Since very early versions, Odoo has had Telemetry (remote data collection/Usage Statistics) enabled by default. This data is periodically uploaded to Odoo's official servers, including but not limited to: server information, module usage, user count, installation status, system health, etc. For some enterprises, this is not necessarily a bad thing, as it helps Odoo improve its products. However, many companies must disable all external data transmission for the following reasons:
- Security compliance requirements (e.g., state-owned enterprises, energy, financial industries)
- Intranet deployment
- Do not want external statistics on internal system usage
- Prohibit Odoo from automatically checking the License online (especially the Community Edition is unaffected, but the Enterprise Edition is very sensitive)
- Self-built cloud or Docker production environment requires isolation
This article will start from the Docker Compose deployment scenario, using actual files and configurations to show you: how to completely cut off all official callbacks of Odoo19, applicable to:
- Odoo 19 CE Community Edition
- Odoo 19 EE Enterprise Edition (Special attention required for Enterprise Contract)
- Deploy with Docker Compose
- Supports Nginx + Odoo + PostgreSQL architecture
1. What exactly does Odoo19 data return (Telemetry) include?
The official Telemetry mechanism mainly includes:
| Function | Purpose | Transmit to |
|---|---|---|
| Telemetry Usage Data | Submit usage habits, module activation status, number of users | odoo.com |
| Updates Check | Check for version updates | odoo.com |
| Enterprise License Ping | Verify License | odoo.com |
| IAP services (e.g., email, SMS) | In-app purchase service | iap.odoo.com |
| GeoIP | Parse IP location | geoip.odoo.com |
If you deploy in a public network environment, it will continue to upload automatically by default.
2. In a Docker Compose environment, how to completely cut off the callback?
Below are four layers of defense, it is recommended to enable all of them to ensure thorough cleanliness.
Method 1: Disable Telemetry in Odoo Configuration File (Most Basic)
Edit your odoo.conf:
Usually docker-compose mounts the configuration at:
./config/odoo.conf
Add in [options]:
server_wide_modules = web geoip_database = http_enable = True limit_time_real = 120 disable_outgoing_email = True publisher_warranty = False disable_database_telemetry = True
Key items:
disable_database_telemetry = True
This is a hidden configuration in Odoo used to disable Telemetry.
Note: Some versions are not publicly available, but Odoo19 and some Odoo18, 17 are already usable.
Method 2: Disable network access within Docker Compose (iptables/firewall)
Even if the Odoo layer has disabled Telemetry, as a precaution, it is recommended to implement network isolation for the container.
For example, if your docker-compose file looks like:
services:
odoo:
image: odoo:19
depends_on:
- db
ports:
- "8069:8069"
networks:
- odoo-net
extra_hosts:
- "odoo.com:127.0.0.1"
- "iap.odoo.com:127.0.0.1"
- "services.odoo.com:127.0.0.1"
Use extra_hosts to point all official domain names to localhost, completely disconnecting from the internet.
Domains that must be blocked:
odoo.com iap.odoo.com services.odoo.com upgrade.odoo.com analytics.odoo.com
This is a very clean and side-effect-free method.
Method 3: Block Telemetry Domains via Firewall (Recommended for Enterprise)
If you are running Docker on a cloud server or physical machine, you can directly block it using a firewall:
ufw
sudo ufw deny out to odoo.com sudo ufw deny out to iap.odoo.com sudo ufw deny out to services.odoo.com
iptables
iptables -A OUTPUT -p tcp -d odoo.com -j DROP iptables -A OUTPUT -p tcp -d iap.odoo.com -j DROP iptables -A OUTPUT -p tcp -d services.odoo.com -j DROP
Going Further: Blocking IP Ranges
If enterprise network compliance requirements are strict, full-scale blocking can be implemented:
# Block all Odoo IPs iptables -A OUTPUT -p tcp -m string --string "odoo" --algo kmp -j DROP
Method 4: Disable all IAP in Odoo (strongly recommended if you use the Community Edition)
In developer mode:
Go to: Settings > IAP and disable all services.
You can also directly uninstall the relevant module:
iap iap_mail iap_sms iap_account iap_crm iap_purchase
The Community Edition (CE) does not affect functionality, while the Enterprise Edition (EE) may impact some automation features, depending on the situation.
3. Most Recommended Solution: Four-Layer Combination
If you want absolutely clean, 100% no data leaving:
| Level | method | Effect |
|---|---|---|
| 1 | Configuration file disables Telemetry | 70% |
| 2 | extra_hosts masquerades as official domain names | 100% |
| 3 | Firewall blocks access | Absolutely thorough |
| 4 | Disable all IAP | Particularly effective for the community edition |
Special Notice:
Enterprise Edition EE needs to pay attention to license verification (Enterprise Edition contract)
If you use EE, please ensure you have a valid license.
However, in enterprise-level private cloud scenarios, many companies still have to cut off license callback, and this method remains effective.
4. Complete and usable docker-compose.yml example (including all blocks)
Below is the version you can directly copy and use:
version: '3.1'
services:
web:
image: odoo:19
depends_on:
- db
ports:
- "8069:8069"
volumes:
- ./config:/etc/odoo
- ./addons:/mnt/extra-addons
networks:
- odoo-net
extra_hosts:
- "odoo.com:127.0.0.1"
- "iap.odoo.com:127.0.0.1"
- "services.odoo.com:127.0.0.1"
- "upgrade.odoo.com:127.0.0.1"
- "analytics.odoo.com:127.0.0.1"
db:
image: postgres:15
environment:
- POSTGRES_DB=postgres
- POSTGRES_USER=odoo
- POSTGRES_PASSWORD=odoo
networks:
- odoo-net
networks:
odoo-net:
At the same time, you need an odoo.conf:
[options] addons_path = /usr/lib/python3/dist-packages/odoo/addons,/mnt/extra-addons data_dir = /var/lib/odoo db_filter = .* disable_database_telemetry = True publisher_warranty = False
5. How to verify that the callback has been successfully blocked?
The following are the most effective verification methods:
1. View container logs
docker logs odoo
If you see the following message, it means the return transmission was blocked:
无法连接到 services.odoo.com 无法连接到 analytics.odoo.com
2. Capture network packets (tcpdump)
sudo tcpdump -i any host odoo.com
No output = Success.
3. Access Developer Mode → IAP, shows inaccessible
6. If you use the Enterprise Edition (EE), be aware of legal risks
Disabling License Ping may result in:
- System prompt: unauthorized
- The official cannot automatically verify the contract.
- The official may implement stricter verification in subsequent versions.
If you are a legitimate authorized user but need to disconnect due to intranet or security requirements, please explain the situation to official Support.
VII. Summary
It is not complicated to cut off data return for Odoo 19 in a Docker environment; the key is mastering Odoo's access points + Docker network isolation + configuration file parameters.
Recommended four-layer solution:
- odoo.conf: Disable Telemetry (disable_database_telemetry)
- docker extra_hosts: block official domain names
- Firewall blocks traffic (iptables/ufw)
- Disable all IAP (especially the community edition)
It is recommended to fully implement this set of blocking strategies for enterprise internal deployment, especially in:
- Intranet isolation deployment
- Industries with high security levels
- Enterprise Cloud Solution
- Customized development does not wish to expose information
Through this article, you can transform Odoo19 into a fully private, zero-outgoing, completely offline enterprise management system.
