Dolibarr ERP/CRM is a powerful, open-source business management platform used by companies worldwide to handle everything from invoicing and inventory to project tracking and HR. While Dolibarr is commonly installed on local servers or intranet environments, many businesses require remote access for sales reps, managers, and technicians working off-site. This raises a vital question: how can you access Dolibarr remotely in a secure and efficient manner? Should you host it in the cloud or rely on VPN connections to your local server? This in-depth guide covers the options, compares them, and provides actionable setup advice for both methods.

Table of Contents

  1. Why Secure Remote Access to Dolibarr Matters

  2. Overview of Remote Access Methods

  3. Option 1: Cloud Hosting Explained

  4. Option 2: VPN Access to Local Installation

  5. Prerequisites for Secure Remote Access

  6. Pros and Cons of Cloud Hosting Dolibarr

  7. Pros and Cons of VPN Access

  8. How to Move Dolibarr to the Cloud

  9. Setting Up Dolibarr on a VPS (DigitalOcean, OVH, AWS)

  10. Enabling HTTPS and SSL for Secure Cloud Access

  11. Setting Up a VPN Server (OpenVPN, WireGuard)

  12. Configuring Local Dolibarr for VPN Access

  13. Security Considerations (Firewall, IP Whitelisting, Authentication)

  14. Performance, Cost, and Maintenance Comparison

  15. Final Recommendations Based on Use Case

1. Why Secure Remote Access to Dolibarr Matters

Remote access to your ERP/CRM system is increasingly essential as teams become more mobile and distributed. However, opening up your Dolibarr instance to the internet without adequate protection can expose sensitive financial and client data.

A secure remote access setup should:

  • Be encrypted (HTTPS or VPN)

  • Authenticate users properly

  • Protect against brute-force and DDoS attacks

  • Comply with privacy regulations (e.g., GDPR)

2. Overview of Remote Access Methods

There are two primary ways to enable secure access to Dolibarr from outside your local network:

  • Cloud Hosting: Install Dolibarr on a cloud server accessible over the internet

  • VPN Access: Keep Dolibarr on your local network but allow VPN tunnel access for remote users

Both can be secure and effective depending on your organization’s needs, IT capabilities, and budget.

3. Option 1: Cloud Hosting Explained

In cloud hosting, you install Dolibarr on a remote server hosted by a provider such as:

  • DigitalOcean

  • AWS EC2

  • OVH

  • Scaleway

  • Hetzner

You get a public IP address and access Dolibarr via HTTPS, just like any cloud-based software.

Benefits:

  • Accessible from anywhere

  • Easier multi-user configuration

  • Can be paired with automatic backups and uptime monitoring

Challenges:

  • Must be secured properly (firewall, SSL, etc.)

  • Ongoing hosting cost

  • Exposed to internet-based attacks if misconfigured

4. Option 2: VPN Access to Local Installation

A Virtual Private Network (VPN) creates a secure tunnel between your device and your local network where Dolibarr is hosted.

Popular open-source VPNs:

  • OpenVPN: Widely supported, strong encryption

  • WireGuard: Lightweight and faster than OpenVPN

Users connect to the VPN first, then access Dolibarr via its local IP (e.g., 192.168.1.100/dolibarr).

Benefits:

  • Keeps Dolibarr hidden from public internet

  • Reduces exposure to attacks

  • No need to move your data to the cloud

Challenges:

  • Requires VPN server setup and management

  • May be slower on limited bandwidth

  • Needs device configuration for each user

5. Prerequisites for Secure Remote Access

Before implementing any access method, ensure:

  • Dolibarr is updated to the latest stable version

  • Admin accounts have strong passwords

  • Data backups are regular and tested

  • HTTPS is used wherever possible

  • A firewall is in place

For cloud: public domain or IP access must be secured For VPN: access ports should be restricted to known devices

6. Pros and Cons of Cloud Hosting Dolibarr

Pros Cons
Accessible from anywhere Public exposure needs hardening
No VPN needed Hosting cost per month
Easily scalable Dependent on third-party provider
Integration-friendly Migration effort if moving from local

Cloud hosting is ideal for companies with remote staff and no internal IT team.

7. Pros and Cons of VPN Access

Pros Cons
Keeps data on local infrastructure Requires VPN server management
No hosting costs if self-managed Setup complexity higher
No public exposure Access dependent on VPN tunnel
Fully in your control Slower if far from office

VPNs are preferred when data privacy or compliance restricts public hosting.

8. How to Move Dolibarr to the Cloud

Steps:

  1. Choose a VPS provider (e.g., DigitalOcean)

  2. Create a new Ubuntu server (e.g., 22.04)

  3. Install Apache/Nginx, MySQL/MariaDB, PHP

  4. Upload Dolibarr files via SFTP or Git

  5. Set file permissions and install via /install

  6. Secure with HTTPS using Let’s Encrypt

Use a domain name (e.g., erp.yourcompany.com) for professional access.

9. Setting Up Dolibarr on a VPS (DigitalOcean, OVH, AWS)

Basic stack:

sudo apt update && sudo apt install apache2 mysql-server php php-mysql unzip

Download and unzip Dolibarr:

wget https://sourceforge.net/projects/dolibarr/files/latest/download -O dolibarr.zip
unzip dolibarr.zip -d /var/www/html/

Assign ownership:

chown -R www-data:www-data /var/www/html/dolibarr

Finish installation via web browser.

10. Enabling HTTPS and SSL for Secure Cloud Access

Using Certbot:

sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d erp.yourcompany.com

Set auto-renewal with:

0 0 * * * /usr/bin/certbot renew --quiet

HTTPS is mandatory for secure login and data transfer.

11. Setting Up a VPN Server (OpenVPN, WireGuard)

For OpenVPN:

sudo apt install openvpn easy-rsa

Use a helper like PiVPN for easier setup:

curl -L https://install.pivpn.io | bash

For WireGuard:

sudo apt install wireguard

Create keys and configure tunnel profiles for users.

12. Configuring Local Dolibarr for VPN Access

After VPN setup:

  • Ensure your server firewall allows traffic on VPN subnet

  • Bind Dolibarr only to internal IP (e.g., 192.168.1.100)

  • Set DNS if needed (or use direct IP)

Test Dolibarr by accessing it through VPN from a mobile device.

13. Security Considerations (Firewall, IP Whitelisting, Authentication)

Security checklist:

  • Use UFW or iptables to restrict access

  • Whitelist IPs or enforce VPN-only access

  • Use fail2ban to limit brute-force login attempts

  • Rotate API keys and passwords regularly

Log access attempts and monitor for anomalies.

14. Performance, Cost, and Maintenance Comparison

Factor Cloud Hosting VPN Access to Local
Performance High (depends on VPS) Depends on VPN speed
Setup time Medium Medium to high
Cost $5–$30/month $0 if self-managed
Maintenance Provider handles HW Local IT required
Accessibility Global via HTTPS VPN only
Security risk Higher if misconfigured Lower (not exposed)

15. Final Recommendations Based on Use Case

Choose Cloud Hosting if:

  • Your team works remotely

  • You want global access via a domain

  • You lack IT staff for VPN setup

  • You need integration with other cloud tools

Choose VPN Access if:

  • You must keep Dolibarr on-premise for compliance

  • You want to control everything internally

  • You can manage network infrastructure

Both methods are secure when configured properly. The choice depends on your infrastructure, compliance needs, and user mobility.