Our Infrastructure
We’ve built our infrastructure to be cost-effective, reliable, and scalable. Here’s a breakdown of how we’ve set things up to optimize EspoCRM for performance and security.
Server Setup
We rely on Hetzner as our server provider. Our setup includes a VPS with 4vCPU Arm64, 8 GB RAM, and 80 GB of local disk space. At just 5.99 EUR per month, it’s an incredibly affordable solution that meets our needs without breaking the bank. We’re using Ansible to automate deployment of our services.
Configuration
Our EspoCRM instance runs as a Docker container, which allows us to keep things lightweight and efficient. We’ve customized our stack to optimize performance, making EspoCRM faster and more flexible. Instead of relying on traditional cron jobs, we use Websockets and Daemon for real-time updates and smoother operations.
To further enhance our setup, we’ve integrated external object storage with EspoCRM. This not only improves performance but also ensures our data is managed efficiently.
Authentication
To ensure secure and streamlined access to our services, we leverage Authentik as our centralized Single Sign-On (SSO) and Identity Provider (IdP). This modern, self-hosted solution enhances security while simplifying user management across our entire ecosystem, including EspoCRM and other integrated tools.
Key Features & Benefits
- Unified Access Control: Single sign-on (SSO) allows users to log in once and access multiple services without repeated authentication.
- Enhanced Security: Multi-Factor Authentication (MFA) and password policies ensure robust protection.
- Granular Permissions: Role-based access control (RBAC) lets admins assign permissions at the user or group level.
- Self-Service & Automation: Users can reset passwords or enroll in MFA via a self-service portal.
- Audit & Compliance: Detailed logs track every authentication attempt and admin action.
Backups
Data safety is a top priority for our organization. To safeguard against data loss, corruption, or disasters, we implement a multi-layered backup strategy that combines automated daily backups, geographic redundancy, and encryption.
Backup Strategy
- Daily EspoCRM Backups: Full backups of the EspoCRM instance are performed daily using restic, a fast and secure backup tool.
- Redundant Storage Locations: Backups are uploaded to Azure Blob Storage and replicated to additional offsite locations.
Monitoring
To ensure the reliability and availability of our services, we maintain a self-hosted instance of Uptime Kuma. This lightweight yet powerful monitoring tool allows us to track uptime, receive instant alerts, and view historical data.
Summary
This infrastructure has been a game-changer for us, balancing cost, performance, and reliability. If you’re considering a similar setup, we hope this gives you some useful insights! Need help with your EspoCRM setup? Contact us for expert assistance.