How to install SuiteCRM on Debian 9
SuiteCRM, a fork of SugarCRM, is an enterprise open source Customer Relationship Management (CRM) platform written in PHP programming language that can be used for creating business strategies, actions, and decisions.
This tutorial describes all the steps that are required to install the latest version SuiteCRM platform on a Debian 9, in order to deploy a powerful online platform for your business. The CRM application will be deployed on Debian Linux under Apache HTTP server, PHP and MariaDB database engine.
Requirements
- A bare-metal server or a virtual private server with minimum 2Gb of RAM and the minimal installation of Debian 9 server.
- Access to the root account via machine console or remotely via SSH. Besides root account you can also use an account with root privileges via sudo command.
- The external network interface configured with a static IP address or the DHCP server configured to lease a static IP address for this interface.
- A public registered domain name in order to access the application from internet. If the application is deployed in intranets, you can perform the installation process and access the website via your server IP address.
- A mail server configured at your premises in order to use website registration or other application features. You can also use a public mail service, such as Gmail or Yahoo!, Microsoft Exchange or others in order to send and receive mails.
Prepare the server
In the first step, login to your server console with the root account or a user with root privileges gained via sudo and setup the name of your system with the below command. Make sure you replace the machine hostname used in this example accordingly.
hostnamectl set-hostname www.mycrm.org
After you’ve changed the system hostname, issue the below command to verify if the machine name has been correctly applied.
hostnamectl
cat /etc/hostname
hostname –s
hostname –f
Next, make sure you update your system repositories, software packages and the kernel, by issuing the below commands.
apt update
apt upgrade
Finally, after the update process completed, reboot the machine in order to apply hostname changes and kernel updates, by executing the below command.
systemctl reboot
After machine reboot, log back in to server console and execute the below command in order to install some command line utilities, such as wget, curl and zip, that will be later used for downloading software over internet and extract zip archive files.
apt install wget curl zip unzip
Install Apache and PHP
SuiteCRM application will be deployed in Debian on top of a LAMP stack. The first components of the LAMP stack we’ll install are Apache HTTP server and PHP dynamic programming language interpreter. Execute the below command to install Apache web server and all required PHP modules in your system.
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-mbstring php7.0-xml php7.0-json php7.0-zip php7.0-curl php7.0-imap
Install MariaDB database
The next component of LAMP software bundle we’ll install in Debian server is MariaDB database engine. The RDBMS database is required by the application for storing different platform configurations, such as users, sessions, contacts, products, catalogs and other. To install MariaDB database engine and the PHP module needed to access the database, execute the below command in your machine console.
apt install mariadb-server php7.0-mysql mariadb-client
After all LAMP components had been installed, check if Apache web server and MariaDB daemon are up and running and listening for network connections on port 80 and 3306 TCP by issuing one of the following commands.
netstat –tlpn
ss- tulpn
Netstat utility is not present by default in Debian 9 system. To install netstat utility in a Debian Stretch server, execute the below command.
apt install net-tools
In order to securely access the CRM website via HTTPS protocol that will secure the traffic between server and clients browsers, make sure you also enable Apache TLS module and SSL site configuration file, by issuing the below commands.
a2enmod ssl
a2ensite default-ssl.conf
Next, enable Apache rewrite module by issuing the below command. The rewrite module is necessary if you want to modify web server configurations on-fly via .htaccess files placed in your domain webroot.
a2enmod rewrite
systemctl restart apache2
Next, activate the rewrite module by placing the required rules in Apache configuration files. First, we’ll apply the rewrite rules in Apache default configuration file. So, open /etc/apache2/sites-enabled/000-default.conf file for editing with a text editor and insert the below URL rewrite rules after the DocumentRoot statement, as shown in the following excerpt.
nano /etc/apache2/sites-enabled/000-default.conf
000-default.conf file excerpt:
<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
Close the 000-default.conf with CTRL+o, then Ctrl+x and open Apache default SSL site configuration file and insert the URL rewrite rules by adding the following lines of code after DocumentRoot directive, as shown in the below sample:
nano /etc/apache2/sites-enabled/default-ssl.conf
SSL site configuration file excerpt:
<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
Finally, after you’ve made all the above changes, restart Apache daemon to pick-up all new rules configured so far.
systemctl restart apache2
Now, you should visit your domain or the server IP address via HTTP protocol from a remote desktop machine. The default Debian web page should be displayed in your browser.
