Configure Odoo
Create a clean, production-ready odoo.conf that binds Odoo to localhost, trusts the Nginx proxy, and restricts database access.
Create the Configuration File
Create the configuration directory and open the main configuration file in your editor of choice.
sudo mkdir -p /etc/odoo sudo nano /etc/odoo/odoo.conf
Paste the following production-ready configuration.
[options] admin_passwd = CHANGE_ME db_user = odoo addons_path = /opt/odoo/community/addons,/opt/odoo/custom,/opt/odoo/enterprise logfile = /opt/odoo/logs/odoo.log proxy_mode = True http_interface = 127.0.0.1 workers = 0 max_cron_threads = 1 dbfilter = ^master$ list_db = False limit_memory_soft = 268435456 limit_memory_hard = 536870912 limit_time_cpu = 120 limit_time_real = 240
Replace CHANGE_ME with a strong, unique password. This password controls access to the Odoo database manager. Keep this file readable only by the odoo user.
Set correct file permissions.
sudo chown odoo:odoo /etc/odoo/odoo.conf sudo chmod 640 /etc/odoo/odoo.conf
Configuration Option Reference
| Option | Value | Purpose |
|---|---|---|
proxy_mode | True | Trust X-Forwarded-* headers sent by Nginx. Required for HTTPS to work correctly. |
http_interface | 127.0.0.1 | Bind Odoo to localhost only. Prevents direct public access to port 8069. |
addons_path | comma-separated paths | Directories where Odoo looks for addons. Order matters: Community → Custom → Enterprise. |
dbfilter | regex | Restrict Odoo to databases matching this regular expression. Prevents accidental exposure of other databases. |
list_db | False | Hide the database selector page from the login screen. |
workers | 0 | Use single-threaded mode. Set to 2 or more for multi-process mode on larger servers. |
max_cron_threads | 1 | Number of threads dedicated to scheduled actions. |
Database Configuration
Because this guide uses Unix socket authentication (peer auth), no TCP database credentials are required. The following options can be omitted or left blank.
db_host = db_port = db_password =
PostgreSQL peer authentication allows the odoo OS user to connect to the
odoo PostgreSQL role via a Unix domain socket without a password.
This simplifies configuration and avoids storing credentials in the config file.
Memory Tuning
The values in this guide are suitable for a small Oracle Cloud Free Tier VM with approximately 1 GB RAM.
| Option | Value | Meaning |
|---|---|---|
limit_memory_soft | 268 MB | Worker is recycled when it exceeds this threshold |
limit_memory_hard | 512 MB | Worker is killed immediately if it exceeds this threshold |
limit_time_cpu | 120 s | Maximum CPU time per request |
limit_time_real | 240 s | Maximum wall-clock time per request |
For production servers with more RAM, increase limit_memory_soft and limit_memory_hard proportionally. Enable multi-process mode by setting workers to 2–4 per CPU core.
Verification
Test the configuration by starting Odoo manually before creating the systemd service.
sudo -u odoo /opt/odoo/venv/bin/python3 /opt/odoo/community/odoo-bin \
-c /etc/odoo/odoo.conf --stop-after-initAfter the systemd service is created, verify it like this.
sudo systemctl restart odoo sudo systemctl status odoo --no-pager tail -50 /opt/odoo/logs/odoo.log
- ✓ Configuration file created at
/etc/odoo/odoo.conf - ✓
admin_passwdchanged from the default - ✓
proxy_mode = Trueis set - ✓
http_interface = 127.0.0.1is set - ✓
addons_pathincludes Enterprise - ✓ File permissions: owner
odoo, mode640