Deploying Zammad
Setup Details |
hostname: infrabase1 Network: 10.1.65.0/24 IP Address : 10.1.65.11 Subnet Mask: 255.255.255.0 Gateway: 10.1.65.1 DNS: 8.8.8.8 sudo user: kedar Container: webserver Network: 10.1.65.0/24 IP Address : 10.1.65.107 Subnet Mask: 255.255.255.0 Gateway: 10.1.65.1 DNS: 8.8.8.8 sudo user: kedar Container: db1 Network: 10.1.65.0/24 IP Address : 10.1.65.108 Subnet Mask: 255.255.255.0 Gateway: 10.1.65.1 DNS: 8.8.8.8 sudo user: kedar User PC Details PC type: Desktop OS: Ubuntu Desktop IP Address: 10.1.65.160 |
Before you proceed
The domain used here is networked.com. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Zammad configured for this domain in this howto is not reachable on public IP. If you try zammad.networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.
Introduction
- We shall be creating a Ticketing portal using zammad with FQDN as: https://zamad.networked.com
- We shall be hosting the site on port number: 443
- We shall be using a self signed SSL certificate
- Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS
- Apache2 will be used as the webserver and PostgreSQL will be installed on the same host as webserver
Pre-requisites & Installation
- Since Zammad will be installed with Package Manager almost all pre-requisites are installed by default except the ones mentioned below
- Redis
- Elastic Search
- Apache2 Webserver
- Installing Redis - Log into the webserver and run the below commands
ssh kedar@10.1.65.107 sudo apt-get install lsb-release curl gpg curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list sudo apt-get update sudo apt-get install redis sudo systemctl enable redis-server sudo systemctl start redis-server
- Installing Elastic Search - Log into the webserver and run the below commands
ssh kedar@10.1.65.107 sudo su $ apt install apt-transport-https sudo wget curl gnupg $ echo "deb [signed-by=/etc/apt/trusted.gpg.d/elasticsearch.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main"| \ tee -a /etc/apt/sources.list.d/elastic-7.x.list > /dev/null $ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | \ gpg --dearmor | tee /etc/apt/trusted.gpg.d/elasticsearch.gpg> /dev/null $ apt update $ apt install elasticsearch $ /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment $ systemctl start elasticsearch $ systemctl enable elasticsearch
After this add two lines at the end to /etc/elasticsearch/elasticsearch.yml
http.max_content_length: 400mb indices.query.bool.max_clause_count: 2000
- Installing Apache2 Webserver
ssh kedar@10.1.65.107 $ sudo apt install apache2 openssl nano $ sudo a2enmod proxy proxy_html proxy_http proxy_wstunnel headers ssl $ sudo systemctl restart apache2 $ sudo systemctl status apache2
Install Zammad
- Install required tools
$ sudo apt install curl apt-transport-https gnupg
- Ensure all of the above is completed - installing Redis, Elastic Search and Apache Webserver
- Ensure the correct locale is setup
$ sudo apt install locales $ sudo locale-gen en_US.UTF-8 $ echo "LANG=en_US.UTF-8" > sudo /etc/default/locale
- Add repository and install Zammad
$ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \ gpg --dearmor | sudo tee /etc/apt/keyrings/pkgr-zammad.gpg> /dev/null $ echo "deb [signed-by=/etc/apt/keyrings/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 24.04 main"| \ sudo tee /etc/apt/sources.list.d/zammad.list > /dev/null $ sudo apt update $ sudo apt install zammad
- Check if Zammad is running
$ sudo systemctl status zammad if it is not active / running $ systemctl start zammad
Create self signed certificates
- Log into the webserver and run the below commands
$ sudo openssl req -newkey rsa:4096 -nodes -x509 -days 1825 -keyout /etc/ssl/private/zamadkey.pem -out /etc/ssl/certs/zamadcertificate.pem
- You can use a commercial certificate if you have one or can also use free Lets Encrypt certificate
Configure Apache
- Copy the default zammad file in the default apache2 configuration file location
$ sudo cp /opt/zammad/contrib/apache2/zammad_ssl.conf /etc/apache2/sites-available/zammad.conf
- Adjust the configuration file by changing
- Location of the certificate files
- Server Name
- FQDN
- My Sample file looks like this
