Skip to content

Traefik and EspoCRM

Traefik is an open source reverse proxy that makes it easy to work with microservices and/or just containers with your applications.

To connect Traefik and EspoCRM, you need to do a little bit of Docker work. Also, you must have your own domain.

  1. Create a folder that will contain your EspoCRM files and database.
  2. Create here text file docker-compose.yml:

docker-compose.yml

version: "3.9"

services:

  traefik:
    image: traefik:latest
    container_name: traefik
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.websecure.address=:443
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --certificatesresolvers.esporesolver.acme.tlschallenge=true
      - --certificatesresolvers.esporesolver.acme.email=your_email@example.com
      - --certificatesresolvers.esporesolver.acme.storage=/letsencrypt/acme.json
    ports:
      - "80:80"        # http
      - "8080:8080"    # :8080 Dasboard
      - "443:443"      # https
    volumes:
      - ./letsencrypt:/letsencrypt                       # volume for certificates (TLS)
      - /var/run/docker.sock:/var/run/docker.sock:ro     # volume for Docker admin

  mysql:
    image: mysql:latest
    container_name: mysql
    command: --default-authentication-plugin=mysql_native_password
    environment:
      MYSQL_ROOT_PASSWORD: root_password
      MYSQL_DATABASE: espocrm
      MYSQL_USER: espouser
      MYSQL_PASSWORD: database_password
    volumes:
      - ./mysql:/var/lib/mysql
    restart: always

  espocrm:
    image: espocrm/espocrm:latest
    container_name: espocrm
    environment:
      ESPOCRM_DATABASE_HOST: mysql
      ESPOCRM_DATABASE_USER: espouser
      ESPOCRM_DATABASE_PASSWORD: database_password
      ESPOCRM_ADMIN_USERNAME: admin
      ESPOCRM_ADMIN_PASSWORD: password
      ESPOCRM_SITE_URL: "https://your_domain.com"
    volumes:
      - ./espocrm:/var/www/html
    restart: always
    labels:
      - traefik.enable=true                                           
      - traefik.http.routers.espocrm-app.rule=Host(`your_domain.com`)
      - traefik.http.routers.espocrm-app.entrypoints=websecure
      - traefik.http.routers.espocrm-app.tls=true
      - traefik.http.routers.espocrm-app.tls.certresolver=esporesolver

  espocrm-daemon:
    image: espocrm/espocrm:latest
    container_name: espocrm-daemon
    volumes:
      - ./espocrm:/var/www/html
    restart: always
    entrypoint: docker-daemon.sh

  espocrm-websocket:
    image: espocrm/espocrm:latest
    container_name: espocrm-websocket
    environment:
     ESPOCRM_CONFIG_USE_WEB_SOCKET: "true"
     ESPOCRM_CONFIG_WEB_SOCKET_URL: "wss://your_domain.com/ws"
     ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBSCRIBER_DSN: "tcp://*:7777"
     ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBMISSION_DSN: "tcp://espocrm-websocket:7777"
    volumes:
      - ./espocrm:/var/www/html
    restart: always
    entrypoint: docker-websocket.sh
    labels:
      - traefik.enable=true
      - traefik.http.routers.espocrm-ws.rule=Host(`your_domain.com`) && PathPrefix(`/ws`)
      - traefik.http.routers.espocrm-ws.entrypoints=websecure
      - traefik.http.routers.espocrm-ws.tls=true
      - traefik.http.routers.espocrm-ws.tls.certresolver=esporesolver

volumes:
  mysql:
  espocrm:

Let's take a closer look at the commands of the Traefik container:

  • api.insecure=trueEnable the API in insecure mode. You can access Traefik Dashboard at your_domain.com:8080
  • providers.docker=trueEnable Docker as the provider for Traefik
  • providers.docker.exposedbydefault=falseDon't expose every container to Traefik, only expose enabled ones
  • entrypoints.websecure.address=:443Define an entrypoint for HTTPS on port :443 named websecure
  • entrypoints.web.address=:80Define an entrypoint for port :80 named web
  • entrypoints.web.http.redirections.entryPoint.to=websecureRedirect all incoming requests to entrypoint websecure
  • entrypoints.web.http.redirections.entryPoint.scheme=httpsRedirection target scheme
  • entrypoints.web.http.redirections.entrypoint.permanent=trueApply a permanent redirection
  • certificatesresolvers.esporesolver.acme.tlschallenge=trueEnable TLS-ALPN-01 to generate and renew ACME certificates
  • certificatesresolvers.esporesolver.acme.email=your_email@example.comSetting email for certificates
  • certificatesresolvers.esporesolver.acme.storage=/letsencrypt/acme.jsonDefining acme.json file to store certificates information

And also, let's analyze the labels of the main EspoCRM container:

  • traefik.enable=trueEnable Traefik to proxy main EspoCRM container
  • traefik.http.routers.espocrm-app.rule=Host(your_domain.com)Your domain name goes here for the HTTP rule
  • traefik.http.routers.espocrm-app.entrypoints=websecureDefine entrypoint for HTTPS
  • traefik.http.routers.espocrm-app.tls=trueMake sure all routers tied to this entrypoint are using HTTPS by default
  • traefik.http.routers.espocrm-app.tls.certresolver=esporesolverDefine certificates resolvers for HTTPS

The labels in the EspoCRM container for WebSocket works in exactly the same way, we only add a prefix to the host.


Now, it remains only to start our containers with the CLI command docker-compose up -d.

As it was said before, you can track the work of Traefik on the Dashboard at your_domain.com:8080.

EspoCRM will work with both HTTP and HTTPS on your domain.