
|
||||
#: ../../content/administration/install/deploy.rst:416
|
||||
#: ../../content/administration/install/deploy.rst:438
|
||||
msgid "Using the above NGINX (https) configuration, the following location block should be added to serve static files via NGINX."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:437
|
||||
#: ../../content/administration/install/deploy.rst:433
|
||||
msgid "Say Odoo has been installed via the **source**. The two git repositories for Community and Enterprise have been cloned in :file:`/opt/odoo/community` and :file:`/opt/odoo/enterprise` respectively and the :option:`--addons-path <odoo-bin --addons-path>` is ``'/opt/odoo/community/odoo/addons,/opt/odoo/community/addons,/opt/odoo/enterprise'``."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:459
|
||||
#: ../../content/administration/install/deploy.rst:455
|
||||
msgid "The actual NGINX configuration you need is highly dependent on your own installation. The two above snippets only highlight two possible configurations and may not be used as-is."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:463
|
||||
#: ../../content/administration/install/deploy.rst:459
|
||||
msgid "Serving attachments"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:465
|
||||
#: ../../content/administration/install/deploy.rst:461
|
||||
msgid "Attachments are files stored in the filestore which access is regulated by Odoo. They cannot be directly accessed via a static web server as accessing them requires multiple lookups in the database to determine where the files are stored and whether the current user can access them or not."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:470
|
||||
#: ../../content/administration/install/deploy.rst:466
|
||||
msgid "Nevertheless, once the file has been located and the access rights verified by Odoo, it is a good idea to serve the file using the static web server instead of Odoo. For Odoo to delegate serving files to the static web server, the `X-Sendfile <https://tn123.org/mod_xsendfile/>`_ (apache) or `X-Accel <https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/>`_ (nginx) extensions must be enabled and configured on the static web server. Once it is set up, start Odoo with the :option:`--x-sendfile <odoo-bin --x-sendfile>` CLI flag (this unique flag is used for both X-Sendfile and X-Accel)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:480
|
||||
#: ../../content/administration/install/deploy.rst:476
|
||||
msgid "The X-Sendfile extension for apache (and compatible web servers) does not require any supplementary configuration."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:482
|
||||
#: ../../content/administration/install/deploy.rst:478
|
||||
msgid "The X-Accel extension for NGINX **does** require the following additionnal configuration:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:491
|
||||
#: ../../content/administration/install/deploy.rst:487
|
||||
msgid "In case you don't know what is the path to your filestore, start Odoo with the :option:`--x-sendfile <odoo-bin --x-sendfile>` option and navigate to the ``/web/filestore`` URL directly via Odoo (don't navigate to the URL via NGINX). This logs a warnings, the message contains the configuration you need."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:500
|
||||
#: ../../content/administration/install/deploy.rst:496
|
||||
msgid "Security"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:502
|
||||
#: ../../content/administration/install/deploy.rst:498
|
||||
msgid "For starters, keep in mind that securing an information system is a continuous process, not a one-shot operation. At any moment, you will only be as secure as the weakest link in your environment."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:506
|
||||
#: ../../content/administration/install/deploy.rst:502
|
||||
msgid "So please do not take this section as the ultimate list of measures that will prevent all security problems. It's only intended as a summary of the first important things you should be sure to include in your security action plan. The rest will come from best security practices for your operating system and distribution, best practices in terms of users, passwords, and access control management, etc."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:512
|
||||
#: ../../content/administration/install/deploy.rst:508
|
||||
msgid "When deploying an internet-facing server, please be sure to consider the following security-related topics:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:515
|
||||
#: ../../content/administration/install/deploy.rst:511
|
||||
msgid "Always set a strong super-admin admin password, and restrict access to the database management pages as soon as the system is set up. See :ref:`db_manager_security`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:518
|
||||
#: ../../content/administration/install/deploy.rst:514
|
||||
msgid "Choose unique logins and strong passwords for all administrator accounts on all databases. Do not use 'admin' as the login. Do not use those logins for day-to-day operations, only for controlling/managing the installation. *Never* use any default passwords like admin/admin, even for test/staging databases."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:523
|
||||
#: ../../content/administration/install/deploy.rst:519
|
||||
msgid "Do **not** install demo data on internet-facing servers. Databases with demo data contain default logins and passwords that can be used to get into your systems and cause significant trouble, even on staging/dev systems."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:527
|
||||
#: ../../content/administration/install/deploy.rst:523
|
||||
msgid "Use appropriate database filters ( :option:`--db-filter <odoo-bin --db-filter>`) to restrict the visibility of your databases according to the hostname. See :ref:`db_filter`. You may also use :option:`-d <odoo-bin -d>` to provide your own (comma-separated) list of available databases to filter from, instead of letting the system fetch them all from the database backend."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:534
|
||||
#: ../../content/administration/install/deploy.rst:530
|
||||
msgid "Once your ``db_name`` and ``db_filter`` are configured and only match a single database per hostname, you should set ``list_db`` configuration option to ``False``, to prevent listing databases entirely, and to block access to the database management screens (this is also exposed as the :option:`--no-database-list <odoo-bin --no-database-list>` command-line option)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:540
|
||||
#: ../../content/administration/install/deploy.rst:536
|
||||
msgid "Make sure the PostgreSQL user (:option:`--db_user <odoo-bin --db_user>`) is *not* a super-user, and that your databases are owned by a different user. For example they could be owned by the ``postgres`` super-user if you are using a dedicated non-privileged ``db_user``. See also :ref:`setup/deploy/odoo`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:545
