Deploying Zammad: Difference between revisions

From The Opensource Knowledgebase
Jump to navigation Jump to search
← Older edit
 
(10 intermediate revisions by the same user not shown)
Line 20: Line 20:
sudo user: kedar
sudo user: kedar


Container: db1
Container: Postgre SQL
Network: 10.1.65.0/24
Network: 10.1.65.0/24
IP Address : 10.1.65.108
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
Gateway: 10.1.65.1
Line 43: Line 43:
*Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
*Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
*Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
*Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
*PostgreSQL will be installed by default when Zammad is being installed and tables etc will be created by default. Setting up Zammad with PostGreSQL setup on another server is out of scope of this 'How To'.


=Pre-requisites & Installation=
=Pre-requisites & Installation=
Line 87: Line 88:
$ sudo apt install apache2 openssl nano
$ sudo apt install apache2 openssl nano
$ sudo a2enmod proxy proxy_html proxy_http proxy_wstunnel headers ssl
$ sudo a2enmod proxy proxy_html proxy_http proxy_wstunnel headers ssl
$ sudo systemctl restart apache2
$ sudo systemctl status apache2
</pre>
</pre>


=Database Creation=
=Install Zammad=
*Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server.
*Install required tools
<pre>
<pre>
sudo mysql -u root -p
$ sudo apt install curl apt-transport-https gnupg
CREATE DATABASE wpress;
GRANT ALL PRIVILEGES ON wpress.* TO "wpress"@"%" IDENTIFIED BY "123456";
FLUSH PRIVILEGES;
quit;
</pre>
</pre>
=Create self signed certificates=
*Ensure all of the above is completed - installing Redis, Elastic Search and Apache Webserver
* Log into the webserver and run the below commands
*Ensure the correct locale is setup
<pre>
<pre>
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/wpress.key -out /etc/ssl/certs/wpress.crt
$ sudo apt install locales
$ sudo locale-gen en_US.UTF-8
$ echo "LANG=en_US.UTF-8" > sudo /etc/default/locale
</pre>
</pre>
* You can use a commercial self signed certificate if you have one or can also use free Lets Encrypt certificate
*Add repository and install Zammad
=Configure Apache=
* We are setting up a wordpress website to work on port #35503. We have to configure apache to listen to port #35503
<pre>
<pre>
sudo nano /etc/apache2/ports.conf
$ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
  gpg --dearmor | sudo tee /etc/apt/keyrings/pkgr-zammad.gpg> /dev/null
$ echo "deb [signed-by=/etc/apt/keyrings/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 24.04 main"| \
  sudo tee /etc/apt/sources.list.d/zammad.list > /dev/null
$ sudo apt update
$ sudo apt install zammad
</pre>
</pre>
* It will only be listening to 443 and 80. We will need to add the port on which we want apache2 to be listening to. The file ports.conf should look like below
*Check if Zammad is running
<pre>
<pre>
$ sudo systemctl status zammad


Listen 80
if it is not active / running
 
$ systemctl start zammad
<IfModule ssl_module>
        Listen 443
        Listen 35503
</IfModule>
 
<IfModule mod_gnutls.c>
        Listen 443
        Listen 35503
</IfModule>
 
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</pre>
</pre>
* Save and exit the file


=Download Wordpress=
=Create self signed certificates=
* Log into the webserver and run the below commands
* Log into the webserver and run the below commands
<pre>
<pre>
wget https://wordpress.org/latest.tar.gz
$ sudo openssl req -newkey rsa:4096 -nodes -x509 -days 1825 -keyout /etc/ssl/private/zamadkey.pem -out /etc/ssl/certs/zamadcertificate.pem
tar -zxvf latest.tar.gz
</pre>
</pre>
* After extracting the tar file above, all contents will have been extracted in the wordpress folder in the home directory
* You can use a commercial certificate if you have one or can also use free Lets Encrypt certificate
=Deploy Wordpress=
 
