How to Install EspoCRM Open Source CRM Software on Debian 9

In this guide we’ll show you how to install and configure the latest version of the EspoCRM software on Debian 9 on top of a LAMP stack, in order to create a free online Customer Relationship Management platform for your company.

EspoCRM is a flexible and easy-to-use open source customer relationship management (CRM) platform designed to be fast, simple, and customizable. The software is mainly written in the PHP programming language and can be easily deployed in Linux on top of an Apache or a Nginx web server, PHP programming language and MySQL or MariaDB database management system. EspoCRM supports a large array of languages and can be deployed in call-centers, banks, education, healthcare, tourism, retail, real estate or on e-commerce business.


  • Minimal installation on a virtual machine or physical server of Debian 9 operating system
  • Root account privileges or an account with root privileges via sudo command (local access via console or remote access via SSH)
  • One of server NICs configured with a static IP address
  • A public registered domain name so you perform the installation via web interface and access the application website. In intranets, you can access the app via a local domain or via your server IP address
  • A mail server configured at your premises or access to a public email service, such as Gmail, Outlook, Yahoo!


First, log in to your Debian server console and make sure you update the system repositories, kernel and software packages by issuing the following commands.

apt update
apt upgrade

Next, configure machine hostname by executing the following command. Make sure you replace the hostname value used in this topic with your own notation.

hostnamectl set-hostname

Issue the commands below to check if the machine hostname has been correctly configured.

cat /etc/hostname
hostname –s
hostname –f

Finally, reboot Debian server in order to apply kernel updates and the hostname changes properly.

systemctl reboot

Next, you should install the LAMP software bundle in Debian system. On the first step, install the Apache web server and a PHP processing gateway interpreter alongside with all required PHP modules needed by the application to run properly by running the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-mbstring php7.0-xml php7.0-json php7.0-zip php7.0-curl php7.0-imap php7.0-soap php7.0-mcrypt php-mailparse

Next, install an RDBMS database backend. In this guide, we’ll configure the EspoCRM application to use the MariaDB database as backend. Issue the following command to install the MariaDB database and the PHP module needed to access the MySQL database.

apt install mariadb-server php7.0-mysql mariadb-client

After Apache, MySQL database and PHP has been installed, open the PHP default configuration file for editing and modify the following PHP variables as described below. Assure that initially, you make a backup of PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Search, edit and change the following variables in the php.ini configuration file:

file_uploads = On
default_charset = UTF-8
memory_limit = 256M
post_max_size = 50M
upload_max_filesize = 50M
memory_limit = 256M
max_input_time = 180
max_execution_time = 180
zend.assertions = 0
date.timezone = Europe/London

Replace the variable accordingly to your physical time by consulting the list of time zones provided by PHP docs at the following link

In order to increase the load speed of your application pages via OPCache plugin available in PHP7, insert the following OPCache code lines at the bottom of the PHP interpreter configuration file, below the [opcache] statement, as detailed below:


Close the php.ini configuration file and check if the variables have been correctly added, something which you can do by issuing the below command.

grep opcache /etc/php/7.0/apache2/php.ini| grep -v ";"

Next, add the following UFW firewall application rule in your system, in order to allow HTTP traffic to pass through firewall, by issuing the following command.

ufw allow WWW


ufw allow 80/tcp

Some sysadmins prefer iptables raw rules to manage the Firewall rules in Debian server. In case of iptables, issue the below commands to install the firewall and add the following rules to allow port 80 and 22  (in case of SSH remote connections) inbound traffic so that you can access the system and browse the application via a web browser.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service

Finally, open a browser and visit your Debian machine IP address or your domain name via HTTP protocol. If you don’t know your machine IP address, execute ifconfig or ip a command to get the IP address of your server. If the connection to the web server is established, you should be able to view Apache web server default web page in your browser.


On the next step, enable Apache rewrite, and deflate SSL modules required by the EspoCRM to properly run, by issuing the below command.

a2enmod rewrite deflate ssl

SSL module requires that you also enable default SSL configuration file in order to visit the application via HTTPS protocol. The HTTPS protocol is used for securing the traffic between the server and clients. Execute the following command to enable the Apache SSL site configuration file.

a2ensite default-ssl.conf

Afterwards, open Apache default SSL site configuration file with a text editor and insert the following lines of code after DocumentRoot directive, as shown in the below sample, in order to activate the rules placed in the .htaccess file. The .htaccess file is usually located on top of your domain webroot.

nano /etc/apache2/sites-enabled/default-ssl.conf

SSL site configuration file excerpt:

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted

You should also open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as inserted in SSL configuration file. Add the lines of code after DocumentRoot statement as shown in the below example.

