OsTicket/Installing
From r00tedvw.com wiki
(Difference between revisions)
| (16 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
==Update== | ==Update== | ||
<nowiki>~$ sudo yum update -y</nowiki> | <nowiki>~$ sudo yum update -y</nowiki> | ||
| + | Install EPEL repo | ||
| + | <nowiki>~$ sudo yum install epel-release</nowiki> | ||
==Install LAMP == | ==Install LAMP == | ||
<nowiki>~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y </nowiki> | <nowiki>~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y </nowiki> | ||
| Line 16: | Line 18: | ||
<nowiki>~$ mysql -u root -p</nowiki> | <nowiki>~$ mysql -u root -p</nowiki> | ||
==Install Dependencies== | ==Install Dependencies== | ||
| − | <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt -y </nowiki> | + | <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y </nowiki> |
| − | ==Download osTicket== | + | ==Download, Extract, and Configure osTicket== |
<nowiki>~$ sudo mkdir -p /opt/osticket | <nowiki>~$ sudo mkdir -p /opt/osticket | ||
| − | ~$ wget http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip - | + | ~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip |
| + | ~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip | ||
| + | ~$ sudo ln -s /opt/osticket/upload /var/www/html/support | ||
| + | ~$ sudo chown apache: -R /var/www/html/support /opt/osticket | ||
| + | ~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php | ||
| + | ~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php | ||
| + | </nowiki> | ||
| + | ==Configure MariaDB== | ||
| + | <nowiki>~$ sudo mysql -u root -p | ||
| + | MariaDB> create database osticketdb; | ||
| + | MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password'; | ||
| + | MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost'; | ||
| + | flush privileges; | ||
| + | exit;</nowiki> | ||
| + | Doublecheck database & user creation, permissions and password | ||
| + | <nowiki>~$ sudo mysql -u root -p | ||
| + | MariaDB> SHOW DATABASES; | ||
| + | osticketdb | ||
| + | MariaDB> SELECT User,Host FROM mysql.user; | ||
| + | osticketuser | localhost | ||
| + | MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost'; | ||
| + | GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost' | ||
| + | MariaDB> exit; | ||
| + | ~$ sudo mysql -u osticketuser -p</nowiki> | ||
| + | |||
| + | ==Configure Apache== | ||
| + | start and set to start on boot | ||
| + | <nowiki>~$ sudo systemctl start httpd.service | ||
| + | ~$ sudo systemctl enable httpd.service</nowiki> | ||
| + | |||
| + | Create file <code>vhosts.conf</code> and insert configuration line | ||
| + | <nowiki>~$ sudo vi /etc/httpd/conf.d/vhosts.conf | ||
| + | IncludeOptional vhosts.d/*.conf</nowiki> | ||
| + | Create Virtual Host | ||
| + | <nowiki>~$ sudo mkdir /etc/httpd/vhosts.d/ | ||
| + | ~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf | ||
| + | |||
| + | <VirtualHost *:80> | ||
| + | ServerAdmin [email protected] | ||
| + | DocumentRoot "/var/www/html/support/" | ||
| + | ServerName support.yourdomain.com | ||
| + | ServerAlias www.support.yourdomain.com | ||
| + | ErrorLog "/var/log/httpd/yourdomain.com-error_log" | ||
| + | CustomLog "/var/log/httpd/yourdomain.com-access_log" combined | ||
| + | |||
| + | <Directory "/var/www/html/support/"> | ||
| + | DirectoryIndex index.html index.php | ||
| + | Options FollowSymLinks | ||
| + | AllowOverride All | ||
| + | Require all granted | ||
| + | </Directory> | ||
| + | </VirtualHost></nowiki> | ||
| + | Restart Apache | ||
| + | <nowiki>~$ sudo systemctl restart httpd.service</nowiki> | ||
| + | |||
| + | ==Disable SELinux== | ||
| + | <nowiki>~$ sudo vi /etc/selinux/config | ||
| + | change SELinux=enforcing to SELinux=disabled | ||
| + | |||
| + | ~$ sudo reboot</nowiki> | ||
| + | check status | ||
| + | <nowiki>~$ sestatus | ||
| + | SELinux status: disabled</nowiki> | ||
| + | |||
| + | ==Disable firewalld replace with iptables== | ||
| + | <nowiki>~$ sudo systemctl mask firewalld | ||
| + | ~$ sudo systemctl stop firewalld | ||
| + | ~$ sudo yum -y install iptables-services | ||
| + | ~$ sudo systemctl enable iptables | ||
| + | ~$ sudo systemctl start iptables | ||
| + | </nowiki> | ||
| + | |||
| + | ==Configure iptables== | ||
| + | There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me. | ||
| + | <nowiki>~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited | ||
| + | ~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited | ||
| + | ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal" | ||
| + | ~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT | ||
| + | ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal" | ||
| + | ~$ sudo iptables -P INPUT DROP | ||
| + | ~$ sudo iptables -P FORWARD DROP | ||
| + | ~$ sudo service iptables save | ||
| + | </nowiki> | ||
| + | |||