|
||||
#: ../../content/administration/install/deploy.rst:541
|
||||
msgid "Keep installations updated by regularly installing the latest builds, either via GitHub or by downloading the latest version from https://www.odoo.com/page/download or http://nightly.odoo.com"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:549
|
||||
#: ../../content/administration/install/deploy.rst:545
|
||||
msgid "Configure your server in multi-process mode with proper limits matching your typical usage (memory/CPU/timeouts). See also :ref:`builtin_server`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:552
|
||||
#: ../../content/administration/install/deploy.rst:548
|
||||
msgid "Run Odoo behind a web server providing HTTPS termination with a valid SSL certificate, in order to prevent eavesdropping on cleartext communications. SSL certificates are cheap, and many free options exist. Configure the web proxy to limit the size of requests, set appropriate timeouts, and then enable the :option:`proxy mode <odoo-bin --proxy-mode>` option. See also :ref:`https_proxy`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:559
|
||||
#: ../../content/administration/install/deploy.rst:555
|
||||
msgid "If you need to allow remote SSH access to your servers, make sure to set a strong password for **all** accounts, not just `root`. It is strongly recommended to entirely disable password-based authentication, and only allow public key authentication. Also consider restricting access via a VPN, allowing only trusted IPs in the firewall, and/or running a brute-force detection system such as `fail2ban` or equivalent."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:565
|
||||
#: ../../content/administration/install/deploy.rst:561
|
||||
msgid "Consider installing appropriate rate-limiting on your proxy or firewall, to prevent brute-force attacks and denial of service attacks. See also :ref:`login_brute_force` for specific measures."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:569
|
||||
#: ../../content/administration/install/deploy.rst:565
|
||||
msgid "Many network providers provide automatic mitigation for Distributed Denial of Service attacks (DDOS), but this is often an optional service, so you should consult with them."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:573
|
||||
#: ../../content/administration/install/deploy.rst:569
|
||||
msgid "Whenever possible, host your public-facing demo/test/staging instances on different machines than the production ones. And apply the same security precautions as for production."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:577
|
||||
#: ../../content/administration/install/deploy.rst:573
|
||||
msgid "If your public-facing Odoo server has access to sensitive internal network resources or services (e.g. via a private VLAN), implement appropriate firewall rules to protect those internal resources. This will ensure that the Odoo server cannot be used accidentally (or as a result of malicious user actions) to access or disrupt those internal resources. Typically this can be done by applying an outbound default DENY rule on the firewall, then only explicitly authorizing access to internal resources that the Odoo server needs to access. `Systemd IP traffic access control <http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html>`_ may also be useful to implement per-process network access control."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:588
|
||||
#: ../../content/administration/install/deploy.rst:584
|
||||
msgid "If your public-facing Odoo server is behind a Web Application Firewall, a load-balancer, a transparent DDoS protection service (like CloudFlare) or a similar network-level device, you may wish to avoid direct access to the Odoo system. It is generally difficult to keep the endpoint IP addresses of your Odoo servers secret. For example they can appear in web server logs when querying public systems, or in the headers of emails posted from Odoo. In such a situation you may want to configure your firewall so that the endpoints are not accessible publicly except from the specific IP addresses of your WAF, load-balancer or proxy service. Service providers like CloudFlare usually maintain a public list of their IP address ranges for this purpose."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:599
|
||||
#: ../../content/administration/install/deploy.rst:595
|
||||
msgid "If you are hosting multiple customers, isolate customer data and files from each other using containers or appropriate \"jail\" techniques."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:602
|
||||
#: ../../content/administration/install/deploy.rst:598
|
||||
msgid "Setup daily backups of your databases and filestore data, and copy them to a remote archiving server that is not accessible from the server itself."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:601
|
||||
msgid "Deploying Odoo on Linux is strongly recommended over Windows. Should you choose nevertheless to deploy on a Windows platform, a thorough security hardening review of the server should be conducted and is outside of the scope of this guide."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/deploy.rst:609
|
||||
msgid "Blocking Brute Force Attacks"
|
||||
msgstr ""
|
||||
@@ -1043,27 +1023,31 @@ msgstr ""
|
||||
msgid "Windows"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:150
|
||||
#: ../../content/administration/install/packages.rst:151
|
||||
msgid "Windows packaging is offered for the convenience of testing or running single-user local instances but production deployment is discouraged due to a number of limitations and risks associated with deploying Odoo on a Windows platform."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:155
|
||||
msgid "Download the installer from the `nightly server <https://nightly.odoo.com>`_ (Community only) or the Windows installer from the `Odoo download page <https://www.odoo.com/page/download>`_ (any edition."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:153
|
||||
#: ../../content/administration/install/packages.rst:158
|
||||
msgid "Execute the downloaded file."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:156
|
||||
#: ../../content/administration/install/packages.rst:161
|
||||
msgid "On Windows 8 and later, a warning titled *Windows protected your PC* may be displayed. Click **More Info** and then **Run anyway** to proceed."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:159
|
||||
#: ../../content/administration/install/packages.rst:164
|
||||
msgid "Accept the `UAC <https://en.wikipedia.org/wiki/User_Account_Control>`_ prompt."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:160
|
||||
#: ../../content/administration/install/packages.rst:165
|
||||
msgid "Go through the installation steps."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/install/packages.rst:162
|
||||
#: ../../content/administration/install/packages.rst:167
|
||||
msgid "Odoo launches automatically at the end of the installation."
