Community Blog Manage Customer Relations with SuiteCRM on Alibaba Cloud

Manage Customer Relations with SuiteCRM on Alibaba Cloud

In this tutorial, we are going install SuiteCRM on an Alibaba Cloud ECS instance, and configure it to use Alibaba Cloud DirectMail as its SMTP provider.

By Jeff Cleverley, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Every time someone from your company picks up a phone and calls a customer, emails a client, meets a sales prospect, follows up a lead, or interacts in anyway with potential or current customers, they are generating new and potentially valuable information. But how can you manage that information, manage those interactions and ensure that you develop the relationships with customers that will most benefit your business?

One approach to this business area is the use of Customer relationship management (CRM) platforms. Using a CRM businesses can compile date across all the communications channels including from the company website, telephone, email, chat, marketing and social media, and analyze the progress and maintenance of these most vital relationships. Through the use of CRMs, your business will learn more about your target audience, and how best to serve them.

There are many famous CRM solutions on the market, prominent names in the field offering highly expensive hosted platforms on subscription. However, as with most things these days, the Open Source community has stepped up with a solution that is causing a major disruption in the CRM market.

Meet SuiteCRM. SuiteCRM is a fully featured Open Source CRM. It was originally an Open Source fork of one of the industry's major players - SugarCRM - but has grown into an innovation leader that now stands apart. SuiteCRM is as powerful as any of the major players, including Salesforce CRM or Microsoft Dynamics CRM, but is backed by an Open Source community of over 90,000 members, a user base of over 4,000,000, with nearly 2000 translators and 69 language packs.

In this tutorial, we are going install SuiteCRM on an Alibaba Cloud ECS instance, and configure it to use Alibaba Cloud DirectMail as its SMTP provider. As part of the tutorial we will configure a domain, LEMP stack, virtual host and SSL, and also add the necessary Cron Jobs for SuiteCRM to function properly.

I will be using a 'root' user to issue commands in the examples. If you are not using the root user, please remember to issue the 'sudo' command before each command where root privileges are necessary. In the code and command examples I will be using a test domain – an-example.com. You should have your own domain available to use.

Before you begin this tutorial, you should have an Alibaba Cloud ECS instance provisioned and running, with at least 1GB of Memory. You should have uploaded your public SSH key to the server during provisioning so that you can access your server by SSH in the terminal

Step 1: Configure Server Security Group

Once you have provisioned your Alibaba Cloud ECS instance, you should be viewing it in the instances list of your ECS Management Console.

In the Elastic Compute Services Horizontal Menu bar, to the left of the Instance list, click the Security Groups link to go to the Security Group List.

In the Security Group List panel you will see the security group for your instance. At the right of the Security Group click the Configure Rules link.

Configure Inbound Port Rules

In the Security Group Rules panel, you will see a tabbed interface with tabs for both Inbound and Outbound rules.

The Inbound rules will be displaying initially, you should see all the default system configured rules. Locate and click the Add Security Group Rules button in the top right of the panel.

We require the following Inbound Ports to be open:

  • 22 (SSH)
  • 80 (HTTP)
  • 443 (HTTPS)
  • 2222 (Webinoly Tools)

Default system rules already have the SSH(22), HTTP(80) and HTTPS(443) ports open. This means we only need to add one rule for the Webinoly Tools.

Webinoly Inbound Port

Configure one additional Security Group Rule as follows:
Rule Direction: Inbound
Authorization Policy: Allow
Protocol Type: Custom TCP
Port Range: 2222/2222
Priority: 1
Authorization Type: Address Field Access
Authorization Object:
Description: Webinoly Tools Port

With this port configured correctly your Inbound Security Group Rules tab should like this this:

<Fully Configured Inbound Security Group Rules Tab>

Configure Outbound Port Rules

Now click the Outbound rules tab. There should only currently be two Ports open, the default rules for HTTP(80) and HTTPS(443).

