[DOC] Adds instructions for manual setup of remote access
This commit is contained in:
parent
340778c6f4
commit
1c88eb775d
25
README.md
25
README.md
@ -31,3 +31,28 @@ This container should listen to external connections, in order to allow
|
|||||||
**Let's Encrypt** certificates to be assigned and renewed. It's strongly
|
**Let's Encrypt** certificates to be assigned and renewed. It's strongly
|
||||||
suggested to protect it using **fail2ban**, Geo-IP restrictions, or
|
suggested to protect it using **fail2ban**, Geo-IP restrictions, or
|
||||||
other security measures.
|
other security measures.
|
||||||
|
|
||||||
|
## Further configuration
|
||||||
|
|
||||||
|
Some of these steps could be handled by Ansible as well:
|
||||||
|
|
||||||
|
* Setup port redirect from host to container, according to the sequence:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
lxc config device add newodoocontainer ssh_redir proxy \
|
||||||
|
listen=tcp:0.0.0.0:23025 connect=tcp:127.0.0.1:22
|
||||||
|
```
|
||||||
|
|
||||||
|
* Add authorized public keys to `/home/odoo/.ssh/authorized_keys` file
|
||||||
|
* Return file ownership of `/opt/odoo` to odoo user:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
chown -R odoo:odoo /opt/odoo
|
||||||
|
```
|
||||||
|
|
||||||
|
* Allow odoo to run `sudo` without a password:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
echo "odoo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/10-odoo
|
||||||
|
```
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user