Install ZurmoCRM on Debian

This topic shows you how to install and configure the latest version of the Zurmo CRM platform on a Debian 9 server to deploy a free online web platform for your business.

Zurmo CRM is a flexible, web-based, software-independent CRM platform suitable for businesses and designed for sales processes. The software is mainly written in PHP programming language and Yii framework. The platform can be easily deployed on Linux with an Apache or Nginx web server, a PHP interpreter and a MySQL or MariaDB database management system, also known as a LAMP or LEMP stack.

Requirements

  • Debian 9 as operating system on a bare metal server, virtual machine or virtual private server
  • Direct Internet connection or Internet access via a proxy. The Internet is mainly needed to perform the LAMP installation and to download and deploy the application.
  • The server is configured with a static IP address on the external network card
  • sudo privileges for a local or remote account or direct access to the root account
  • A publicly registered domain name to install and visit the application over the Internet. If you want the application to be accessible only within the internal infrastructure, you can use a private domain name or the IP address of the server to perform the installation and access the application
  • If you want to manage some features of the application via email, you may also need a mail server set up on your premises. You can also use a public mail server if the application is designed to be used on the Internet.

Prerequisites

After installing the Debian operating system on your machine, the first step is to log in to the system using an account with root privileges and update the system repositories, kernel, and software packages by running the following command.

apt update
apt upgrade

After performing the system updates, configure the name of your machine by running the following command (replace the hostname variable used in this example accordingly).

hostnamectl set-hostname www.mycrm.com

To verify that the hostname was successfully applied, enter the following commands.

hostnamectl
hostname –s
hostname –f
cat /etc/hostname

As the last step of this process, you need to reboot the Debian machine to apply the kernel updates and confirm the hostname changes.

systemctl reboot

In the next steps, we will install and configure the LAMP stack in Debian with the custom settings required to use the Zurmo CRM software. The application is a web-based CRM platform written in the PHP server-side programming language. In this case, we need to install a web server and PHP processing gateway software to run the PHP scripts of the application and return the dynamic results via some MySQL database queries. In this guide, we will install Zurmo CRM on the Apache HTTP server. To install Apache, the PHP interpreter and all the PHP modules required for the application, run the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-mbstring php7.0-xml php7.0-json php7.0-zip php7.0-curl php7.0-imap php7.0-soap php7.0-mcrypt php7.0-ldap php-memcached

In the next step, install, start, and activate the Memcached daemon by running the following commands:

apt install memcached
systemctl restart memcached

Verify that Memcached is working in your system by entering the following commands:

systemctl status memcached
netstat -tlpn| grep memcached
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2812/memcached

If the netstat network utility is not present by default in your Debian system, run the following command to install it.

apt install net-tools

The output of the netstat command will help you find out if the Memcached daemon is listening for incoming network connections on the localhost, 11211 tcp port. This is the safest mode to run the memcached daemon in your system without being exposed to DDoS attacks, which have been carried out recently via the memcached UDP exploit. To identify the network socket of the memcached service, you can also use the ss command, which is automatically installed in Debian 9.

In the next step, we need to edit the PHP default configuration file and adjust the following PHP variables as described below. Open the /etc/php/7.0/apache2/php.ini file for editing and make sure the following lines are set as follows. However, first make a backup copy of the PHP configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Find, edit, and change the following variables in the php.ini configuration file:

file_uploads = On
default_charset = UTF-8
memory_limit = 128M
post_max_size = 60M
upload_max_filesize = 60M
memory_limit = 256M
max_input_time = 60
max_execution_time = 300
zend.assertions = 0
date.timezone = Europe/London

Replace the timezone according to the geographical location of your server. You can view the list of PHP timezones by opening the official PHP documentation at the following link: http: //php.net/manual/en/timezones.php

To increase the loading speed of your web pages using the OPCache plugin available in PHP7, add the following OPCache settings at the end of the PHP configuration file, below the [opcache] statement, as described below:

opcache.enable=1 
opcache.enable_cli=1 
opcache.interned_strings_buffer=8 
opcache.max_accelerated_files=10000 
opcache.memory_consumption=128 
opcache.save_comments=1
opcache.revalidate_freq=1

In the next step, enable the Apache modules Rewrite and Deflate, which are required by the Zurmo CRM application to work properly, by entering the following command.

