Deploying Zammad: Difference between revisions

From The Opensource Knowledgebase
Jump to navigation Jump to search
← Older editNewer edit →
No edit summary
Line 20: Line 20:
sudo user: kedar
sudo user: kedar


Container: db1
Container: Postgre SQL
Network: 10.1.65.0/24
Network: 10.1.65.0/24
IP Address : 10.1.65.108
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
Gateway: 10.1.65.1
Line 43: Line 43:
*Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
*Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
*Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
*Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
*PostgreSQL will be installed by default when Zammad is being installed and tables etc will be created by default. Setting up Zammad with PostGreSQL setup on another server is out of scope of this 'How To'.


=Pre-requisites & Installation=
=Pre-requisites & Installation=
Line 221: Line 222:
<pre>
<pre>
# Set the Elasticsearch server address
# Set the Elasticsearch server address
$ zammad run rails r "Setting.set('es_url', 'https://localhost:9200')"
$ sudo zammad run rails r "Setting.set('es_url', 'https://localhost:9200')"


# Build the search index
# Build the search index
$ zammad run rake zammad:searchindex:rebuild
$ sudo zammad run rake zammad:searchindex:rebuild


# Optionally, you can specify a number of CPU cores which are used for
# Optionally, you can specify a number of CPU cores which are used for
# rebuilding the searchindex, as in the following example with 8 cores:
# rebuilding the searchindex, as in the following example with 8 cores:
$ zammad run rake zammad:searchindex:rebuild[8]
$ sudo zammad run rake zammad:searchindex:rebuild[8]
</pre>
$ sudo systemctl restart apache2
 
=Deploy Wordpress=
* Create a folder in /var/www/html directory
<pre>
cd /var/www/html
sudo mkdir wpress
</pre>
* Copy contents of the wordpress folder in wpress
<pre>
cd /home/kedar/wordpress
sudo rsync -avz . /var/www/html/wpress/
</pre>
* Change the owner of the folder to be www-data
<pre>
cd /var/www/html
sudo chown -R www-data:www-data wpress/
</pre>
* Create virtual host for the website
<pre>
cd /etc/apache2/sites-available
sudo a2dissite 000-default.conf
sudo a2dissite default-ssl.conf
sudo nano wpress.conf
</pre>
* Add the below configuration in the wpress.conf file
<pre>
<IfModule mod_ssl.c>
        <VirtualHost _default_:35503>
                ServerName      wpress.networked.net
                ServerAlias    wpress
                ServerAdmin    admin@networked.net
                DocumentRoot /var/www/html/wpress
 
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/wpress.crt
                SSLCertificateKeyFile /etc/ssl/private/wpress.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
</VirtualHost>
</IfModule>
</pre>
* Enable the site and Restart apache service
<pre>
sudo a2ensite wpress.conf
sudo sysemctl restart apache2
</pre>
</pre>
* Using a browser navigate to https://wpress.networked.com:35503
** Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
**Once the installation is complete, consider installing new themes and plugins mentioned below


=Themes & Plugins=
=Access Zammad=
*'''Themes'''
*From any browser visit:
** Minamaze
** Hestia
*'''Plugins'''
** '''Secuirty'''
*** Admin Block country
*** Limit Login Attempts Reloaded
*** WP Security Audit Log
*** User Role Editor
*** Wordpress Access Control
*** WP Content Copy Protection & No Right Click
** '''Administration'''
*** Auto Hide Admin Bar
*** WP Super Cache
*** Slimstat Analytics
*** Wordpress Importer
*** WP Mail SMTP
*** Multisite User Management
** '''Social'''
*** Buddypress (building your community)
*** Wordpress Social Login
*** Facebook Stream
*** WP TFeed
** '''Content Management'''
*** Custom Sidebars
*** Disable Gutenberg
*** Shortcodes Ultimate
*** Elementor Builder
*** Testimonial Rotator
=Conclusion=
=Conclusion=
* We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
* We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.

Revision as of 13:20, 24 October 2024

Setup Details 
hostname: infrabase1
Network: 10.1.65.0/24
IP Address : 10.1.65.11
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

Container: webserver
Network: 10.1.65.0/24
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

Container: Postgre SQL
Network: 10.1.65.0/24
IP Address : 10.1.65.107
Subnet Mask: 255.255.255.0
Gateway: 10.1.65.1
DNS: 8.8.8.8
sudo user: kedar

User PC Details
PC type: Desktop
OS: Ubuntu Desktop
IP Address: 10.1.65.160

Before you proceed

The domain used here is networked.com. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Zammad configured for this domain in this howto is not reachable on public IP. If you try zammad.networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.

Introduction

  • We shall be creating a Ticketing portal using zammad with FQDN as: https://zamad.networked.com
  • We shall be hosting the site on port number: 443
  • We shall be using a self signed SSL certificate
  • Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
  • Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
  • PostgreSQL will be installed by default when Zammad is being installed and tables etc will be created by default. Setting up Zammad with PostGreSQL setup on another server is out of scope of this 'How To'.