Again locate and click the Add Security Group Rules button in the top right of the panel. This time we will need to add 3 rules to the security group.

The following additional ports need to be opened:

  • 22 (SSH)
  • 25 (SMTP)
  • 11371 (Access GPG Keys)

Outbound SSH Port

First let's configure the SSH Port

Rule Direction: Inbound
Authorization Policy: Allow
Protocol Type: Custom TCP
Port Range: 22/22
Priority: 1
Authorization Type: Address Field Access
Authorization Object:
Description: Webinoly SSH

Outbound SMTP Port

Next we will configure the SMTP Port
Rule Direction: Inbound
Authorization Policy: Allow
Protocol Type: Custom TCP
Port Range: 25/25
Priority: 1
Authorization Type: Address Field Access
Authorization Object:
Description: Webinoly SMTP

Outbound GPG Keys Port

Finally, we need to configure the port to access the Webinoly GPG keys
Rule Direction: Inbound
Authorization Policy: Allow
Protocol Type: Custom TCP
Port Range: 11371/11371
Priority: 1
Authorization Type: Address Field Access
Authorization Object:
Description: Webinoly GPG

With the additional outbound ports configured correctly the Outbound Security Group Rules tab should like this this:

<Fully Configured Outbound Security Group Rules Tab>

Step 2: Configure Application Domain and Alibaba Cloud DNS

Now we have our Security Group properly configured the next step is to configure our site domain and DNS. To do this, first click the Alibaba Cloud DNS link in the Domains & Websites section of the main services left horizontal menu. In the Alibaba Cloud DNS Panel you will see a list of any and all domains you have configured.

Add your Domain

At the moment my list is empty as I have none configured. To add a domain click the blue Add Domain Name button at the top right of the panel.

A pop up modal will appear, add your domain name and click Confirm.

Configure your Domain Name Servers (DNS)

If you haven't configured your Domain Name Server with Alibaba DNS at your domain registrar you will see an orange Invalid DNS Server warning in the status column of your Basic DNS Domain List.

If your domain is registered with Alibaba Domains, then you will not see this warning and your DNS server will already be configured correctly.

Click on the Configure link at the left of the Domain in the list.

If your domain is not registered with Alibaba Cloud, you need to change the name server. Inside the DNS settings Panel you will a yellow panel instructing you to change your DNS server and providing you with the correct Alibaba Cloud DNS Server addresses. Copy the provided name servers.

Log in to your third party domain registrar control panel and locate the Nameservers Section for the domain you are using. Change the DNS settings to a custom domain and enter the DNS settings provided by Alibaba Cloud DNS.

In my Domain Registrar the setting looks like the following:

<Change third party domain DNS to Alibaba Cloud DNS>

Add DNS records for your domain in Alibaba Cloud DNS

At a minimum we will need to add 2 DNS records for our domain. We will be adding the A record for all hosts at our Instances IP address. As our CRM application requires HTTPS to function we will also need to add the www host CNAME record that is required to implement a Lets Encrypt SSL certificate.

Click the Add Record button just above the top left of the DNS records list for the domain.

First we will add the A record as follows:
Type: A - IPV4 address
Host: @
ISP Line: Default
TTL: 10 minutes

Click Confirm to add the record.
Next we add the www CNAME record as follows:
Type: CNAME - canonical name
Host: www
ISP Line: Default
TTL: 10 minutes

Click Confirm to add the record.

With both of your DNS records added and your domain DNS servers configured correctly the DNS settings list should look like this:

<Basic Domain DNS configured correctly>

Step 3: Install a LEMP Server Stack

We will be using the Webinoly LEMP Stack Automation Script Tool to install and configure our LEMP stack, application virtual hosts and directory, and the Let's Encrypt SSL certificate.

