Traefik and EspoCRM¶
Traefik is an open-source reverse proxy that makes it easy to work with microservices and/or just containers with your applications.
To connect Traefik and EspoCRM, you can use the Docker Compose environment. Also, you must have your own domain.
- Create a folder that will contain your EspoCRM files and database.
- Create here a
docker-compose.yml
file:
docker-compose.yml¶
services:
traefik:
image: traefik:latest
container_name: traefik
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.websecure.address=:443
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.esporesolver.acme.tlschallenge=true
- --certificatesresolvers.esporesolver.acme.email={EMAIL_ADDRESS}
- --certificatesresolvers.esporesolver.acme.storage=/letsencrypt/acme.json
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- ./letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
espocrm-db:
image: mariadb:latest
container_name: espocrm-db
command: --max-allowed-packet=64MB
restart: always
environment:
MARIADB_ROOT_PASSWORD: root_password
MARIADB_DATABASE: espocrm
MARIADB_USER: espocrm
MARIADB_PASSWORD: database_password
volumes:
- ./espocrm-db:/var/lib/mysql
espocrm:
image: espocrm/espocrm:latest
container_name: espocrm
environment:
ESPOCRM_DATABASE_HOST: espocrm-db
ESPOCRM_DATABASE_USER: espocrm
ESPOCRM_DATABASE_PASSWORD: database_password
ESPOCRM_ADMIN_USERNAME: admin
ESPOCRM_ADMIN_PASSWORD: password
ESPOCRM_SITE_URL: "https://{ESPOCRM_DOMAIN}"
restart: always
volumes:
- ./espocrm:/var/www/html
labels:
- traefik.enable=true
- traefik.http.routers.espocrm-app.rule=Host(`{ESPOCRM_DOMAIN}`)
- traefik.http.routers.espocrm-app.entrypoints=websecure
- traefik.http.routers.espocrm-app.tls=true
- traefik.http.routers.espocrm-app.tls.certresolver=esporesolver
espocrm-daemon:
image: espocrm/espocrm:latest
container_name: espocrm-daemon
volumes:
- espocrm:/var/www/html
restart: always
entrypoint: docker-daemon.sh
espocrm-websocket:
image: espocrm/espocrm:latest
container_name: espocrm-websocket
environment:
ESPOCRM_CONFIG_USE_WEB_SOCKET: "true"
ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBSCRIBER_DSN: "tcp://*:7777"
ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBMISSION_DSN: "tcp://espocrm-websocket:7777"
volumes:
- espocrm:/var/www/html
restart: always
entrypoint: docker-websocket.sh
labels:
- traefik.enable=true
- traefik.http.routers.espocrm-ws.rule=Host(`{ESPOCRM_DOMAIN}`) && PathPrefix(`/ws`)
- traefik.http.routers.espocrm-ws.entrypoints=websecure
- traefik.http.routers.espocrm-ws.tls=true
- traefik.http.routers.espocrm-ws.tls.certresolver=esporesolver
- traefik.http.services.espocrm-ws.loadbalancer.server.port=8080
volumes:
espocrm-db:
espocrm:
Traefik container commands explanation:
- api.insecure=true – Enable the API in insecure mode. You can access Traefik Dashboard at
your_server_IP:8080
- providers.docker=true – Enable Docker as the provider for Traefik
- providers.docker.exposedbydefault=false – Don't expose every container to Traefik, only expose enabled ones
- entrypoints.websecure.address=:443 – Define an entrypoint for HTTPS on port :443 named websecure
- entrypoints.web.address=:80 – Define an entrypoint for port :80 named web
- entrypoints.web.http.redirections.entryPoint.to=websecure – Redirect all incoming requests to entrypoint websecure
- entrypoints.web.http.redirections.entryPoint.scheme=https – Redirection target scheme
- entrypoints.web.http.redirections.entrypoint.permanent=true – Apply a permanent redirection
- certificatesresolvers.esporesolver.acme.tlschallenge=true – Enable TLS-ALPN-01 to generate and renew ACME certificates
- certificatesresolvers.esporesolver.acme.email=
{EMAIL_ADDRESS}
– Setting email for certificates - certificatesresolvers.esporesolver.acme.storage=/letsencrypt/acme.json – Defining acme.json file to store certificates information
EspoCRM container commands explanation:
- traefik.enable=true – Enable Traefik to proxy main EspoCRM container
- traefik.http.routers.espocrm-app.rule=Host(
{ESPOCRM_DOMAIN}
) – Your domain name goes here for the HTTP rule - traefik.http.routers.espocrm-app.entrypoints=websecure – Define entrypoint for HTTPS
- traefik.http.routers.espocrm-app.tls=true – Make sure all routers tied to this entrypoint are using HTTPS by default
- traefik.http.routers.espocrm-app.tls.certresolver=esporesolver – Define certificates resolvers for HTTPS
The labels in the EspoCRM container for WebSocket works in exactly the same way, we only add a prefix to the host and open port 8080 for container.
Now, start containers with the CLI command docker compose up -d
.
You can track the work of Traefik on the Dashboard at your_server_IP:8080.
EspoCRM will work with both HTTP and HTTPS on your domain.