|
||||
msgstr ""
|
||||
|
||||
@@ -1638,32 +1622,144 @@ msgstr ""
|
||||
msgid "Finally, click :guilabel:`Test Connection`. A confirmation message should appear. The Odoo database can now send safe, secure emails through Microsoft Outlook using OAuth authentication."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:192
|
||||
msgid "Multiple user configuration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:194
|
||||
msgid "Each user should have a separate server set up. The :guilabel:`from-filter` should be set so that only the user's email is sent from that server. In other words, only a user with an email address that matches the set :guilabel:`from-filter` is able to use this server."
|
||||
msgid "Configuration with a single outgoing mail server"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:198
|
||||
msgid "After setting the :guilabel:`from-filter`, set up a fallback email account to allow for the sending of :guilabel:`notifications`. The fallback email must be configured as a :guilabel:`general transactional server`. The :guilabel:`mail.default.from` system parameter must be set to the :guilabel:`username` of the general transactional server account. For more information see :ref:`Use a default email address <email_communication/default>`."
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:196
|
||||
msgid "Configuring a single outgoing server is the simplest configuration available for Microsoft Azure and it doesn't require extensive access rights for the users in the database."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:205
|
||||
#: ../../content/administration/maintain/mailjet_api.rst:213
|
||||
msgid "The :guilabel:`System Parameters` can be accessed by activating :doc:`../../applications/general/developer_mode` in the :menuselection:`Settings --> Technical --> Parameters --> System Parameters` menu."
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:199
|
||||
msgid "A generic email address would be used to send emails for all users within the database. For example it could be structured with a `notifications` alias (`notifications@example.com`) or `contact` alias (`contact@example.com`). This address must be set as the :guilabel:`FROM Filtering` on the server. This address must also match the `{mail.default.from}@{mail.catchall.domain}` key combination in the system parameters."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:210
|
||||
msgid "Configure incoming email server"
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:206
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:247
|
||||
msgid "For more information on the from filter visit: :ref:`email_communication/default`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:209
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:254
|
||||
msgid "The :guilabel:`System Parameters` can be accessed by activating :ref:`developer-mode` in the :menuselection:`Settings --> Technical --> Parameters --> System Parameters` menu."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:212
|
||||
msgid "When using this configuration, every email that is sent from the database will use the address of the configured `notification` mailbox. However it should be noted that the name of the sender will appear but their email address will change:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:-1
|
||||
msgid "Name from real sender with static email."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:221
|
||||
msgid "Single outgoing mail server configuration:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:223
|
||||
msgid "Outgoing mail server **username** (login) = `notifications@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:224
|
||||
msgid "Outgoing mail server :guilabel:`FROM Filtering` = `notifications@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:225
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:279
|
||||
msgid "`mail.catchall.domain` in system parameters = `example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:226
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:280
|
||||
msgid "`mail.default.from` in system parameters = `notifications`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:229
|
||||
msgid "User-specific (multiple user) configuration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:231
|
||||
msgid "In addition to a generic email server, individual email servers can be set up for users in a database. These email addresses must be set as the :guilabel:`FROM Filtering` on each individual server for this configuration to work."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:235
|
||||
msgid "This configuration is the more difficult of the two Microsoft Azure configurations, in that it requires all users configured with email servers to have access rights to settings in order to establish a connection to the email server."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:240
|
||||
#: ../../content/administration/odoo_sh/getting_started/branches.rst:480
|
||||
msgid "Setup"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:242
|
||||
msgid "Each user should have a separate email server set up. The :guilabel:`FROM Filtering` should be set so that only the user's email is sent from that server. In other words, only a user with an email address that matches the set :guilabel:`FROM Filtering` is able to use this server."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:249