First we need to log in to our server. A prerequisite to this tutorial is adding your SSH keys when you provisioned the instance, so this is easy. Issue the following command from your terminal:

# ssh root@<your-server-ip-address>

It is easy to install a highly performant LEMP stack, consisting of Nginx, MariaDB, and PHP7.2, with Webinoly. Just issue the following command:

# wget -qO weby qrok.es/wy && bash weby 3

Once Webinoly has completed the installation and configuration of your LEMP stack you will be provided with the root and admin passwords to your MariaDB installation. It is very important that you keep these keys safe!

Step 4: Configure Nginx Virtual Host and Directory

We will be installing a PHP based CRM, so we will need to configure our Nginx virtual host to pass PHP requests to PHP-FPM.

Webinoly actually makes it incredible easy to configure the Nginx virtual host and directory structure that any PHP based application requires, just issue the following command:

# site your-site-domain.com -php

You will get a success message response, and that's it! Seriously, that's all to it.

We can check your Nginx site configuration file has been created in the '/etc/nginx/sites-available/ directory and symlinked into the /sites-enabled/ directory with the following commands:

# cd /etc/nginx/sites-available/ && ls
# cd /etc/nginx/sites-enabled/ && ls

You may inspect the virtual host configuration file using the text editor.

# nano /etc/sites-available/your-site-domain.com

Make a note of the root folder location, it should be '/var/www/your-site-domain.com/htdocs':

Now, just to be sure that everything will work properly, we can double check that the directory structure has been created and the web applications root directory is where it should be.

# cd /var/www/your-site-domain.com/htdocs && ls

This should take you into the empty root application directory:

Step 5: Enable HTTPS with Let's Encrypt

SuiteCRM requires HTTPS, so we will need to issue an SSL certificate and enable HSTS (HTTPS Strict Transport Security) which will ensure that all communications with the site are routed through the secure protocol.

This is another task made easy with Webinoly, just issue the following command:

# site your-site-domain.com -ssl-on

For this command to work, you must also have created the 'www' host CNAME alias to your main domain in the Alibaba Cloud DNS

You will be prompted to enter an email address to register the certificate.

Webinoly will then generate an SSL certificate for you, AND create the cron job necessary to renew the certificate so that your site security protocol will never lapse:

As part of the Webinoly installation the certificate Diffie-Hellman parameters were upgraded, so this certificate is now A-rated immediately. How great is that?

Step 6: Create a MariaDB MySQL Database and User

When Webinoly installed MariaDB, it ran through the security and hardening process automatically, so we don't need to do that, instead we can just go straight ahead and create the database and user we need.

Open MariaDB as root user with the following command (you will need the root password you wrote down at the end of Step 3):

# mysql -u root -p

You will be prompted for the root password. Create the database (replace 'suite' database name with an appropriate name for your needs.):


Then create the database user, grant privileges and set the user password (replace the 'admin' user, and 'secure_admin_password' password with appropriate entries for your needs):

GRANT ALL ON suite.* TO 'admin'@'localhost' IDENTIFIED BY 'secure_admin_password';

Once this is completed, flush privileges and exit MariaDB:


After each command the MariaDB monitor should have responded with 'Query OK' and the rows affected. Your terminal should look similar to:

<Create the Database, and attach a User>

Step 7: Prepare Application Directories and Files.

We need to make sure we have the use of the Zip archive utility on our Instance, install it with the following command:

# apt-get install zip unzip

Next we are going to get the download link from the SuiteCRM site, on the downloads page right-click on the big red Download button, and Copy Link Address:

<Copy the download link at the SuiteCRM site>

Now change directory into the '/var/www/your-domain.com/directory', one level above the '/htdocs' root directory:

# cd /var/www/your-domain.com

Download the SuiteCRM Archive Zip into this directory using the download link you copied from the SuiteCRM site (remember to use the actual download link and not just copy the above command directly):

# wget https://archive/download/link/copied/from/the/SuiteCRM/site/SuiteCRM.zip

If you list out the directory contents with owner and permissions, you will see the existing '/htdocs' directory belongs to the 'www-data:www-data' user and group.

