Dolibarr ERP & CRM is a powerful, open-source tool that enables businesses of all sizes to manage everything from accounting to inventory, customer relationships, HR, and more. However, as simple and user-friendly as it is, the installation process can trip up even seasoned users if the fundamentals are overlooked. A clean and well-executed installation sets the foundation for smooth usage, future scalability, and minimal downtime.

In this comprehensive article, we’ll walk through a detailed Dolibarr installation checklist and highlight the 7 most common mistakes you need to avoid to ensure a stable and secure deployment. Whether you're installing Dolibarr on a local server, shared hosting, VPS, or via Docker, this guide will help you avoid pitfalls that often result in broken installations, data loss, performance issues, or even security vulnerabilities.

Why Preparation Matters

Before diving into the installation, it’s essential to understand that Dolibarr, like any ERP/CRM system, handles critical data and workflows. An improperly configured environment, missing dependencies, or insecure setups can lead to costly problems down the line. Taking the time to follow a checklist ensures that your installation is secure, efficient, and aligned with best practices.

Let’s dive into the most frequent mistakes users make and how you can prevent them.

Mistake #1: Skipping System Requirements Verification

One of the biggest errors is assuming that any hosting environment or server will run Dolibarr without issue. Dolibarr is built using PHP and relies on MySQL or MariaDB. It’s vital to ensure your system meets the minimum technical requirements:

Dolibarr Minimum Requirements (as of current version):

• PHP 7.2 or higher (PHP 8.0+ recommended)

• MySQL 5.0+ or MariaDB

• Apache, Nginx, or another compatible web server

• Enabled PHP extensions: gd, json, mbstring, pdo_mysql, curl, zip

Solution:

• Use phpinfo() or php -m to check installed extensions.

• Use a LAMP/LEMP stack or tools like XAMPP, WAMP, or Docker with preconfigured environments.

• Ensure write permissions are properly set on Dolibarr directories (especially documents/ and conf/).

Skipping this verification can lead to silent failures during installation or runtime errors that are difficult to trace.

Mistake #2: Poor Database Configuration

A common issue occurs when users create a MySQL database without properly assigning privileges or use weak passwords.

Problematic Scenarios:

• Not creating a dedicated MySQL user.

• Using root access unnecessarily.

• Failing to assign full privileges to the Dolibarr database.

• Using characters in the password that may cause parsing errors in configuration files.

Solution:

• Create a unique MySQL database for Dolibarr.

• Create a dedicated database user (avoid using root).

• Use a strong password.

• Assign full privileges to the database user.

• Avoid special characters like @, $, #, and & unless you're experienced with escaping in config files.

Mistake #3: Leaving the Install Directory Intact

After successfully installing Dolibarr via the web-based setup, many users forget to delete or secure the /install/ directory. This poses a significant security risk, as malicious actors could potentially rerun the installer and corrupt your configuration or overwrite existing data.

Solution:

• Immediately after installation, delete the /install/ folder from your web directory.

• If you can't delete it due to permission issues, change its permissions to deny all access.

Dolibarr will warn you about this if the folder still exists, but it’s best to make it part of your installation checklist.

Mistake #4: Not Configuring HTTPS

Dolibarr can be accessed over HTTP by default, but using unencrypted traffic for an ERP/CRM system is a huge mistake.

Risks of HTTP:

• Exposes usernames and passwords to network sniffers.

• Vulnerable to session hijacking.

• Non-compliance with privacy regulations like GDPR.

Solution:

• Use an SSL certificate from Let's Encrypt or your hosting provider.

• Configure Apache/Nginx to redirect all HTTP traffic to HTTPS.

• Update Dolibarr’s URL settings in conf/conf.php if you hardcoded any domain values.

Using HTTPS not only secures your system but also builds trust and ensures your data is safe in transit.

Mistake #5: Not Backing Up Regularly

Many users delay setting up backups until it’s too late. Whether due to a server crash, an accidental delete, or a software bug, losing your ERP data can cripple your operations.

Backup Strategy:

• Use the built-in backup module to schedule database exports.

• Use cron jobs or automated scripts to create regular backups of both the database and the documents/ directory.

• Store backups in a remote location (e.g., cloud storage, external server).

• Test your backups regularly to ensure they restore correctly.

Dolibarr supports command-line tools and third-party integrations for backups. Implementing an automated backup policy should be a top priority.

Mistake #6: Ignoring File and Directory Permissions

Incorrect permissions can either expose sensitive files or make Dolibarr unable to function. The two most critical folders are:

• /conf/ – contains configuration files

• /documents/ – stores user-uploaded content, invoices, logos, etc.

Common Mistakes:

• Giving 777 permissions (read/write/execute for everyone)

• Not restricting access to conf/conf.php

• Not enabling logging or missing file ownership by the correct user/group

Solution:

• Use 755 for directories and 644 for files (as a general rule).

• The web server user (e.g., www-data) should own the Dolibarr directory.

• For extra security, move the documents/ folder outside the web root (if possible).

Mistake #7: Skipping Module and Update Management

Dolibarr’s modularity is one of its strengths, but poorly managed modules or untested updates can lead to a broken system.

What Can Go Wrong:

• Enabling too many modules without understanding dependencies.

• Using outdated or incompatible third-party modules.

• Skipping updates and missing critical security patches.

Solution:

• Start with core modules and enable only what you use.

• Keep track of which modules are official and which are from Dolistore or custom sources.

• Always backup before updating Dolibarr.

• Read the changelogs and community forums before upgrading.

• Test major updates in a staging environment first.

If you use custom themes or modules, make sure they are updated alongside Dolibarr core updates to avoid compatibility issues.

Bonus Tip: Use Docker for a Cleaner Setup

If you're technically inclined or want a modern deployment approach, Docker can simplify your setup and avoid many of the above issues.

Benefits of Using Docker:

• Isolated environments (no host conflicts)

• Easy deployment and scaling

• Preconfigured containers for web server, database, and Dolibarr

You can use official or community-supported Dolibarr Docker images and define everything in a docker-compose.yml file.

Final Checklist Before Launch

Here’s a quick summary you can use as a Dolibarr installation checklist:

1. ✅ Server meets PHP/MySQL and extension requirements

2. ✅ Dedicated MySQL user and database with strong password

3. ✅ Installation folder deleted

4. ✅ HTTPS enabled and enforced

5. ✅ Regular automated backups configured

6. ✅ Correct file/directory permissions set

7. ✅ Only necessary modules enabled

8. ✅ Plan for future updates and staging environment

Conclusion

Installing Dolibarr isn’t rocket science—but it’s easy to overlook critical steps that could affect stability, security, or usability down the line. Whether you’re running Dolibarr for a startup, a nonprofit, or a growing SME, this checklist will help you build a solid foundation.

Avoiding these 7 common mistakes will save you hours of frustration and ensure your Dolibarr system is reliable and ready to support your business. Treat your ERP like the mission-critical system it is, and it will reward you with years of productivity and flexibility.