# # this is an example apache 2.4 config for zammad # Please visit https://docs.zammad.org for further input on how to configure # your apache to work with Zammad # # security - prevent information disclosure about server version ServerTokens Prod <VirtualHost *:80> ServerName zamad.networked.com Redirect permanent / https://zamad.networked.com/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLCertificateFile /etc/ssl/certs/zammadcertificate.pem SSLCertificateKeyFile /etc/ssl/private/zammadkey.pem # SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem # SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem # replace 'localhost' with your fqdn if you want to use zammad from remote ServerName zamad.networked.com ## don't loose time with IP address lookups HostnameLookups Off ## needed for named virtual hosts UseCanonicalName Off ## configures the footer on server-generated documents ServerSignature Off ProxyRequests Off ProxyPreserveHost On <Proxy 127.0.0.1:3000> Require local </Proxy> RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on ProxyPass /assets ! ProxyPass /favicon.ico ! ProxyPass /apple-touch-icon.png ! ProxyPass /robots.txt ! # legacy web socket server ProxyPass /ws ws://127.0.0.1:6042/ # action cable ProxyPass /cable ws://127.0.0.1:3000/cable ProxyPass / http://127.0.0.1:3000/ # change this line in an SSO setup RequestHeader unset X-Forwarded-User # Use settings below if proxying does not work and you receive HTTP-Errror 404 # if you use the settings below, make sure to comment out the above two options # This may not apply to all systems, applies to openSuse #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On" #ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On" #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On" DocumentRoot "/opt/zammad/public" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/opt/zammad/public"> Options FollowSymLinks Require all granted </Directory> </VirtualHost>
Connect Zammad with Elastic Search
Ensure zammad is installed and is running
# Set the Elasticsearch server address $ zammad run rails r "Setting.set('es_url', 'https://localhost:9200')" # Build the search index $ zammad run rake zammad:searchindex:rebuild # Optionally, you can specify a number of CPU cores which are used for # rebuilding the searchindex, as in the following example with 8 cores: $ zammad run rake zammad:searchindex:rebuild[8]
Deploy Wordpress
- Create a folder in /var/www/html directory
cd /var/www/html sudo mkdir wpress
- Copy contents of the wordpress folder in wpress
cd /home/kedar/wordpress sudo rsync -avz . /var/www/html/wpress/
- Change the owner of the folder to be www-data
cd /var/www/html sudo chown -R www-data:www-data wpress/
- Create virtual host for the website
cd /etc/apache2/sites-available sudo a2dissite 000-default.conf sudo a2dissite default-ssl.conf sudo nano wpress.conf
- Add the below configuration in the wpress.conf file
<IfModule mod_ssl.c> <VirtualHost _default_:35503> ServerName wpress.networked.net ServerAlias wpress ServerAdmin admin@networked.net DocumentRoot /var/www/html/wpress ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/wpress.crt SSLCertificateKeyFile /etc/ssl/private/wpress.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
- Enable the site and Restart apache service
sudo a2ensite wpress.conf sudo sysemctl restart apache2
- Using a browser navigate to https://wpress.networked.com:35503
- Answer various questions based on some of the steps we have done above like db name, db user, db server etc.
- Once the installation is complete, consider installing new themes and plugins mentioned below
Themes & Plugins
- Themes
- Minamaze
- Hestia
- Plugins
- Secuirty
- Admin Block country
- Limit Login Attempts Reloaded
- WP Security Audit Log
- User Role Editor
- Wordpress Access Control
- WP Content Copy Protection & No Right Click
- Administration
- Auto Hide Admin Bar
- WP Super Cache
- Slimstat Analytics
- Wordpress Importer
- WP Mail SMTP
- Multisite User Management
- Social
- Buddypress (building your community)
- Wordpress Social Login
- Facebook Stream
- WP TFeed
- Content Management
- Custom Sidebars
- Disable Gutenberg
- Shortcodes Ultimate
- Elementor Builder
- Testimonial Rotator
- Secuirty
Conclusion
- We have a working wordpress website hosted on an apache web server and listening to port # 35503. If you want to host the website on port # 443, you only have to make a change in the virtualhost configuration and replace 35503 with 443.
- No change is required in /etc/apache2/ports.conf if you are hosting the site on standard 443 port
- In one of the howtos on this website which will be put up soon, we shall be showing how to use nginx as a reverse proxy in which nginx will be listening on port on 443 and will be communicating back to the wordpress website on port # 35503.