Notice the name of the downloaded SuiteCRM Zip Archive. It has a version number.

# ls -l

<List the contents of the directory and note the Archive name>

Unzip the SuiteCRM Zip Archive:

# unzip SuiteCRM.zip

Remember the Archive Zip will include an appended version number - use the correct archive title from your terminal and don't just copy the above code. Please see the screenshot below.

<Unzip the SuiteCRM Archive Zip>

Now delete the unneeded archive and list out the directory contents:

# rm SuiteCRM.zip && ls -l

You will see the directory now includes two sub-directories, the 'htdocs' directory and the SuiteCRM directory:

<List the Directory contents after deleting the Archive>

We need to delete the original 'htdocs' directory and then rename the 'SuiteCRM' directory to 'htdocs':

# rm -rf htdocs
# mv SuiteCRM htdocs

You will still need to change ownership of the newly named 'htdocs' to 'www-data:www:data', then list the directory out to make sure the changes have taken:

# chown -R www:data:www-data htdocs
# ls -l

The last thing we need to do before installing the application is to fix the file ownerships. Change directory into the 'htdocs' directory and issue the following commands:

# cd htdocs
# chmod -R 755 .
# chmod -R 775 cache custom modules themes data upload
# chmod -R 775 config_override.php 2>/dev/null

Step 8: Install SuiteCRM

To install SuiteCRM we now just need to visit our domain and the application installer will guide us through the steps:


License Check

SuiteCRM is a GPL Version 3 licensed Open Source application, so first we need to check the I Accept checkbox to accept the license and click Next:

System Environment Check and Cron Job Instructions

After that the SuiteCRM will run through the system environment checks, everything should pass as OK, but make sure to copy down the Cron Job setup instructions that will be provided on the next page.
Once you have copied these down, click Next:

<Copy the Cron Job Set Up instructions after the System Environment Check>

Database and Site Configuration

Database Configuration

Now we need to provide the Database details for our database. Enter the Database name and localhost as host.

Select provide existing user from the Suite Database User drop-down selector, then enter your database username and password.

Site Configuration

In the site configuration section choose a name and set a password for your Admin user, make sure your SuiteCRM URL is set with the :443 HTTPS port, and finally set the email for the Admin user.

When everything has been configured, click Next:

<Configure the SuiteCRM database and Admin User>

You will now be taken to the SuiteCRM login page at the Application domain root URL, login with the Admin username and password you set in the previous step.

After login you are immediately directed to your user Dashboard:

<SuiteCRM Dashboard>

Step 9: Configure Alibaba Cloud DirectMail

In your Alibaba Cloud Console, select DirectMail from the Products drop-down in the top left navigation.

Configure Email Domain

Select Email Domains from the DirectMail left horizontal navigation:

Set an Email Domain for your DirectMail

Click the New Domain button in the top right of the Email Domains panel:

Add your domain in the pop up modal. You will need to set your DirectMail Email domain as a subdomain of your primary site domain. I suggest using 'directmail' as the subdomain in the following format:


Once you have added your Email Domain, you will need to configure its DNS records before it can be verified. Click the Configure link to be provided with the DNS records you need:

A panel will open providing you with the necessary Domain Configuration DNS records. You will need to copy these records and enter them as records in the Alibaba Cloud DNS for your domain.

<DirectMail Email Domain Configuration DNS Records>

Configure DirectEmail Email Domain DNS Records

Return to the Alibaba Cloud DNS Settings Panel for your Domain and enter the Domain Configuration records you were provided:




<Add the DirectEmail Email Domain DNS Records>

Once these have been added your DNS records for the SuiteCRM domain should look similar to this:

<Completed Domain DNS records>

Verify Your DirectMail Email Domain

Back in the Email Domains list in the DirectMail Panel, you can now click Verify. You will be asked to confirm if you wish to verify, do so to proceed.