a2enmod rewrite deflate

Finally, test if the default web page of the Apache web server can be displayed in the browsers by calling the IP address of your server or your domain name via the HTTP protocol. You can get the IP address using the ifconfig or ip a commands.

http://your_domain.tld

If the UFW firewall is enabled in your system, you should add a new rule to allow HTTP traffic through the firewall by entering the following command.

ufw allow WWW

or

ufw allow 80/tcp

The iptables raw rules that need to be inserted to let the incoming port 80 traffic through the firewall so that you can visit the web server remotely are shown below.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service

In this tutorial, we will be installing Zurmo CRM securely through the web browser. To secure the web application, we will enable the HTTPS protocol in the Apache HTTP server via the TLS module. This option encrypts the traffic between the client browser and the web server. To enable the TLS module of the Apache HTTP server and the SSL site configuration file, execute the following commands. The TLS module works with the default self-signed certificate issued during installation.

a2enmod ssl
a2ensite default-ssl.conf

Next, open the default Apache SSL configuration file with a text editor and add the following rules as described below.

nano /etc/apache2/sites-enabled/default-ssl.conf

Add the following lines of code after DocumentRoot directive as shown in the following excerpt:

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

The AllowOverride All line tells the server to read and apply the rules specified in the .htaccess files hosted in your domain’s webroot path.

Also, open and edit the /etc/apache2/sites-enabled/000-default.conf file and add the same rules to this configuration file, following the DocumentRoot line as shown in the example below.

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Finally, restart the Apache server so that all the rules configured so far are applied and your domain or server IP address is accessed using the HTTPS protocol.

systemctl restart apache2

https://yourdomain.tld

Since you are using a self-signed certificate to encrypt traffic between the server and the client browser, a warning message will be displayed in your browser. This warning is generated because the certificate is not trusted by the browser. To avoid subsequent browser warnings, you should buy a certificate issued by a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA.

However, first add an exception to accept the untrusted certificate in your browser. After adding the exception, you should be redirected to the Apache default website, as shown in the figure below.

If the UFW firewall application blocks incoming network connections on the HTTPS port, you should add a new rule to allow incoming traffic on port 443 through the firewall by entering the following command.

ufw allow 'WWW Full'

or

ufw allow 443/tcp

The iptables rule that allows incoming traffic from port 443 to pass through the firewall is shown below.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT

Then save the iptables rules and restart the service to apply the new rule.

netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent

Finally, create a PHP info configuration file in your domain’s webroot path by entering the following command.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php

To view the server’s PHP configurations, such as the PHP time zone, call the PHP info script from a browser at the following URL.

https://domain.tld/info.php

The next step in the initial configuration is to install and back up the RDBMS database. A relational database is required by the Zurmo CRM platform to store application configurations, accounts, sessions, contacts, catalogs and other settings. In this tutorial, we will configure the Zurmo CRM web application with the MariaDB database as the backend. To install the MariaDB database client and server, and the PHP extension to access the MariaDB database, run the following command:

apt install mariadb-server mariadb-client php7.0-mysql

After the MariaDB database server is installed, log in to the MySQL console and secure the MariaDB root account by running the following commands.

mysql -h localhost
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> use mysql;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

MariaDB [mysql]> update user set plugin=” where user=’root’;

Query OK, 1 row affected (0.00 sec)

Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit

Next, you secure MariaDB with the script mysql_secure_installation. The script asks a series of questions to secure the MariaDB database, such as: change the MySQL root password, remove anonymous users, disable remote root logins, and delete the test database. Make sure you answer “Yes” to the questions, as seen in the script output below.

mysql_secure_installation

Finally, test that MariaDB is secured by trying to log in to the database via the console without providing a root password. Access to the database should be denied if no password is specified for the database root account, as seen in the following command snippet:

mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

Do not confuse the MySQL root account with the Linux system root account. They are two different accounts. However, if you specify the password for the database root account, the login process should be granted and you should be able to log in to the MySQL console, as seen in the following command example:

mysql -h localhost -u root -p
Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> exit

Bye

Install Zurmo CRM

After the LAMP stack has been successfully installed and configured to install the Zurmo CRM application, run the following command to install some necessary utilities that will help you download, extract and install the application from the sources.

apt install wget zip unzip curl

In the next step, visit the official Zurmo CRM download page at http://zurmo.org/download and download the latest stable compressed zip archive to your system using the following command.

