Tweet
I've been working on this for a while and I thought there may be others who want to know how to do this. I couldn't find any guides online specifically for EspoCRM and there were tons of issues along the way. This should get you running on EC2 with a fresh install of EspoCRM-4.5.0 using only https (all http requests will redirect to https).
- Login to AWS and go to the EC2 dashboard
- Start a new EC2 instance (there are plenty of guides for this, but here's what I did specifically for a test Espo installation)
- I'm using 64-bit Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type. Select your AMI and hit next.
- Select a machine size/type. I'm using a t2.nano for this.
- I use all of the defaults on the next page (launch configuration details). Change this stuff to meet your needs.
- The next page is storage. I bumped up the storage to 20 GB because I'm using this as a sandbox.
- The following page allows you to add tags. I didn't do this, but it won't hurt anything if you do.
- The last page is about security. You want to make sure you have the following rules:
- ssh from <IP> (using 0.0.0.0 is fine, but it's not very secure)
- http from 0.0.0.0
- https: from 0.0.0.0
- Click review and launch
- Look over the settings and click launch. It will ask you to generate a new ssh key or use an existing one. I generated a new one for this and then saved it.
- After the instance launches, go to the dashboard and look for the Public DNS (IPv4) value. If you want to use a more readable dns name, now is the time to add a CNAME entry to your zone file, e.g. "crm.mywebsite.com" with a value of "ec2-<some_ip_address>.compute-1.amazonaws.com".
- You should be able to ssh to the instance now with whichever DNS name you want to use. Make sure you use ec2-user as the username.
- Start the webserver installation/update process:
- Update the OS: sudo yum update -y
- Install Apache and PHP 7.0 + extensions: sudo yum install -y httpd24 php70 php70-mysqlnd php70-imap php70-mbstring php70-gd mod24_ssl php70-zip
- Turn on apache: sudo service httpd start. The site should load the default Apache index.
- Make sure Apache starts after a reboot: sudo chkconfig httpd on. Verify that run states 2-5 are on with chkconfig --list httpd
- Configure PHP
- Edit php.ini: sudo vi /etc/php.ini
- Change max_execution_time to 180
- Change max_input_time to 180
- Enable and change max_input_vars to 2000 (or whatever you want, but 1000 is a little low)
- Change the memory limit to 256M
- Change post_max_size to 20M
- Change upload_max_filesize to 20M
- Setup SSL using letsencrypt/certbot
- cd to your home directory if you aren't there anymore: cd
- Download certbot: wget https://dl.eff.org/certbot-auto
- Change the permissions of the file so it will execute: chmod a+x certbot-auto
- Run/Install certbot: sudo ./certbot-auto certonly --standalone -d your.domain.com --debug
- You should now have certificates in /etc/letsencrypt/live/your.domain.com
- Configure Apache
- Make changes in httpd.conf: sudo vi /etc/httpd/conf/httpd.conf
- Find the ServerName directive and change it to your.domain.com:80
- Add the following lines below ServerName if you want your site to only serve https (all http requests will redirect to https):
- RewriteEngine on
- RewriteCond %{HTTPS} off
- RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
- Inside the <Directory "/var/www/html"> block, change AllowOverride None to AllowOverride All
- Edit ssl.conf: sudo vi /etc/httpd/conf.d/ssl.conf
- Uncomment: DocumentRoot "/var/www/html"
- Uncomment and change: ServerName your.domain.com:443
- Modify: SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
- Change: SSLCertificateFile /etc/letsencrypt/live/your.domain.com/cert.pem
- Change: SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.com/privkey.pem
- Uncomment and change: SSLCertificateChainFile /etc/letsencrypt/live/your.domain.com/fullchain.pem
- Restart apache to make sure you didn't make any typos: sudo service httpd restart
- Make changes in httpd.conf: sudo vi /etc/httpd/conf/httpd.conf
- Set permissions for your user and the document root folder
- Make a www group: sudo groupadd www
- Add ec2-user to the www group: sudo usermod -a -G www ec2-user
- Restart your shell and you should see www in your group list when you run groups
- Change the owner of /var/www: sudo chown -R root:www /var/www
- Change the permissions of /var/www: sudo chmod 2775 /var/www
- Upload EspoCRM and unzip it in the httpd document root
- Upload EspoCRM.4.5.0.zip to /home/ec2-user
- cd /var/www
- sudo unzip ~ec2-user/EspoCRM-4.5.0.zip
- The unzipped files should now be in /var/www/EspoCRM-4.5.0
- Move the files to /var/www/html: sudo mv EspoCRM-4.5.0/* html/
- Change the ownership of the files in /var/www/html: sudo chown -R apache:apache /var/www/html
- Make index.php executable: sudo chmod g+x /var/www/html/index.php
- Restart httpd one more time (sudo service httpd restart) and try it out. Hopefully, the page will load with a green lock.
- Install EspoCRM using the wizard
- Add the cron entry
- Make a new cron file for the root user: sudo crontab -e
- Paste in the command: * * * * * cd /var/www/html; /usr/bin/php -f cron.php > /dev/null 2>&1
Comment