Configure Sender Address

Once you have successfully verified your Email domain, click the Sender Addresses link in the DirectMail horizontal navigation.

Configure Sender Address

In the Sender Addresses panel, click the Create Sender Address button at the top right of the panel to add a new sender.

In the pop up modal you will need to add some details.

For Email Domain, select the Email Domain you created in the previous step.

For Account, choose an Account Name. This Account Name will be used to create the sender Address in the following format:


For Reply-To-Address, you will need to enter an active email address that you have access to.

This address will not be used in any emails sent from DirectMail, but it is required to verify your sender Address. DirectMail will send a verification email to this address and you will not be able to complete set up of your SMTP password until you have clicked the link in this verification email.

For Mail-Type, select Triggered or Batch. For the purposes of the CRM I am using Triggered.

Verify your Reply-To address

Now we need to verify our Reply-To address. Click the Verify the Reply-To address link.

Then click confirm in the pop up box to send a verification email to your specified Reply-To email address.

You should receive a verification email in your inbox, you will need to click the link to verify the email address.

Set your SMTP password

Now that you have verified the Reply-To email address, you will see that the Reply-To Address(Status) column will show a success message next to the email address.

You can now click the Set SMTP password link to set a password. All we need to do now is add a secure password.

Step 10: Configure SuiteCRM to use Alibaba Cloud DirectMail SMTP

Copy the DirectMail SMTP server address and port

Before we return to our SuiteCRM application, we need to get the Alibaba DirectMail SMTP server address.

In the DirectMail overview panel, click the red link to go to the documentation. In the Alibaba DirectMail documentation, in the developer guide, you will find the SMTP server addresses and ports in the SMTP service address section.

Configure SuiteCRM SMTP Email Settings

In your SuiteCRM dashboard, you will find the Admin Settings in the Administrator drop-down selector at the right of the top navigation bar:

<Click the Admin link in the SuiteCRM navigation>

In the Administration page, scroll down and click Email Settings. In the Outgoing Mail Configuration settings panel you will need to use settings you configured previously in the Alibaba Cloud DirectMail configurations, as follows:

'From' Name: Choose any Name
'From' Address: @ (from Step 9.2.1)
Email Provider: Other
SMTP Mail Server: DirectMail SMTP Server (from Step 10.1)
Use SMTP Authentication: Checked
Username: @
Password: DirectMail SMTP password from (from Step 9.2.3)
SMTP Port: 465 (from Step 10.1)
Enable SMTP over SSL or TLS: SSL

Once configured, you should test the settings are working by clicking the Send Test Email button and entering an email address you have access to in the pop up modal:

Assuming everything has been configured properly, the modal window should confirm successful sending of the email. It will ask you to check for receipt of the email in your inbox.

Go to your inbox and confirm the email has been sent and received:

Step 11. Set up SuiteCRM Cron Job

The last thing we need to do is to create the Cron Job that SuiteCRM requires for all of it's automated tasks.

You will need the cron job information that was provided during the SuiteCRM installation in Step 8.

In your terminal enter the following command in your server to create cron job for the www-data user:

# crontab -e -u www-data

You will also need to choose an editor with which to edit the crontab.

<Add a crontab>

In the created crontab add the code provided.

* * * * * cd /var/www/your-site-domain.com/htdocs; php -f cron.php > /dev/null 2>&1

<Add a cronjob>

Do not just copy the above code - use the code provided that will replace 'your-site-domain.com' with the correct domain for your use case.

Save and exit the editor, and your terminal should confirm the installation of the crontab.


We are done, we have now installed one of the most powerful CRM platforms, SuiteCRM. It has a feature set to rival any of the biggest players but is completely open source and supported by a fantastic community.

You will now need to configure the platform for the specific business and users, to do that you can follow the excellent documentation on the SuiteCRM site.

0 0 0
Share on

Alibaba Clouder

2,600 posts | 753 followers

You may also like