Download the latest Odoo build for Windows which installs itself as a service that will work on port 8069.

    Install and Configure Odoo as you would like it to be.

    After configuring your Odoo, you will need to setup a reverse proxy so that IIS can route traffic that comes into your server on port 80 and 443 to your local Odoo service which works on port 8069. This involves installing 2 web platform components called URL Rewrite, and Application Request Routing. If you don’t already have URL Rewrite 2.1 and Application Request Routing 3.0 installed you can do so easily with the Web Platform Installer.

    After installing both of the above items, you must create a website on your public web server that has the public bindings that you need. Alternately, you can use an existing site and route using conditions for certain traffic.

    After you’ve created your site then open up URL Rewrite at the site level.


    Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.


    If you receive a prompt (the first time) that the proxy functionality needs to be enabled, select OK. This is telling you that a proxy can route traffic outside of your web server, which happens to be our goal in this case. Be aware that reverse proxy rules can be dangerous if you open sites from inside you network to the world, so just be aware of what you’re doing and why.


    The next and final step of the template asks a few questions.


    The first textbox asks the name of the internal web server. In our example, it’s 10.10.0.50:8111. This can be any URL, including a subfolder like internal.mysite.com/blog. Don’t include the http or https here. The template assumes that it’s not entered.

    You can choose whether to perform SSL Offloading or not. Leave this checked so that you can access Odoo with a secure connection. The traffic only passed unecrypted whilst on this server to itself.

    Next, the template enables you to create an outbound rule. This is used to rewrite links in the page to look like your public domain name rather than the internal domain name. Outbound rules have a lot of CPU overhead because the entire web content needs to be parsed and updated. However, if you need it, then it’s well worth the extra CPU hit on the web server.

    If you check the “Rewrite the domain names of the links in HTTP responses” checkbox then the From textbox will be filled in with what you entered for the inbound rule. You can enter your friendly public URL for the outbound rule. This will essentially replace any reference to 10.10.0.50:8111 (or whatever you enter) with tools.mysite.com in all <a>, <form>, and <img> tags on your site.


    That’s it! Well, there is a lot more that you can do, this but will give you the base configuration. You can now visit www.mysite.com on your public web server and it will serve up the site from your internal web server.

    You should see two rules show up; one inbound and one outbound. You can edit these, add conditions, and tweak them further as needed.

    Once you have configured this correctly, check your web.config file at the root of your site, and compare it to below to ensure it works with Let's Encrypt's free SSL certificates.

    <?xml version="1.0" encoding="UTF-8"?>

    <configuration>

        <system.webServer>

            <rewrite>

                <rules>

                    <rule name="SSL_LetsEncrypt_Fixer" stopProcessing="true">

                    <!-- If url contains .well-known/acme-challenge then it matches, & don't process any other rules -->

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" negate="true" />                   

                        <action type="None" />

                    </rule>

                   

                    <rule name="Redirect HTTP to HTTPS" stopProcessing="true">

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" />

                        <conditions>

                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />

                        </conditions>

                        <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}"

                            redirectType="Permanent" appendQueryString="false" />

                    </rule>

                   

                    <rule name="ReverseProxyInboundRule1" stopProcessing="true">

                        <match url="(.*)" />

                        <action type="Rewrite" url="http://LOCAL_IP_ADDRESS_ODOO_IS_INSTALLED_ON:8069/{R:1}" />

                    </rule>

               

                </rules>

               

                <outboundRules>

               

               

                    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">

                        <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.254.20:8069/(.*)" />

                        <action type="Rewrite" value="http{R:1}://PUBLIC_DOMAIN_ADDRESS/{R:2}" />

                    </rule>

                    <preConditions>

                        <preCondition name="ResponseIsHtml1">

                            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

                        </preCondition>

                    </preConditions>

                   

                    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">

                    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*"/>

                    <conditions>

                        <add input="{HTTPS}" pattern="on" ignoreCase="true"/>

                    </conditions>

                    <action type="Rewrite" value="max-age=31536000"/>

                    </rule>

                   

                </outboundRules>

            </rewrite>

        </system.webServer>

    </configuration>