* Create a folder in /var/www/html directory
=Configure Apache=
*Copy the default zammad file in the default apache2 configuration file location
<pre>
<pre>
cd /var/www/html
$ sudo cp /opt/zammad/contrib/apache2/zammad_ssl.conf /etc/apache2/sites-available/zammad.conf
sudo mkdir wpress
</pre>
</pre>
* Copy contents of the wordpress folder in wpress
*Adjust the configuration file by changing
**Location of the certificate files
**Server Name
**FQDN
*My Sample file looks like this
<pre>
<pre>
cd /home/kedar/wordpress
#
sudo rsync -avz . /var/www/html/wpress/
# this is an example apache 2.4 config for zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your apache to work with Zammad
#
 
# security - prevent information disclosure about server version
ServerTokens Prod
 
<VirtualHost *:80>
    ServerName zamad.networked.com
    Redirect permanent / https://zamad.networked.com/
</VirtualHost>
 
<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
    SSLCertificateFile /etc/ssl/certs/zammadcertificate.pem
    SSLCertificateKeyFile /etc/ssl/private/zammadkey.pem
#    SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
#    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
 
    # replace 'localhost' with your fqdn if you want to use zammad from remote
    ServerName zamad.networked.com
 
    ## don't loose time with IP address lookups
    HostnameLookups Off
 
    ## needed for named virtual hosts
    UseCanonicalName Off
 
    ## configures the footer on server-generated documents
    ServerSignature Off
       
    ProxyRequests Off
    ProxyPreserveHost On
 
    <Proxy 127.0.0.1:3000>
      Require local
    </Proxy>
    RequestHeader set X_FORWARDED_PROTO 'https'
    RequestHeader set X-Forwarded-Ssl on
 
    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /robots.txt !
    # legacy web socket server
    ProxyPass /ws ws://127.0.0.1:6042/
    # action cable
    ProxyPass /cable ws://127.0.0.1:3000/cable
    ProxyPass / http://127.0.0.1:3000/
 
    # change this line in an SSO setup
    RequestHeader unset X-Forwarded-User
 
    # Use settings below if proxying does not work and you receive HTTP-Errror 404
    # if you use the settings below, make sure to comment out the above two options
    # This may not apply to all systems, applies to openSuse
    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
 
    DocumentRoot "/opt/zammad/public"
 
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
 
    <Directory "/opt/zammad/public">
        Options FollowSymLinks
              Require all granted
    </Directory>
</VirtualHost> 
</pre>
</pre>
* Change the owner of the folder to be www-data
 
=Connect Zammad with Elastic Search=
Ensure zammad is installed and is running
<pre>
<pre>
cd /var/www/html
# Set the Elasticsearch server address
sudo chown -R www-data:www-data wpress/
$ sudo zammad run rails r "Setting.set('es_url', 'https://localhost:9200')"
</pre>
 
* Create virtual host for the website
# Build the search index
<pre>
$ sudo zammad run rake zammad:searchindex:rebuild
cd /etc/apache2/sites-available
 
sudo a2dissite 000-default.conf
# Optionally, you can specify a number of CPU cores which are used for
sudo a2dissite default-ssl.conf
# rebuilding the searchindex, as in the following example with 8 cores:
sudo nano wpress.conf
$ sudo zammad run rake zammad:searchindex:rebuild[8]
$ sudo systemctl restart apache2
</pre>
</pre>
* Add the below configuration in the wpress.conf file
<pre>
<IfModule mod_ssl.c>
        <VirtualHost _default_:35503>
                ServerName      wpress.networked.net
                ServerAlias    wpress
                ServerAdmin    admin@networked.net
                DocumentRoot /var/www/html/wpress


                ErrorLog ${APACHE_LOG_DIR}/error.log
=Access Zammad=
                CustomLog ${APACHE_LOG_DIR}/access.log combined
*From any browser visit: https:/Zammad.networked.com
                SSLEngine on
*Create an admin account
                SSLCertificateFile      /etc/ssl/certs/wpress.crt
*Integrate Google or Microsoft for authentication
                SSLCertificateKeyFile /etc/ssl/private/wpress.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
</VirtualHost>
</IfModule>
</pre>
* Enable the site and Restart apache service
<pre>
sudo a2ensite wpress.conf
sudo sysemctl restart apache2
</pre>
* Using a browser navigate to https://wpress.networked.com:35503
** Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
**Once the installation is complete, consider installing new themes and plugins mentioned below