|
||||
msgid "A :ref:`fallback server <azure_oauth/notifications>` must be setup to allow for the sending of :guilabel:`notifications`. The :guilabel:`FROM Filtering` for this server should have the value of the `{mail.default.from}@{mail.catchall.domain}`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:258
|
||||
msgid "The configuration for this transactional email server can work alongside an outgoing mass-mailing email server. The :guilabel:`FROM Filtering` for the mass-mailing email server can remain empty, but it's require to be added in the settings of the *Email Marketing* application."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:263
|
||||
msgid "For more information on setting the mass-mailing email server visit :ref:`email_communication/mass_mails`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:267
|
||||
msgid "Multiple user outgoing mail server configuration:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:270
|
||||
msgid "User #1 mailbox"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:270
|
||||
msgid "Outgoing mail server #1 **username** (login) = `john@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:271
|
||||
msgid "Outgoing mail server #1 :guilabel:`FROM Filtering` = `john@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:273
|
||||
msgid "User #2 mailbox"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:273
|
||||
msgid "Outgoing mail server #2 **username** (login) = `jane@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:274
|
||||
msgid "Outgoing mail server #2 :guilabel:`FROM Filtering` = `jane@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:276
|
||||
msgid "Notifications mailbox"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:276
|
||||
msgid "Outgoing mail server #3 **username** (login) = `notifications@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:277
|
||||
msgid "Outgoing mail server #3 :guilabel:`FROM Filtering` = `notifications@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:279
|
||||
msgid "System Parameters"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:283
|
||||
msgid "Configure incoming email server"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:285
|
||||
msgid "The incoming account should be configured in a similar way to the outgoing email account. Navigate to the :guilabel:`Incoming Mail Servers` in the :guilabel:`Technical Menu` and :guilabel:`Create` a new configuration. Check or Select the button next to :guilabel:`Outlook Oauth Authentication` and enter the :guilabel:`Microsoft Outlook username`. Click on :guilabel:`Connect your Outlook account`. Odoo will state: :guilabel:`Outlook Token Valid` Now :guilabel:`Test and Confirm` the account. The account should be ready to receive email to the Odoo database."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:220
|
||||
#: ../../content/administration/maintain/azure_oauth.rst:293
|
||||
msgid ":doc:`../../applications/general/email_communication/email_servers`"
|
||||
msgstr ""
|
||||
|
||||
@@ -2828,6 +2924,10 @@ msgstr ""
|
||||
msgid "For more information see :ref:`Using a default email address <email_communication/default>`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/mailjet_api.rst:213
|
||||
msgid "The :guilabel:`System Parameters` can be accessed by activating :doc:`../../applications/general/developer_mode` in the :menuselection:`Settings --> Technical --> Parameters --> System Parameters` menu."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/mailjet_api.rst:217
|
||||
msgid "Once the setup is complete, the Odoo database is ready to use the Mailjet email server for mass mailing or transactional emails!"
|
||||
msgstr ""
|
||||
@@ -3559,7 +3659,7 @@ msgid "If you have originally installed Odoo with the \"tarball\" version (sourc
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/update.rst:113
|
||||
msgid "You will get a folder labelled with the version of the source code, for example \"odoo-13.0+e.20190719\", that contains a folder \"odoo.egg-info\" and the actual source code folder named \"odoo\" (for Odoo 10 and later) or \"openerp\" for older versions. You can ignore the odoo.egg-info folder. Locate the folder where your current installation is deployed, and replace it with the newer \"odoo\" or \"openerp\" folder that was in the archive you just extracted."
|
||||
msgid "You will get a folder labeled with the version of the source code, for example \"odoo-13.0+e.20190719\", that contains a folder \"odoo.egg-info\" and the actual source code folder named \"odoo\" (for Odoo 10 and later) or \"openerp\" for older versions. You can ignore the odoo.egg-info folder. Locate the folder where your current installation is deployed, and replace it with the newer \"odoo\" or \"openerp\" folder that was in the archive you just extracted."
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/maintain/update.rst:119
|
||||
@@ -4530,10 +4630,6 @@ msgstr ""
|
||||
msgid "SSH"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/odoo_sh/getting_started/branches.rst:480
|
||||
msgid "Setup"
|
||||
msgstr ""
|
||||
|
||||
#: ../../content/administration/odoo_sh/getting_started/branches.rst:482
|
||||
msgid "In order to use SSH, you have to set up your profile SSH public key (if it is not already done). To do so, follow these steps:"
|
||||
msgstr ""
|
||||
|
||||
Reference in New Issue
Block a user