| + | ==Create A records== | ||
| + | Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable. | ||
| + | |||
| + | ==Configure osTicket== | ||
| + | Go to your osTicket instance, http://support.yourdomain.com<br> | ||
| + | Make sure the default page shows everything found and available.<br> | ||
| + | Go through the steps of configuring the site | ||
| + | *Site Name | ||
| + | *support email address | ||
| + | *root user & password | ||
| + | *database name, user, & password | ||
| + | Once completed, you'll get a '''Congratulations''' screen, go ahead and change file permissions of the config file to a secure setup. | ||
| + | <nowiki>~$ sudo chmod 644 /var/www/html/support/include/ost-config.php</nowiki> | ||
| + | |||
| + | Now you'll have a few options for links: | ||
| + | * Main customer portal -- support.yourdomain.com | ||
| + | * Admin portal -- support.yourdomain.com/scp/settings.php | ||
| + | |||
| + | ==FAQ== | ||
| + | Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public. | ||
Latest revision as of 06:24, 25 February 2017
Contents |
[edit] Update
~$ sudo yum update -y
Install EPEL repo
~$ sudo yum install epel-release
[edit] Install LAMP
~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y
Secure MariaDB
~$ sudo systemctl start mariadb.service ~$ sudo systemctl enable mariadb.service ~$ sudo mysql_secure_installation Enter current password for root (enter for none): Set root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Test MariaDB password
~$ mysql -u root -p
[edit] Install Dependencies
~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y
[edit] Download, Extract, and Configure osTicket
~$ sudo mkdir -p /opt/osticket ~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip ~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip ~$ sudo ln -s /opt/osticket/upload /var/www/html/support ~$ sudo chown apache: -R /var/www/html/support /opt/osticket ~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php ~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php
[edit] Configure MariaDB
~$ sudo mysql -u root -p MariaDB> create database osticketdb; MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password'; MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost'; flush privileges; exit;
Doublecheck database & user creation, permissions and password
~$ sudo mysql -u root -p MariaDB> SHOW DATABASES; osticketdb MariaDB> SELECT User,Host FROM mysql.user; osticketuser | localhost MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost'; GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost' MariaDB> exit; ~$ sudo mysql -u osticketuser -p
[edit] Configure Apache
start and set to start on boot
~$ sudo systemctl start httpd.service ~$ sudo systemctl enable httpd.service
Create file vhosts.conf and insert configuration line
~$ sudo vi /etc/httpd/conf.d/vhosts.conf IncludeOptional vhosts.d/*.conf
Create Virtual Host
~$ sudo mkdir /etc/httpd/vhosts.d/ ~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/html/support/" ServerName support.yourdomain.com ServerAlias www.support.yourdomain.com ErrorLog "/var/log/httpd/yourdomain.com-error_log" CustomLog "/var/log/httpd/yourdomain.com-access_log" combined <Directory "/var/www/html/support/"> DirectoryIndex index.html index.php Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>
Restart Apache
~$ sudo systemctl restart httpd.service
[edit] Disable SELinux
~$ sudo vi /etc/selinux/config change SELinux=enforcing to SELinux=disabled ~$ sudo reboot
check status
~$ sestatus SELinux status: disabled
[edit] Disable firewalld replace with iptables
~$ sudo systemctl mask firewalld ~$ sudo systemctl stop firewalld ~$ sudo yum -y install iptables-services ~$ sudo systemctl enable iptables ~$ sudo systemctl start iptables
[edit] Configure iptables
There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.
~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal" ~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal" ~$ sudo iptables -P INPUT DROP ~$ sudo iptables -P FORWARD DROP ~$ sudo service iptables save
[edit] Create A records
Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable.
[edit] Configure osTicket
Go to your osTicket instance, http://support.yourdomain.com
Make sure the default page shows everything found and available.
Go through the steps of configuring the site
- Site Name
- support email address
- root user & password
- database name, user, & password
Once completed, you'll get a Congratulations screen, go ahead and change file permissions of the config file to a secure setup.
~$ sudo chmod 644 /var/www/html/support/include/ost-config.php
Now you'll have a few options for links:
- Main customer portal -- support.yourdomain.com
- Admin portal -- support.yourdomain.com/scp/settings.php
[edit] FAQ
Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public.