=Themes & Plugins=
*'''Themes'''
** Minamaze
** Hestia
*'''Plugins'''
** '''Secuirty'''
*** Admin Block country
*** Limit Login Attempts Reloaded
*** WP Security Audit Log
*** User Role Editor
*** Wordpress Access Control
*** WP Content Copy Protection & No Right Click
** '''Administration'''
*** Auto Hide Admin Bar
*** WP Super Cache
*** Slimstat Analytics
*** Wordpress Importer
*** WP Mail SMTP
*** Multisite User Management
** '''Social'''
*** Buddypress (building your community)
*** Wordpress Social Login
*** Facebook Stream
*** WP TFeed
** '''Content Management'''
*** Custom Sidebars
*** Disable Gutenberg
*** Shortcodes Ultimate
*** Elementor Builder
*** Testimonial Rotator
=Conclusion=
=Conclusion=
* We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
* Open source Zammad Ticketing Portal is setup and ready to be used
* No change is required in /etc/apache2/ports.conf if you are hosting the site on standard 443 port
* Installation, configuration and maintenance can be a little complicated for the ones who are not well-versed with Linux, postgresql. elasticsearch and Redis.
* In one of the howtos on this website which will be put up soon, we shall be showing how to use nginx as a reverse proxy in which nginx will be listening on port on 443 and will be communicating back to the wordpress website on port # 35503.


=References=
*About Zammad: https://zammad.org/
*Zammad Documentation: https://docs.zammad.org/en/latest/
*How to use Zammad: https://user-docs.zammad.org/en/latest/
*Installing Redis: https://redis.io/docs/latest/operate/oss_and_stack/install/install-redis/install-redis-on-linux/
*Setting up Elastic Search: https://docs.zammad.org/en/latest/install/elasticsearch.html
*Configure Webserver: https://docs.zammad.org/en/latest/getting-started/configure-webserver.html
[[Category: Intranet Applications]]
[[Category: Intranet Applications]]

Latest revision as of 13:30, 24 October 2024

Setup Details 
hostname: infrabase1
Network: 10.1.65.0/24
IP Address : 10.1.65.11
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

Container: webserver
Network: 10.1.65.0/24
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

Container: Postgre SQL
Network: 10.1.65.0/24
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

User PC Details
PC type: Desktop
OS: Ubuntu Desktop
IP Address: 10.1.65.160

Before you proceed

The domain used here is networked.com. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Zammad configured for this domain in this howto is not reachable on public IP. If you try zammad.networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.

Introduction

  • We shall be creating a Ticketing portal using zammad with FQDN as: https://zamad.networked.com
  • We shall be hosting the site on port number: 443
  • We shall be using a self signed SSL certificate
  • Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
  • Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
  • PostgreSQL will be installed by default when Zammad is being installed and tables etc will be created by default. Setting up Zammad with PostGreSQL setup on another server is out of scope of this 'How To'.

Pre-requisites & Installation

  • Since Zammad will be installed with Package Manager almost all pre-requisites are installed by default except the ones mentioned below
    • Redis
    • Elastic Search
    • Apache2 Webserver
  • Installing Redis - Log into the webserver and run the below commands
ssh kedar@10.1.65.107
sudo apt-get install lsb-release curl gpg
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
sudo apt-get update
sudo apt-get install redis
sudo systemctl enable redis-server
sudo systemctl start redis-server
  • Installing Elastic Search - Log into the webserver and run the below commands
ssh kedar@10.1.65.107
sudo su
$ apt install apt-transport-https sudo wget curl gnupg
$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/elasticsearch.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main"| \
  tee -a /etc/apt/sources.list.d/elastic-7.x.list > /dev/null
$ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | \
  gpg --dearmor | tee /etc/apt/trusted.gpg.d/elasticsearch.gpg> /dev/null
$ apt update
$ apt install elasticsearch
$ /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment
$ systemctl start elasticsearch
$ systemctl enable elasticsearch

After this add two lines at the end to /etc/elasticsearch/elasticsearch.yml 

http.max_content_length: 400mb
indices.query.bool.max_clause_count: 2000
  • Installing Apache2 Webserver
ssh kedar@10.1.65.107
$ sudo apt install apache2 openssl nano
$ sudo a2enmod proxy proxy_html proxy_http proxy_wstunnel headers ssl
$ sudo systemctl restart apache2
$ sudo systemctl status apache2

Install Zammad

  • Install required tools
$ sudo apt install curl apt-transport-https gnupg
  • Ensure all of the above is completed - installing Redis, Elastic Search and Apache Webserver
  • Ensure the correct locale is setup
$ sudo apt install locales
$ sudo locale-gen en_US.UTF-8
$ echo "LANG=en_US.UTF-8" > sudo /etc/default/locale
  • Add repository and install Zammad
$ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
   gpg --dearmor | sudo tee /etc/apt/keyrings/pkgr-zammad.gpg> /dev/null
$ echo "deb [signed-by=/etc/apt/keyrings/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 24.04 main"| \
   sudo tee /etc/apt/sources.list.d/zammad.list > /dev/null
$ sudo apt update
$ sudo apt install zammad
  • Check if Zammad is running
$ sudo systemctl status zammad

if it is not active / running
$ systemctl start zammad

Create self signed certificates

  • Log into the webserver and run the below commands
$ sudo openssl req -newkey rsa:4096 -nodes -x509 -days 1825 -keyout /etc/ssl/private/zamadkey.pem -out /etc/ssl/certs/zamadcertificate.pem
  • You can use a commercial certificate if you have one or can also use free Lets Encrypt certificate

Configure Apache

  • Copy the default zammad file in the default apache2 configuration file location
$ sudo cp /opt/zammad/contrib/apache2/zammad_ssl.conf /etc/apache2/sites-available/zammad.conf
  • Adjust the configuration file by changing
    • Location of the certificate files
    • Server Name
    • FQDN
  • My Sample file looks like this
#
# this is an example apache 2.4 config for zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your apache to work with Zammad
#

# security - prevent information disclosure about server version
ServerTokens Prod

<VirtualHost *:80>
    ServerName zamad.networked.com
    Redirect permanent / https://zamad.networked.com/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLCertificateFile /etc/ssl/certs/zammadcertificate.pem
    SSLCertificateKeyFile /etc/ssl/private/zammadkey.pem
#    SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
#    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem

    # replace 'localhost' with your fqdn if you want to use zammad from remote
    ServerName zamad.networked.com

    ## don't loose time with IP address lookups
    HostnameLookups Off

    ## needed for named virtual hosts
    UseCanonicalName Off

    ## configures the footer on server-generated documents
    ServerSignature Off
        
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy 127.0.0.1:3000>
      Require local
    </Proxy>
    RequestHeader set X_FORWARDED_PROTO 'https'
    RequestHeader set X-Forwarded-Ssl on

    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /robots.txt !
    # legacy web socket server
    ProxyPass /ws ws://127.0.0.1:6042/
    # action cable
    ProxyPass /cable ws://127.0.0.1:3000/cable
    ProxyPass / http://127.0.0.1:3000/

    # change this line in an SSO setup
    RequestHeader unset X-Forwarded-User

    # Use settings below if proxying does not work and you receive HTTP-Errror 404
    # if you use the settings below, make sure to comment out the above two options
    # This may not apply to all systems, applies to openSuse
    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"

    DocumentRoot "/opt/zammad/public"

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory "/opt/zammad/public">
        Options FollowSymLinks
              Require all granted
    </Directory>
</VirtualHost>

Connect Zammad with Elastic Search

Ensure zammad is installed and is running 

# Set the Elasticsearch server address
$ sudo zammad run rails r "Setting.set('es_url', 'https://localhost:9200')"

# Build the search index
$ sudo zammad run rake zammad:searchindex:rebuild

# Optionally, you can specify a number of CPU cores which are used for
# rebuilding the searchindex, as in the following example with 8 cores:
$ sudo zammad run rake zammad:searchindex:rebuild[8]
$ sudo systemctl restart apache2

Access Zammad

  • From any browser visit: https:/Zammad.networked.com
  • Create an admin account
  • Integrate Google or Microsoft for authentication

Conclusion

  • Open source Zammad Ticketing Portal is setup and ready to be used
  • Installation, configuration and maintenance can be a little complicated for the ones who are not well-versed with Linux, postgresql. elasticsearch and Redis.

References

Retrieved from "https://infrastructure-advisory.org/index.php?title=Deploying_Zammad&oldid=351"