How to Install SuiteCRM with Apache and free Let's Encrypt SSL on Debian 11
This tutorial exists for these OS versions
- Debian 12 (Bookworm)
- Debian 11 (Bullseye)
- Debian 9 (Stretch)
On this page
SuiteCTM is an open-source Customer Relationship Management solution written in PHP. It is a fully-featured and highly-extensible CRM application that runs on any operating system. It became popular when SugarCRM decided to stop the development of its community edition. It is used for creating business strategies, actions, and decisions. It is an alternate CRM solution for other commercial CRM such as SugarCRM, Salesforce, and Microsoft.
In this post, we will show you how to install SuiteCRM with Apache and Let's Encrypt SSL on Debian 11.
Prerequisites
- A server running Debian 11.
- A valid domain name pointed with your server IP.
- A root password is configured on the server.
Install Apache, MariaDB, and PHP
SuiteCRM is a PHP-based application and uses MariaDB as a database backend. So you will need to install the Apache server, MariaDB database server, PHP, and other necessary PHP extensions to your server. You can install all of them using the following command:
apt-get install apache2 mariadb-server mariadb-client php php-common php-zip php-mysql php-gd php-curl php-imap php-mbstring php-xml php-json libapache2-mod-php unzip libpcre3 -y
Once all the packages are installed, edit the php.ini file and change some default settings:
nano /etc/php/7.4/apache2/php.ini
Change the following settings:
memory_limit = 256M post_max_size = 64M upload_max_filesize = 64M
Save and close the file then restart the Apache service to apply the changes:
systemctl restart apache2
Create a MariaDB Database for SuiteCRM
First, you will need to secure the MariaDB installation and set a root password. You can do it by executing the following script:
mysql_secure_installation
Answer all the questions as shown below:
Enter current password for root: PressSet root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Once you are finished, log in to the MariaDB shell with the following command:
mysql -u root -p
Once you are connected to the MariaDB, create a database and user for SuiteCRM using the following command:
MariadDB [(none)]> CREATE DATABASE suitecrm;
MariaDB [(none)]> CREATE USER 'suitecrm'@'localhost' IDENTIFIED BY 'password';
Next, grant all the privileges to the SuiteCRM database with the following command:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON suitecrm.* TO 'suitecrm'@'localhost';
Next, flush the privileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
After creating the MariaDB database and user, you can proceed to the next step.
Install SuiteCRM
First, download the latest version of SuiteCRM using the wget command:
wget https://suitecrm.com/files/147/SuiteCRM-7.12/578/SuiteCRM-7.12.1.zip
Next, unzip the downloaded file with the following command:
unzip SuiteCRM-7.12.1.zip
Next, move the extracted directory to the Apache default root directory:
mv SuiteCRM-7.12.1 /var/www/html/suitecrm
Next, change the ownership and permission of the SuiteCRM directory:
chown -R www-data:www-data /var/www/html/suitecrm
chmod -R 755 /var/www/html/suitecrm
Once you are finished, you can proceed to the next step.
Configure Apache for SuiteCRM
Next, you will need to configure Apache to host SuiteCRM on the internet. To do so, create an Apache virtual host configuration file with the following command:
nano /etc/apache2/sites-available/suitecrm.conf
Add the following lines:
<VirtualHost *:80> DocumentRoot /var/www/html/suitecrm ServerName suitecrm.example.com <Directory /var/www/html/suitecrm> Options FollowSymLinks AllowOverride All </Directory> ErrorLog /var/log/apache2/suitecrm-error.log CustomLog /var/log/apache2/suitecrm-access.log common </VirtualHost>
Save and close the file then activate the SuiteCRM virtual host configuration file with the following command:
a2ensite suitecrm.conf
Next, reload the Apache service to apply the configuration changes:
systemctl reload apache2
To check the status of the Apache service, run the following command:
systemctl status apache2
You will get the following output:
? apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-11-19 16:36:48 UTC; 4s ago Docs: https://httpd.apache.org/docs/2.4/ Process: 16290 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Main PID: 16296 (apache2) Tasks: 6 (limit: 4679) Memory: 15.5M CPU: 99ms CGroup: /system.slice/apache2.service ??16296 /usr/sbin/apache2 -k start ??16297 /usr/sbin/apache2 -k start ??16298 /usr/sbin/apache2 -k start ??16299 /usr/sbin/apache2 -k start ??16300 /usr/sbin/apache2 -k start ??16301 /usr/sbin/apache2 -k start Nov 19 16:36:48 debian11 systemd[1]: Starting The Apache HTTP Server...
After configuring the Apache web server, you can proceed to access the SuiteCRM web interface.
Access SuiteCRM Web Interface
Now, open your web browser and type the URL http://suitecrm.example.com to access the SuiteCRM web UI. You should see the following screen:
Accept the license agreement and click on the Next button. You should see the following page:
Make sure all checks return OK, then click on the Next button to continue. You should see the SuiteCRM configuration page:
Provide your Database information, Admin user details, SMTP server specification, Branding details, Site security settings, and click on the Next button. You should see the following page:
Click on the Next button. You should see the SuiteCRM login page:
Provide your admin username, password and click on the LOG IN button. You should see the SuiteCRM dashboard on the following screen:
Secure SuiteCRM with Let's Encrypt SSL
After configuring Apache, it is recommended to secure your website with the Let's Encrypt SSL certificate. To do so, you will need to install the Certbot client in your system. The Certbot is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Using the Certbot Let's Encrypt client you can easily download, install and renew the SSL certificate for your domain.
You can install the Certbot with the following command:
apt-get install certbot python3-certbot-apache -y
Once the Certbot client has been installed successfully, run the following command to install the Let's Encrypt SSL for your website:
certbot --apache -d suitecrm.example.com
You will be asked to provide your valid email and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for suitecrm.example.com Enabled Apache rewrite module Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/suitecrm-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/suitecrm-le-ssl.conf Enabling available site: /etc/apache2/sites-available/suitecrm-le-ssl.conf
Next, select whether or not to redirect HTTP traffic to HTTPS or configure Nginx to redirect all traffic to secure HTTPS access as shown in the following output:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to start the process. Once the installation is completed, you should get the following output:
Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/suitecrm.conf to ssl vhost in /etc/apache2/sites-available/suitecrm-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://suitecrm.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=suitecrm.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/suitecrm.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/suitecrm.example.com/privkey.pem Your cert will expire on 2022-02-21. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Conclusion
Congratulations! you have successfully installed SuiteCRM with Apache and Let's Encrypt SSL on Debian 11. You can now explore the SuiteCRM for more features. Feel free to ask me if you have any questions.