http://yourdomain.tld
Firewall Configuration
If you can’t see the web page, verify if UFW firewall application is enabled in Debian server. If that’s the case you should insert the below rules to allow HTTP and HTTPS traffic to pass through firewall.
ufw allow ‘WWW Full’
or
ufw allow 80/tcp
ufw allow 443/tcp
The iptables firewall raw rules to allow port 80 and 443 TCP inbound traffic to pass the firewall are described below.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp –destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service
Finally, after you’ve added the required firewall rules, test if Apache web server default web page can be displayed in a remote browser by visiting your domain name or server IP address via HTTPS protocol. Execute ifconfig or ip a commands to display the IP address of your server.
http://yourdomain.tld
Because you’re using the automatically Self-Signed certificate issued by Apache at installation, certificate that is untrusted by the browser, an warning saying that “Your connection is not secure” should be displayed in the browser. Accept the untrusted certificate in order to bypass the error and to be redirected to Apache default web page, as illustrated in the below image.
Configure MariaDB and PHP
Now, set’s start securing MariaDB root account. Log in to MySQL console execute the below commands to update root account plugin.
mysql -h localhost
Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 2
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> update user set plugin=” where user=’root’;
Query OK, 1 row affected (0.00 sec)Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [mysql]> exit
Bye
Also, run the script mysql_secure_installation provided Debian stretch repositories to further to secure MariaDB database. The script will ask you the following questions: change MySQL root password, remove anonymous users, disable remote root logins and delete the test database. Answer with yes to all questions, as illustrated in the below script output example.
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Test if all security measures had been applied by trying to login to MySQL console with root account and no password supplied. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:
mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Now, try to log in to MySQL console with root account and the password, as shown in below example. You should be able to log in to MySQL console. Type exit to leave MySQL database.
mysql -h localhost -u root -p
Enter password:Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> exit
Bye
On the next step, change the following PHP variables in php.ini configuration file as described below. Open /etc/php/7.0/apache2/php.ini file for editing and modify the following lines. First, make sure you backup the initial PHP configuration file.
cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables in php.ini configuration file:
file_uploads = On
default_charset = UTF-8
memory_limit = 128M
post_max_size = 60M
upload_max_filesize = 60M
memory_limit = 256M
max_input_time = 60
max_execution_time = 6000
date.timezone = Europe/London
Replace the timezone variable in PHP configuration file according to your server geographical location. The PHP timezone list can be found at the following link http://php.net/manual/en/timezones.php
To increase the load speed of your website pages, enable OPCache plugin available for PHP7. Insert the following OPCache lines at the bottom of the PHP interpreter configuration file, after the [opcache] statement, as shown in the following excerpt:
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Finally, close the php.ini configuration file and restart Apache daemon to apply changes by issuing the below command.
systemctl restart apache2
To display all PHP settings in a browser, create a PHP info file in your domain webroot path by executing the following command.
echo ‘<?php phpinfo(); ?>’| tee /var/www/html/info.php
Visit the PHP info script file from a remote browser at the following URL. Scroll down to date setting to verify if PHP time zone configuration and other settings had been successfully applied.
https://domain.tld/info.php
Install SuiteCRM
After we’ve configured all the required LAMP settings for installing SuiteCRM application, visit SuiteCRM official download page at https://suitecrm.com/download/ and grab the latest zip file archive in your system by issuing the below command. On the time of writing this guide, the latest released version of SuiteCRM was SuiteCRM-7.9.9.zip file.
wget https://suitecrm.com/files/158/SuiteCRM-7.9/178/SuiteCRM-7.9.9.zip
ls
After SuiteCRM zip file archive download completes, extract the zip archive file to your current working directory and list the extracted files by issuing the below commands.
unzip SuiteCRM-7.9.9.zip
ls
ls –al SuiteCRM-7.9.9
Before copying the installation files to your domain webroot, make sure you remove the default index.html file installed by Apache package to web server document root path and also delete the info.php file created earlier.
rm /var/www/html/index.html
rm /var/www/html/info.php
The installation files of SuiteCRM application are located in your current working directory under SuiteCRM-7.9.9/ directory. Issue ls command to list this directory files. Copy all the content of the SuiteCRM-7.9.9/ directory to your web server document root path by issuing the following command.
cp -rf SuiteCRM-7.9.9/* /var/www/html/
Next, grant Apache runtime user (www-data) with full write permissions to Apache document root path, by issuing the below command. Run ls command to list the permissions for the installed files located under /var/www/html/ directory.
chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/
Next, log in to MariaDB database console, and create SuiteCRM database. Choose a name for this database and a user with a strong password to manage the application database, by issuing the following commands. Make sure you change the database name, user, and password used in this tutorial with your own settings.
mysql –u root -p
Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 2
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database mycrm_db;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on mycrm_db.* to ‘crm_user’@’localhost’ identified by ‘password1234’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye
Now, let’s start the installation process of SuiteCRM application. Open a browser and navigate your server’s IP address or domain name via HTTPS protocol.
http://yourdomain.tld
On the first installation screen, SuiteCRM installer will display the license agreement. Check ‘I Accept’ checkbox in order to agree with license terms and conditions, choose the language for installing the application and hit on Next button in order to start the installation process, as illustrated in the below screenshot.
In the next installation screen, SuiteCRM installer will check your system environment requirements and will display and OK message if all PHP and server configurations are passed. In order to continue the installation process, hit on Next button, as shown in the below screenshot.
Next, the installer will display the Database Connection settings and Site Configuration page. In the left pane, select MySQL with MySQLi Extension as database type and provide the MySQL database name created for installing SuiteCRM application, database server host address, database username and the password needed to access SuiteCRM database. Also, select “Same as Admin user” in “SuiteCRM Database user /”. On the right plane, add an application administrator username and set a strong password for admin account. Check the URL address of SuiteCRM instance to match your domain name via HTTPS protocol, on port 443 and add the email address of the admin account. Use the following image as a guide to configure this step.
Next, in the same installation screen, hit on “Choose Demo” data from “More options” menu, and choose to not populate the SuiteCRM database with demo data. Then, click on Scenario Selection menu and select to enable the following SuiteCRM modules: Sales, Marketing, Finance, Service and Project management. If you don’t need a module while installing the application, you can leave it unchecked and enable it after the installation process completes using the application administration page.
Next, scroll down and hit on SMTP Server Specification menu to enable SuiteCRM emails option. Add the name and email address you want to appear in “ From” email header. Then, choose your email service provider and specify the mail server settings. In this guide, we’ll use Gmail service provider to send e-mail, and the mail server settings can be found illustrated in the below screenshot. After you’ve completed the required settings for enabling your mail service provider, hit on Branding menu and add a name to be displayed in browser title bar for SuiteCRM application and upload your own website logo image.
Next, scroll down again and hit on System Locale Settings menu and specify how the time format, time zone and currency settings should be displayed in SuiteCRM application. Finally, leave the Site Security options unchecked for now and hit on Next button to complete the installation process. You can use the below image to complete this step.
After the installation process finishes, you will be redirected to SuiteCRM login page. In order to access the application admin panel, log in to SuiteCRM with the admin account credentials configured during the installation process, as shown in the below image.
Before logging in to SuiteCRM admin panel, first, return to the server console and issue the following command in order to remove the install directory which is no longer needed and can represent a security breach.
rm -rf /var/www/html/install/
You can also visit SuiteCRM dashboard by navigating to your server IP address or domain name via HTTPS protocol. A view of SuiteCRM admin dashboard is presented in below screenshot.
http://yourdomain.tld
Finally, in order to automatically redirect visitors to HTTPS, so that they can securely access SuiteCRM interface from their browsers, return to your server terminal and edit the autogenerated .htaccess file located in your domain document root path, by issuing the below command.
nano /var/www/html/.htaccess
In .htaccess file, search for <IfModule mod_rewrite.c> line and insert the below line rules after RewriteEngine On statement in order to automatically redirect domain traffic to HTTPS.
.htaccess file excerpt:
# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
At the bottom of the file, you can modify web server native PHP server settings by adding other lines with the settings to reflect your own server resources and configurations.
# Modify PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M
In order to execute SuiteCRM Schedulers, edit your web server runtime account crontab file with the below command and add the following cron task to run each minute.
crontab -e -u www-data
crontab file example:
* * * * * /usr/bin/php7.0 -f /var/www/html/cron.php > /dev/null 2>&1
If you want to circumvent browser warnings that are generated each time a client visits your application, you should consider buying a certificate issued by a trusted Certificate Authority or issue a free certificate from Let’s Encrypt CA.
That’s all! SuiteCRM web application has been successfully installed and configured in a Debian 9 server on top of a LAMP stack.
In order to further customize SuiteCRM platform, make sure you visit the application wiki page at the following address: https://suitecrm.com/wiki/index.php/Main_Page
Share this page:
