Deploying Zammad: Difference between revisions
Jump to navigation
Jump to search
Line 44: | Line 44: | ||
*Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver | *Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver | ||
=Pre-requisites | =Pre-requisites & Installation= | ||
* Log into the webserver and run the below commands | * Since Zammad will be installed with Package Manager almost all pre-requisites are installed by default except the ones mentioned below | ||
**Redis | |||
**Elastic Search | |||
*Installation | |||
**Redis - Log into the webserver and run the below commands | |||
<pre> | <pre> | ||
ssh kedar@10.1.65.107 | ssh kedar@10.1.65.107 | ||
sudo apt install | sudo apt-get install lsb-release curl gpg | ||
sudo apt | curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg | ||
sudo | sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg | ||
sudo | echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list | ||
sudo systemctl | sudo apt-get update | ||
sudo systemctl | sudo apt-get install redis | ||
sudo systemctl enable redis-server | |||
sudo systemctl start redis-server | |||
</pre> | </pre> | ||
**Elastic Search - Log into the webserver and run the below commands | |||
<pre> | |||
ssh kedar@10.1.65.107 | |||
sudo su | |||
$ apt install apt-transport-https sudo wget curl gnupg | |||
$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/elasticsearch.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main"| \ | |||
tee -a /etc/apt/sources.list.d/elastic-7.x.list > /dev/null | |||
$ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | \ | |||
gpg --dearmor | tee /etc/apt/trusted.gpg.d/elasticsearch.gpg> /dev/null | |||
$ apt update | |||
$ apt install elasticsearch | |||
$ /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment | |||
$ systemctl start elasticsearch | |||
$ systemctl enable elasticsearch | |||
</pre> | |||
After this add two lines at the end to /etc/elasticsearch/elasticsearch.yml | |||
<pre> | |||
http.max_content_length: 400mb | |||
indices.query.bool.max_clause_count: 2000 | |||
</pre> | |||
=Database Creation= | =Database Creation= | ||
*Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server. | *Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server. |
Revision as of 11:14, 24 October 2024
Setup Details |
hostname: infrabase1 Network: 10.1.65.0/24 IP Address : 10.1.65.11 Subnet Mask: 255.255.255.0 Gateway: 10.1.65.1 DNS: 8.8.8.8 sudo user: kedar Container: webserver Network: 10.1.65.0/24 IP Address : 10.1.65.107 Subnet Mask: 255.255.255.0 Gateway: 10.1.65.1 DNS: 8.8.8.8 sudo user: kedar Container: db1 Network: 10.1.65.0/24 IP Address : 10.1.65.108 Subnet Mask: 255.255.255.0 Gateway: 10.1.65.1 DNS: 8.8.8.8 sudo user: kedar User PC Details PC type: Desktop OS: Ubuntu Desktop IP Address: 10.1.65.160 |
Before you proceed
The domain used here is networked.com. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Zammad configured for this domain in this howto is not reachable on public IP. If you try zammad.networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.
Introduction
- We shall be creating a Ticketing portal using zammad with FQDN as: https://zamad.networked.com
- We shall be hosting the site on port number: 443
- We shall be using a self signed SSL certificate
- Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
- Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
Pre-requisites & Installation
- Since Zammad will be installed with Package Manager almost all pre-requisites are installed by default except the ones mentioned below
- Redis
- Elastic Search
- Installation
- Redis - Log into the webserver and run the below commands
ssh kedar@10.1.65.107 sudo apt-get install lsb-release curl gpg curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list sudo apt-get update sudo apt-get install redis sudo systemctl enable redis-server sudo systemctl start redis-server
- Elastic Search - Log into the webserver and run the below commands
ssh kedar@10.1.65.107 sudo su $ apt install apt-transport-https sudo wget curl gnupg $ echo "deb [signed-by=/etc/apt/trusted.gpg.d/elasticsearch.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main"| \ tee -a /etc/apt/sources.list.d/elastic-7.x.list > /dev/null $ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | \ gpg --dearmor | tee /etc/apt/trusted.gpg.d/elasticsearch.gpg> /dev/null $ apt update $ apt install elasticsearch $ /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment $ systemctl start elasticsearch $ systemctl enable elasticsearch
After this add two lines at the end to /etc/elasticsearch/elasticsearch.yml
http.max_content_length: 400mb indices.query.bool.max_clause_count: 2000
Database Creation
- Database will be created in a mariadb server which is installed into a container created on the host server (infrabase1). Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server.