Pre-requisites & Installation

  • Since Zammad will be installed with Package Manager almost all pre-requisites are installed by default except the ones mentioned below
    • Redis
    • Elastic Search
    • Apache2 Webserver
  • Installing Redis - Log into the webserver and run the below commands
ssh kedar@10.1.65.107
sudo apt-get install lsb-release curl gpg
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
sudo apt-get update
sudo apt-get install redis
sudo systemctl enable redis-server
sudo systemctl start redis-server
  • Installing Elastic Search - Log into the webserver and run the below commands
ssh kedar@10.1.65.107
sudo su
$ apt install apt-transport-https sudo wget curl gnupg
$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/elasticsearch.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main"| \
  tee -a /etc/apt/sources.list.d/elastic-7.x.list > /dev/null
$ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | \
  gpg --dearmor | tee /etc/apt/trusted.gpg.d/elasticsearch.gpg> /dev/null
$ apt update
$ apt install elasticsearch
$ /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment
$ systemctl start elasticsearch
$ systemctl enable elasticsearch

After this add two lines at the end to /etc/elasticsearch/elasticsearch.yml 

http.max_content_length: 400mb
indices.query.bool.max_clause_count: 2000
  • Installing Apache2 Webserver
ssh kedar@10.1.65.107
$ sudo apt install apache2 openssl nano
$ sudo a2enmod proxy proxy_html proxy_http proxy_wstunnel headers ssl
$ sudo systemctl restart apache2
$ sudo systemctl status apache2

Install Zammad

  • Install required tools
$ sudo apt install curl apt-transport-https gnupg
  • Ensure all of the above is completed - installing Redis, Elastic Search and Apache Webserver
  • Ensure the correct locale is setup
$ sudo apt install locales
$ sudo locale-gen en_US.UTF-8
$ echo "LANG=en_US.UTF-8" > sudo /etc/default/locale
  • Add repository and install Zammad
$ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
   gpg --dearmor | sudo tee /etc/apt/keyrings/pkgr-zammad.gpg> /dev/null
$ echo "deb [signed-by=/etc/apt/keyrings/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 24.04 main"| \
   sudo tee /etc/apt/sources.list.d/zammad.list > /dev/null
$ sudo apt update
$ sudo apt install zammad
  • Check if Zammad is running
$ sudo systemctl status zammad

if it is not active / running
$ systemctl start zammad

Create self signed certificates

  • Log into the webserver and run the below commands
$ sudo openssl req -newkey rsa:4096 -nodes -x509 -days 1825 -keyout /etc/ssl/private/zamadkey.pem -out /etc/ssl/certs/zamadcertificate.pem
  • You can use a commercial certificate if you have one or can also use free Lets Encrypt certificate

Configure Apache

  • Copy the default zammad file in the default apache2 configuration file location
$ sudo cp /opt/zammad/contrib/apache2/zammad_ssl.conf /etc/apache2/sites-available/zammad.conf
  • Adjust the configuration file by changing
    • Location of the certificate files
    • Server Name
    • FQDN
  • My Sample file looks like this
#
# this is an example apache 2.4 config for zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your apache to work with Zammad
#

# security - prevent information disclosure about server version
ServerTokens Prod

<VirtualHost *:80>
    ServerName zamad.networked.com
    Redirect permanent / https://zamad.networked.com/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLCertificateFile /etc/ssl/certs/zammadcertificate.pem
    SSLCertificateKeyFile /etc/ssl/private/zammadkey.pem
#    SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
#    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem

    # replace 'localhost' with your fqdn if you want to use zammad from remote
    ServerName zamad.networked.com

    ## don't loose time with IP address lookups
    HostnameLookups Off

    ## needed for named virtual hosts
    UseCanonicalName Off

    ## configures the footer on server-generated documents
    ServerSignature Off
        
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy 127.0.0.1:3000>
      Require local
    </Proxy>
    RequestHeader set X_FORWARDED_PROTO 'https'
    RequestHeader set X-Forwarded-Ssl on

    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /robots.txt !
    # legacy web socket server
    ProxyPass /ws ws://127.0.0.1:6042/
    # action cable
    ProxyPass /cable ws://127.0.0.1:3000/cable
    ProxyPass / http://127.0.0.1:3000/

    # change this line in an SSO setup
    RequestHeader unset X-Forwarded-User

    # Use settings below if proxying does not work and you receive HTTP-Errror 404
    # if you use the settings below, make sure to comment out the above two options
    # This may not apply to all systems, applies to openSuse
    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"

    DocumentRoot "/opt/zammad/public"

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory "/opt/zammad/public">
        Options FollowSymLinks
              Require all granted
    </Directory>
</VirtualHost>

Connect Zammad with Elastic Search

Ensure zammad is installed and is running 

# Set the Elasticsearch server address
$ sudo zammad run rails r "Setting.set('es_url', 'https://localhost:9200')"

# Build the search index
$ sudo zammad run rake zammad:searchindex:rebuild

# Optionally, you can specify a number of CPU cores which are used for
# rebuilding the searchindex, as in the following example with 8 cores:
$ sudo zammad run rake zammad:searchindex:rebuild[8]
$ sudo systemctl restart apache2

Access Zammad

  • From any browser visit:

Conclusion

  • We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
  • No change is required in /etc/apache2/ports.conf if you are hosting the site on standard 443 port
  • In one of the howtos on this website which will be put up soon, we shall be showing how to use nginx as a reverse proxy in which nginx will be listening on port on 443 and will be communicating back to the wordpress website on port # 35503.
Retrieved from "https://infrastructure-advisory.org/index.php?title=Deploying_Zammad&oldid=348"