Vc
Applications Azure

Vtiger CRM on Ubuntu 24.04 on Azure User Guide

| Product: Vtiger CRM on Ubuntu 24.04 LTS on Azure

Overview

Vtiger CRM Open Source Edition is a full featured free open source CRM used by sales, marketing and support teams to manage leads, contacts and organizations, run a pipeline of sales opportunities, produce quotes, invoices and inventory, and handle support tickets, all with reports and workflow automation in one web console gated by Vtiger's own user and access control. The cloudimg image ships Vtiger CRM 8.4.0 served by nginx and PHP 8.3 FPM on a hardened, fully patched Ubuntu 24.04 LTS base, together with a bundled local MariaDB server so the appliance is complete and useful on its own. Vtiger runs behind an nginx reverse proxy on port 80. The bundled MariaDB listens only on the loopback interface (127.0.0.1:3306) and keeps its database, along with uploaded documents, on a dedicated Azure data disk. A unique administrator password is generated on the first boot of every VM, and no default or shipped Vtiger login authenticates. Backed by 24/7 cloudimg support.

What is included:

  • Vtiger CRM 8.4.0 Open Source Edition served by nginx and PHP 8.3 FPM, managed by systemd
  • A bundled MariaDB server holding the Vtiger database, already installed and ready
  • A ready to use CRM served on :80, with the full schema and modules in place
  • A per VM administrator password generated on first boot and recorded in a root only file
  • No default login: the admin is set to a unique per VM secret stored as a modern password hash, and no known or blank credential authenticates
  • MariaDB bound to 127.0.0.1 only, never exposed to the network
  • A dedicated Azure data disk carrying the MariaDB database, uploaded documents and Vtiger writable state
  • All required PHP extensions and Vtiger's recommended PHP limits preconfigured, with the non strict MariaDB sql_mode Vtiger requires
  • nginx.service, php8.3-fpm.service and mariadb.service as enabled systemd units
  • An unauthenticated /healthz endpoint for Azure Load Balancer health probes
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for larger or busier teams. NSG inbound: allow 22/tcp from your management network and 80/tcp (and 443/tcp once you add TLS) for the console. Vtiger serves plain HTTP on port 80 out of the box; for production, terminate TLS in front of it with your own domain. The bundled MariaDB is never exposed: it listens on 127.0.0.1 only, so port 3306 stays off the network.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Vtiger CRM by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.

Step 2 - Deploy with the Azure CLI (alternative)

Prefer the command line? Create the VM from the cloudimg Vtiger CRM image with your resource group, image URN, size and SSH key. Open ports 22 and 80 on the network security group, then browse to the public IP.

az vm create \
  --resource-group my-rg \
  --name vtiger \
  --image <cloudimg-vtiger-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

az vm open-port --resource-group my-rg --name vtiger --port 80 --priority 900

Step 3 - Confirm the services and retrieve the admin password

SSH in as azureuser. All three services plus the first boot unit are active, with nginx listening on port 80 and MariaDB bound to the loopback interface only.

systemctl is-active nginx php8.3-fpm mariadb vtiger-firstboot
ss -tlnp | grep -E ':80 |:3306 '

The nginx, php8.3-fpm, mariadb and vtiger-firstboot services all active, with nginx listening on port 80 and MariaDB bound to loopback 127.0.0.1:3306

On the first boot of every VM, Vtiger generates a unique administrator password and records it, together with the sign in URL, in a root only file. Read it with sudo:

sudo cat /root/vtiger-credentials.txt

The per VM Vtiger credentials file, showing the admin login user, the generated password and the console URL

Step 4 - Sign in to Vtiger CRM

Browse to http://<your-vm-ip>/ and sign in with the user admin and the password from the credentials file. Vtiger presents its own sign in page. The site URL follows the request host, so the console is reachable by the VM public IP or your own domain with no extra configuration.

The Vtiger CRM sign in page showing the username and password fields and the version

Step 5 - Manage the sales pipeline

Open the Opportunities tab to see your sales pipeline with each deal's name, sales stage, expected close date and amount, sortable and filterable. Choose Add Opportunity to create a deal, set its stage and value, and track it to close.

The Vtiger CRM opportunities list showing the sales pipeline with opportunity names, sales stages, expected close dates and amounts

Step 6 - Manage leads, contacts and organizations

Open the Leads tab to work your inbound and prospected leads with name, company, phone, email and lead source, then convert a qualified lead into a contact, organization and opportunity in one step.

The Vtiger CRM leads list showing lead first and last names, companies, phone numbers and email addresses

Open the Contacts tab to manage the people you do business with, each linked to their organization, with email, phone and title, alongside Organizations, Documents, the calendar, quotes, invoices, the help desk, reports and workflows.

The Vtiger CRM contacts list showing contact names, organization names, email addresses and office phone numbers

Security model - no default credentials

Vtiger's installer creates the administrator account at install time. This image removes any known credential. The single admin account is rotated to a unique per VM secret on every first boot, stored as a modern PHASH bcrypt hash, and common guesses (admin, admin123, vtiger, password, blank and others) do not authenticate. Vtiger's own installed state guard blocks the web installer from ever running again, and nginx denies direct HTTP access to the configuration file and the storage, user privileges, cache and other sensitive directories. Every build proves, before the image is captured, that the per VM admin authenticates through the real Vtiger login form while the default and weak guesses are rejected.

bash /usr/local/sbin/vtiger-cred-roundtrip.sh

The per VM admin account in the Vtiger users table with the PHASH crypt type, and the round trip check confirming the per VM admin authenticates via the Vtiger login form while default and weak guesses are rejected

Where your data lives

The MariaDB database, Vtiger's uploaded documents and its writable state all live on a dedicated Azure data disk, not on the OS disk. MariaDB's data directory is bind mounted from the data disk onto /var/lib/mysql, and Vtiger's storage, cache and user_privileges directories are bind mounted from the same disk, so your leads, contacts, organizations, opportunities and documents survive a VM resize or OS disk swap and stay on managed, snapshot friendly storage.

curl -sI http://127.0.0.1/healthz | head -1
findmnt -no SOURCE,TARGET,FSTYPE,SIZE /data
findmnt -no SOURCE,TARGET /var/lib/mysql

The Vtiger CRM version, the healthz endpoint returning 200, the ext4 data disk mounted at /data and bind mounted onto /var/lib/mysql and the Vtiger storage directory, and the schema table, user and active module counts

Production - add your own domain and TLS

Vtiger serves plain HTTP on port 80 out of the box so you can sign in immediately. Before you rely on it for day to day business, put it behind your own domain and TLS so the console is served over HTTPS: point a DNS record at the VM, open 443/tcp on the NSG, and terminate TLS with a certificate from your own certificate authority (for example Let's Encrypt) in front of nginx. Once you have a fixed domain, pin $site_URL in /var/www/vtigercrm/config.inc.php to that HTTPS domain. Keep MariaDB on the loopback interface, take regular snapshots of the data disk, and restrict SSH to your management network.

Support

This image is built and maintained by cloudimg with 24/7 support. Vtiger CRM Open Source Edition is licensed under the vtiger Public License. cloudimg is not affiliated with or endorsed by Vtiger, and the in product "Powered by vtiger" attribution is retained as the license requires.