 wget http://build.zurmo.com/downloads/zurmo-stable-3.2.4.01254e9117e1.tar.gz

After the Zurmo CRM zip file download is complete, unzip the zip archive to your current working directory and list the unzipped files using the following commands.

unzip zurmo-stable-3.2.4.01254e9117e1.zip
ls
ls –al zurmo

Next, remove the default index.html file installed by the Apache web server into your domain’s webroot path, as well as the info.php file you created for testing purposes by entering the following commands.

rm /var/www/html/index.html
rm /var/www/html/info.php

The installation files for Zurmo CRM are located in your current working directory in the zurmo/ directory. Enter the ls command to list the included files. Then transfer the entire contents of the unzipped directory to the root of your web server by entering the following command.

cp -rf zurmo/* /var/www/html/

Give the Apache runtime user full write permission to the web root path by entering the following command.

chown -R www-data:www-data /var/www/html/

Run the ls command to list the permissions for the installed files in the /var/www/html/ directory. The Apache runtime user should have all installed files and full permissions.

ls –al /var/www/html/

Next, log in to the MariaDB database console and create a database for the Zurmo CRM application. Also, create a new database user and a secure password to manage the application database by entering the following commands. Replace the database name, user and password accordingly.

mysql –u root -p
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database zurmocrm_db;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant 'crm_user'@'localhost', identified by 'password1234', all rights on zurmocrm_db.*;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

Now proceed with Zurmo CRM installation by opening a browser and navigating to the IP address, domain name or FQDN of your server using HTTPS protocol.

https://yourdomain.tld

On the first installation screen, the Zurmo CRM installer displays the welcome screen with a list of items you need to know before starting the installation process. Review the list and click the Click to Start button to begin the installation process, as shown in the screenshot below.

On the next screen, the installer will check your system requirements and display the message“PASS” for each required option. If all server requirements are met, click the Next button to proceed to the next step of the installation process (see screenshots below).

On the next screen you will add the hostname or IP address of the database and the port number of the database. In this case, the database will be installed on the same node as the application, so select localhost as the database hostname and port 3306 as the database port. Next, leave the username and password of the database administrator blank and enter the name, username and password of the Zurmo CRM database.

The default admin account for Zurmo is called ‘super‘. Make sure you add a Zurmo CRM administrator superuser password for this account. Next, scroll down and add the memcache hostname (127.0.0.1) and port number (11211). Finally, check that the hostname is recognized correctly and points back to your domain name and that the script URL points to the script path /app/index.php. When you are done, you can check “Submit Crash to Sentry” and click the Install button to start the installation process.

After the database structure is imported and all settings are written to the application configuration file, the installation process is complete. The installer will display the message ” Congratulations!” informing you that the installation process has been successfully completed. Click “Log in” to log in to the Zurmo CRM Admin Panel.

Before logging into the Zurmo Admin Panel, you must first return to the server console and enter the following command to delete the PHP test script file from the app directory.

rm /var/www/html/app/test.php

Log in to Zurmo CRM using the username of the “Super” account and the password set up for that account during the installation (see the figure below).

After logging into the Zurmo Control Panel, navigate to Users -> Superuser -> Change Password and update the account’s password to secure the application.

Then click the Edit button on the account’s top menu and rename the superuser name. When you are done, click Save to apply the changes.

You can also access the Zurmo CRM Control Panel by navigating to the /app/ URL link to your server IP address or domain name using the HTTPS protocol. Use the newly configured credentials to log in to the backend panel

https://yourdomain.tld/app/

To force visitors to browse the Zurmo CRM application and securely access the backend panel using the HTTPS protocol, which encrypts traffic between the server and client browsers, return to your server’s console and create an .htaccess file at the root of your website by running the following command .

nano /var/www/html/.htaccess

Add the following lines to automatically redirect domain traffic to HTTPS.

# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>

At the end of the .htaccess file, you can add the following new lines that change the native PHP server settings. Change the PHP settings to fit your own server resources and configurations.

Extract from the.htaccess file:

# Modify PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M

That’s it! You have successfully deployed the Zurmo CRM application on a Debian 9 server. For more custom configurations of the Zurmo CRM platform, visit the documentation page at the following address: http://zurmo.org/wiki.