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted

Finally, restart the Apache daemon to apply all rules configured so far and visit your domain via the HTTPS protocol. Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, certificate that is untrusted by the browser, an insecure connection error warning should be displayed in the browser.  Accept the warning in order to accept the untrusted certificate and continue to be redirected to the Apache default web page.

systemctl restart apache2


SSL self signed certificate warning

If you plan to expose your EspoCRM platform for production in the internet, you should consider buying a certificate issued by a trusted Certificate Authority or get a free certificate pair from Let’s Encrypt CA, so that clients can visit the application without errors displaying in their browsers.

In case the UFW firewall application blocks incoming network connections to HTTPS port, you should add a new rule to allow HTTPS traffic to pass through the firewall by issuing the following command.

ufw allow HTTPS


ufw allow 443/tcp

For iptables firewall, add the following rule to allow port 443 inbound traffic in the firewall so that you can browse the domain name. Save and restart the iptables service in order to apply the rules after system reboot.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent

Finally, create a PHP info file in your domain webroot path by executing the following command.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php

Check PHP settings and the time zone configuration by visiting the PHP info script file from a browser at the following URL, as illustrated in the below image. Scroll down to the date setting to check the PHP timezone configuration.


On the next step, log in to the MySQL server console and secure MariaDB root account by executing the below commands. Type exit to leave database console.

mysql -h localhost
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1


Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A


Database changed

MariaDB [mysql]> update user set plugin='' where user='root';

Query OK, 1 row affected (0.00 sec)

Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)


MariaDB [mysql]> exit


Also, execute the mysql_secure_installation script in order to further secure the MariaDB daemon. While running the script you will be asked a series of questions designed to secure the MariaDB database, such as: to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Type “yes”  for all questions asked, as illustrated in the below excerpt.




In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.


Enter current password for root (enter for none):

OK, successfully used password, moving on...


Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.


You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.


Remove anonymous users? [Y/n] y

 ... Success!


Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.


Disallow root login remotely? [Y/n] y

 ... Success!


By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.


Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!


Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.


Reload privilege tables now? [Y/n] y

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

Verify MariaDB server security issue by trying to login to the database via console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:

mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

Now, try to login to the database with a root password. You should be able to access MySQL console, as shown in the below command sample:

mysql -h localhost -u root -p
Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> exit


Install EspoCRM

After the Apache HTTP server, MariaDB daemon and PHP interpreter have been properly configured for installing EspoCRM application in your Debian system. Execute the following command in order to install the command line utilities mentioned in it.

apt install wget bash-completion zip unzip curl

On the next step, visit the EspoCRM official download page at and grab the latest zip package compressed archive in your system via wget utility. The current release of EspoCRM at the time of writing this tutorial is EspoCRM-5.0.3


After the zip archive download finishes, extract the zip archive file to your current working directory and list the extracted files by issuing the below commands. The installation files of the application are located in EspoCRM-5.0.3 directory.

ls -al EspoCRM-5.0.3

Next, make sure to delete the index.html and info.php files from webroot directory:

rm /var/www/html/index.html
rm /var/www/html/info.php

Copy all the files located in the extracted directory to your web server document root path by issuing the following command. Also, make sure you copy the hidden file .htaccess to the webroot path.

cp -rf EspoCRM-5.0.3/* /var/www/html/
cp EspoCRM-5.0.3/.htaccess /var/www/html/

Next, execute the below commands in order to grant the Apache www-data account with full write permissions to the web root path. Use the ls command to list permissions for EspoCRM installed files located in the /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/

Next, log in to the MariaDB database console and create an EspoCRM database. Use a descriptive name for the database and create a user with a strong password to manage this database. Replace the database name, user and password used in this example with your own values.  The commands used for this step are shown in the below excerpt.

mysql –u root -p
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1


Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database espocrm_db;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on espocrm_db.* to 'crm_user'@'localhost' identified by 'password1234';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit


Now, open a browser and navigate your server’s IP address or domain name via HTTPS protocol in order to proceed with EspoCRM platform installation process. On the first installation screen, EspoCRM installer will display a welcome message and a list from where you can select the installation language. Select your appropriate language from the presented list and hit on Start button in order to start the installation process, as illustrated in the below image.