sudo mysql -u root -p CREATE DATABASE wpress; GRANT ALL PRIVILEGES ON wpress.* TO "wpress"@"%" IDENTIFIED BY "123456"; FLUSH PRIVILEGES; quit;
Create self signed certificates
- Log into the webserver and run the below commands
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/wpress.key -out /etc/ssl/certs/wpress.crt
- You can use a commercial self signed certificate if you have one or can also use free Lets Encrypt certificate
Configure Apache
- We are setting up a wordpress website to work on port #35503. We have to configure apache to listen to port #35503
sudo nano /etc/apache2/ports.conf
- It will only be listening to 443 and 80. We will need to add the port on which we want apache2 to be listening to. The file ports.conf should look like below
Listen 80 <IfModule ssl_module> Listen 443 Listen 35503 </IfModule> <IfModule mod_gnutls.c> Listen 443 Listen 35503 </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- Save and exit the file
Download Wordpress
- Log into the webserver and run the below commands
wget https://wordpress.org/latest.tar.gz tar -zxvf latest.tar.gz
- After extracting the tar file above, all contents will have been extracted in the wordpress folder in the home directory
Deploy Wordpress
- Create a folder in /var/www/html directory
cd /var/www/html sudo mkdir wpress
- Copy contents of the wordpress folder in wpress
cd /home/kedar/wordpress sudo rsync -avz . /var/www/html/wpress/
- Change the owner of the folder to be www-data
cd /var/www/html sudo chown -R www-data:www-data wpress/
- Create virtual host for the website
cd /etc/apache2/sites-available sudo a2dissite 000-default.conf sudo a2dissite default-ssl.conf sudo nano wpress.conf
- Add the below configuration in the wpress.conf file
<IfModule mod_ssl.c> <VirtualHost _default_:35503> ServerName wpress.networked.net ServerAlias wpress ServerAdmin admin@networked.net DocumentRoot /var/www/html/wpress ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/wpress.crt SSLCertificateKeyFile /etc/ssl/private/wpress.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
- Enable the site and Restart apache service
sudo a2ensite wpress.conf sudo sysemctl restart apache2
- Using a browser navigate to https://wpress.networked.com:35503
- Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
- Once the installation is complete, consider installing new themes and plugins mentioned below
Themes & Plugins
- Themes
- Minamaze
- Hestia
- Plugins
- Secuirty
- Admin Block country
- Limit Login Attempts Reloaded
- WP Security Audit Log
- User Role Editor
- Wordpress Access Control
- WP Content Copy Protection & No Right Click
- Administration
- Auto Hide Admin Bar
- WP Super Cache
- Slimstat Analytics
- Wordpress Importer
- WP Mail SMTP
- Multisite User Management
- Social
- Buddypress (building your community)
- Wordpress Social Login
- Facebook Stream
- WP TFeed
- Content Management
- Custom Sidebars
- Disable Gutenberg
- Shortcodes Ultimate
- Elementor Builder
- Testimonial Rotator
- Secuirty
Conclusion
- We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
- No change is required in /etc/apache2/ports.conf if you are hosting the site on standard 443 port
- In one of the howtos on this website which will be put up soon, we shall be showing how to use nginx as a reverse proxy in which nginx will be listening on port on 443 and will be communicating back to the wordpress website on port # 35503.