OsTicket/Installing
(18 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
==Update== | ==Update== | ||
<nowiki>~$ sudo yum update -y</nowiki> | <nowiki>~$ sudo yum update -y</nowiki> | ||
+ | Install EPEL repo | ||
+ | <nowiki>~$ sudo yum install epel-release</nowiki> | ||
==Install LAMP == | ==Install LAMP == | ||
<nowiki>~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y </nowiki> | <nowiki>~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y </nowiki> | ||
Line 12: | Line 14: | ||
Disallow root login remotely? [Y/n] y | Disallow root login remotely? [Y/n] y | ||
Remove test database and access to it? [Y/n] y | Remove test database and access to it? [Y/n] y | ||
− | Reload privilege tables now? [Y/n] y | + | Reload privilege tables now? [Y/n] y</nowiki> |
− | </nowiki> | + | Test MariaDB password |
+ | <nowiki>~$ mysql -u root -p</nowiki> | ||
==Install Dependencies== | ==Install Dependencies== | ||
− | <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt -y </nowiki> | + | <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y </nowiki> |
+ | ==Download, Extract, and Configure osTicket== | ||
+ | <nowiki>~$ sudo mkdir -p /opt/osticket | ||
+ | ~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip | ||
+ | ~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip | ||
+ | ~$ sudo ln -s /opt/osticket/upload /var/www/html/support | ||
+ | ~$ sudo chown apache: -R /var/www/html/support /opt/osticket | ||
+ | ~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php | ||
+ | ~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php | ||
+ | </nowiki> | ||
+ | ==Configure MariaDB== | ||
+ | <nowiki>~$ sudo mysql -u root -p | ||
+ | MariaDB> create database osticketdb; | ||
+ | MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password'; | ||
+ | MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost'; | ||
+ | flush privileges; | ||
+ | exit;</nowiki> | ||
+ | Doublecheck database & user creation, permissions and password | ||
+ | <nowiki>~$ sudo mysql -u root -p | ||
+ | MariaDB> SHOW DATABASES; | ||
+ | osticketdb | ||
+ | MariaDB> SELECT User,Host FROM mysql.user; | ||
+ | osticketuser | localhost | ||
+ | MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost'; | ||
+ | GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost' | ||
+ | MariaDB> exit; | ||
+ | ~$ sudo mysql -u osticketuser -p</nowiki> | ||
+ | |||
+ | ==Configure Apache== | ||
+ | start and set to start on boot | ||
+ | <nowiki>~$ sudo systemctl start httpd.service | ||
+ | ~$ sudo systemctl enable httpd.service</nowiki> | ||
+ | |||
+ | Create file <code>vhosts.conf</code> and insert configuration line | ||
+ | <nowiki>~$ sudo vi /etc/httpd/conf.d/vhosts.conf | ||
+ | IncludeOptional vhosts.d/*.conf</nowiki> | ||
+ | Create Virtual Host | ||
+ | <nowiki>~$ sudo mkdir /etc/httpd/vhosts.d/ | ||
+ | ~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf | ||
+ | |||
+ | <VirtualHost *:80> | ||
+ | ServerAdmin [email protected] | ||
+ | DocumentRoot "/var/www/html/support/" | ||
+ | ServerName support.yourdomain.com | ||
+ | ServerAlias www.support.yourdomain.com | ||
+ | ErrorLog "/var/log/httpd/yourdomain.com-error_log" | ||
+ | CustomLog "/var/log/httpd/yourdomain.com-access_log" combined | ||
+ | |||
+ | <Directory "/var/www/html/support/"> | ||
+ | DirectoryIndex index.html index.php | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride All | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | </VirtualHost></nowiki> | ||
+ | Restart Apache | ||
+ | <nowiki>~$ sudo systemctl restart httpd.service</nowiki> | ||
+ | |||
+ | ==Disable SELinux== | ||
+ | <nowiki>~$ sudo vi /etc/selinux/config | ||
+ | change SELinux=enforcing to SELinux=disabled | ||
+ | |||
+ | ~$ sudo reboot</nowiki> | ||
+ | check status | ||
+ | <nowiki>~$ sestatus | ||
+ | SELinux status: disabled</nowiki> | ||
+ | |||
+ | ==Disable firewalld replace with iptables== | ||
+ | <nowiki>~$ sudo systemctl mask firewalld | ||
+ | ~$ sudo systemctl stop firewalld | ||
+ | ~$ sudo yum -y install iptables-services | ||
+ | ~$ sudo systemctl enable iptables | ||
+ | ~$ sudo systemctl start iptables | ||
+ | </nowiki> | ||
+ | |||
+ | ==Configure iptables== | ||
+ | There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me. | ||
+ | <nowiki>~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited | ||
+ | ~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited | ||
+ | ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal" | ||
+ | ~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT | ||
+ | ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal" | ||
+ | ~$ sudo iptables -P INPUT DROP | ||
+ | ~$ sudo iptables -P FORWARD DROP | ||
+ | ~$ sudo service iptables save | ||
+ | </nowiki> | ||
+ | |||
+ | ==Create A records== | ||
+ | Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable. | ||
+ | |||
+ | ==Configure osTicket== | ||
+ | Go to your osTicket instance, http://support.yourdomain.com<br> | ||
+ | Make sure the default page shows everything found and available.<br> | ||
+ | Go through the steps of configuring the site | ||
+ | *Site Name | ||
+ | *support email address | ||
+ | *root user & password | ||
+ | *database name, user, & password | ||
+ | Once completed, you'll get a '''Congratulations''' screen, go ahead and change file permissions of the config file to a secure setup. | ||
+ | <nowiki>~$ sudo chmod 644 /var/www/html/support/include/ost-config.php</nowiki> | ||
+ | |||
+ | Now you'll have a few options for links: | ||
+ | * Main customer portal -- support.yourdomain.com | ||
+ | * Admin portal -- support.yourdomain.com/scp/settings.php | ||
+ | |||
+ | ==FAQ== | ||
+ | Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public. |
Latest revision as of 06:24, 25 February 2017
Contents |
[edit] Update
~$ sudo yum update -y
Install EPEL repo
~$ sudo yum install epel-release
[edit] Install LAMP
~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y
Secure MariaDB
~$ sudo systemctl start mariadb.service ~$ sudo systemctl enable mariadb.service ~$ sudo mysql_secure_installation Enter current password for root (enter for none): Set root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Test MariaDB password
~$ mysql -u root -p
[edit] Install Dependencies
~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y
[edit] Download, Extract, and Configure osTicket
~$ sudo mkdir -p /opt/osticket ~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip ~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip ~$ sudo ln -s /opt/osticket/upload /var/www/html/support ~$ sudo chown apache: -R /var/www/html/support /opt/osticket ~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php ~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php
[edit] Configure MariaDB
~$ sudo mysql -u root -p MariaDB> create database osticketdb; MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password'; MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost'; flush privileges; exit;
Doublecheck database & user creation, permissions and password
~$ sudo mysql -u root -p MariaDB> SHOW DATABASES; osticketdb MariaDB> SELECT User,Host FROM mysql.user; osticketuser | localhost MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost'; GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost' MariaDB> exit; ~$ sudo mysql -u osticketuser -p
[edit] Configure Apache
start and set to start on boot
~$ sudo systemctl start httpd.service ~$ sudo systemctl enable httpd.service
Create file vhosts.conf
and insert configuration line
~$ sudo vi /etc/httpd/conf.d/vhosts.conf IncludeOptional vhosts.d/*.conf
Create Virtual Host
~$ sudo mkdir /etc/httpd/vhosts.d/ ~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/html/support/" ServerName support.yourdomain.com ServerAlias www.support.yourdomain.com ErrorLog "/var/log/httpd/yourdomain.com-error_log" CustomLog "/var/log/httpd/yourdomain.com-access_log" combined <Directory "/var/www/html/support/"> DirectoryIndex index.html index.php Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>
Restart Apache
~$ sudo systemctl restart httpd.service
[edit] Disable SELinux
~$ sudo vi /etc/selinux/config change SELinux=enforcing to SELinux=disabled ~$ sudo reboot
check status
~$ sestatus SELinux status: disabled
[edit] Disable firewalld replace with iptables
~$ sudo systemctl mask firewalld ~$ sudo systemctl stop firewalld ~$ sudo yum -y install iptables-services ~$ sudo systemctl enable iptables ~$ sudo systemctl start iptables
[edit] Configure iptables
There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.
~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal" ~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal" ~$ sudo iptables -P INPUT DROP ~$ sudo iptables -P FORWARD DROP ~$ sudo service iptables save
[edit] Create A records
Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable.
[edit] Configure osTicket
Go to your osTicket instance, http://support.yourdomain.com
Make sure the default page shows everything found and available.
Go through the steps of configuring the site
- Site Name
- support email address
- root user & password
- database name, user, & password
Once completed, you'll get a Congratulations screen, go ahead and change file permissions of the config file to a secure setup.
~$ sudo chmod 644 /var/www/html/support/include/ost-config.php
Now you'll have a few options for links:
- Main customer portal -- support.yourdomain.com
- Admin portal -- support.yourdomain.com/scp/settings.php
[edit] FAQ
Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public.