EspoCRM Welcome screen

In the next screen, read the license agreement statements and check "I accept the agreement" checkbox and hit on Next button to move to the next step.

Accept license agreement

In the next installation screen, setup MySQL database connection settings. Supply MySQL database host address ( or localhost), the database name, username and the password configured for EspoCRM application. After completing all required database fields, hit on Next button to move to the next installation step. Use the below screenshot as a guide to complete this step.

Database details

In the next screen, EspoCRM installer will check your server environment configurations in order to determine if all recommended MySQL variables and PHP modules and settings are properly configured. If all configurations are passed, hit on Install button to start the EspoCRM installation process.

Recommended settings

In the next step, add an administrator account for EspoCRM and set up a strong password for this admin account. When you finish, hit on Next button to continue further with the installation process.

Set a username and password

Next, setup EspoCRM system settings by selecting your appropriate Date Format and Time Format. Also, choose your application appropriate Time Zone setting by selecting your nearest Continent/City from the provided timezone list. Setup the first day of the week, application default currency, thousand and decimal separator marks and the system language. When all the above settings are configured, hit on Next button to continue with the installation process.

Date and time settings

On the next step, configure the EspoCRM outgoing mail settings. Add a name for "From Name" email header and the email contact address of the admin account. This address will be used for sending emails to outside clients. Also, make sure you add the email server address, the port number of the mail server and check Auth checkbox and supply server authentication credentials and the security level, if that’s the case. When you finish completing this step, hit on next button to complete the installation process.

SMTP settings

After the database structure has been imported and all platform settings are written to the application configuration file, the installation process will complete. The installer will display notifying you that the installation has been successfully completed and will display a note about the EspoCRM scheduled job you need to add into your server crontab file.

EspoCRM installation complete

In order to access and manage your CRM application, open a browser and navigate to your server IP address or domain name via HTTPS. Use the credentials configured during the installation process in order to log in into EspoCRM backend panel, as shown in the below screenshot.


Log in to the CRM dashbaord

The default EspoCRM dashboard should contain no data so far. A preview on EspoCRM initial dashboard is illustrated in the below screenshot.

EspoCRM Dashboard

In order to further configure EspoCRM platform settings, hit on top right icon with three horizontal lines and hit on Administration link from the top-down menu, as shown in the below image.

Administration section

In order to force visitors to securely access EspoCRM backend interface via HTTPS protocol that encrypts the traffic between the server and client browsers, return to your server terminal and edit the .htaccess file located in your website document root path, by issuing the below command.

nano /var/www/html/.htaccess

In .htaccess file, search for the <IfModule mod_rewrite.c> line and add the below rules after RewriteEngine On statement in order to automatically redirect all domain traffic to HTTPS.

# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

At the top, the file you can change the native PHP server settings, such as increased values for upload_max_filesize and post_max_size  PHP variables, in order to support large file uploads into application storage. Modify these PHP settings with great caution. Make sure that these variables match your server resources and configurations.

# Modify PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M

Next, test the scheduled job before adding it to run into crontab daemon file, by issuing the below command. The crontask job should be executed with Apache HTTP server runtime account privileges.

sudo -u www-data /usr/bin/php7.0 -f /var/www/html/cron.php

Finally, add the following crontab job owned by Apache www-data account, by issuing the below command.

crontab -u www-data –e

 Crontab file excerpt:

*    *    *    *    *     /usr/bin/php7.0 -f /var/www/html/cron.php > /dev/null 2>&1

That’s all! You have successfully installed and configured EspoCRM platform in Debian 9. For other settings concerning EspoCRM platform, visit the documentation page at the following address:

Share this page:

2 Comment(s)

Add comment

Please register in our forum first to comment.


By: somedude

Thank you ... worked great on Linux Mint 18.3

By: david

First of all, I want to thank you for this detailed tuto. It helps me to setup my espocrm project cleanly. And I had an issue when I do : "sudo -u www-data /usr/bin/php7.0 -f /var/www/html/cron.php" nothing happens.

then when I do : "crontab -u www-data –e" I get : "-e: no such file or directory"

any help for that crontab issue please ?