OsTicket/Installing

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
 
(13 intermediate revisions by one user not shown)
Line 1: Line 1:
 
==Update==
 
==Update==
 
  <nowiki>~$ sudo yum update -y</nowiki>
 
  <nowiki>~$ sudo yum update -y</nowiki>
 +
Install EPEL repo
 +
<nowiki>~$ sudo yum install epel-release</nowiki>
 
==Install LAMP ==
 
==Install LAMP ==
 
  <nowiki>~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y </nowiki>
 
  <nowiki>~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y </nowiki>
Line 16: Line 18:
 
  <nowiki>~$ mysql -u root -p</nowiki>
 
  <nowiki>~$ mysql -u root -p</nowiki>
 
==Install Dependencies==
 
==Install Dependencies==
  <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt -y </nowiki>
+
  <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y </nowiki>
==Download osTicket==
+
==Download, Extract, and Configure osTicket==
 
  <nowiki>~$ sudo mkdir -p /opt/osticket
 
  <nowiki>~$ sudo mkdir -p /opt/osticket
~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip</nowiki>
+
~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip
 +
~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip
 +
~$ sudo ln -s /opt/osticket/upload /var/www/html/support
 +
~$ sudo chown apache: -R /var/www/html/support /opt/osticket
 +
~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
 +
~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php
 +
</nowiki>
 +
==Configure MariaDB==
 +
<nowiki>~$ sudo mysql -u root -p
 +
MariaDB> create database osticketdb;
 +
MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password';
 +
MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost';
 +
flush privileges;
 +
exit;</nowiki>
 +
Doublecheck database & user creation, permissions and password
 +
<nowiki>~$ sudo mysql -u root -p
 +
MariaDB> SHOW DATABASES;
 +
osticketdb
 +
MariaDB> SELECT User,Host FROM mysql.user;
 +
osticketuser | localhost
 +
MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost';
 +
GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost'
 +
MariaDB> exit;
 +
~$ sudo mysql -u osticketuser -p</nowiki>
 +
 
 +
==Configure Apache==
 +
start and set to start on boot
 +
<nowiki>~$ sudo systemctl start httpd.service
 +
~$ sudo systemctl enable httpd.service</nowiki>
 +
 
 +
Create file <code>vhosts.conf</code> and insert configuration line
 +
<nowiki>~$ sudo vi /etc/httpd/conf.d/vhosts.conf
 +
IncludeOptional vhosts.d/*.conf</nowiki>
 +
Create Virtual Host
 +
<nowiki>~$ sudo mkdir /etc/httpd/vhosts.d/
 +
~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf
 +
 
 +
<VirtualHost *:80>
 +
ServerAdmin [email protected]
 +
DocumentRoot "/var/www/html/support/"
 +
ServerName support.yourdomain.com
 +
ServerAlias www.support.yourdomain.com
 +
ErrorLog "/var/log/httpd/yourdomain.com-error_log"
 +
CustomLog "/var/log/httpd/yourdomain.com-access_log" combined
 +
 +
<Directory "/var/www/html/support/">
 +
DirectoryIndex index.html index.php
 +
Options FollowSymLinks
 +
AllowOverride All
 +
Require all granted
 +
</Directory>
 +
</VirtualHost></nowiki>
 +
Restart Apache
 +
<nowiki>~$ sudo systemctl restart httpd.service</nowiki>
 +
 
 +
==Disable SELinux==
 +
<nowiki>~$ sudo vi /etc/selinux/config
 +
change SELinux=enforcing to SELinux=disabled
 +
 
 +
~$ sudo reboot</nowiki>
 +
check status
 +
<nowiki>~$ sestatus
 +
SELinux status:                disabled</nowiki>
 +
 
 +
==Disable firewalld replace with iptables==
 +
<nowiki>~$ sudo systemctl mask firewalld
 +
~$ sudo systemctl stop firewalld
 +
~$ sudo yum -y install iptables-services
 +
~$ sudo systemctl enable iptables
 +
~$ sudo systemctl start iptables
 +
</nowiki>
 +
 
 +
==Configure iptables==
 +
There are some defaults that should be removed and changed.  Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.
 +
<nowiki>~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
 +
~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
 +
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal"
 +
~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT
 +
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal"
 +
~$ sudo iptables -P INPUT DROP
 +
~$ sudo iptables -P FORWARD DROP
 +
~$ sudo service iptables save
 +
</nowiki>
 +
 
 +
==Create A records==
 +
Create the necessary A record(s) for your setup.  Make sure they have propagated and are resolvable.
 +
 
 +
==Configure osTicket==
 +
Go to your osTicket instance, http://support.yourdomain.com<br>
 +
Make sure the default page shows everything found and available.<br>
 +
Go through the steps of configuring the site
 +
*Site Name
 +
*support email address
 +
*root user & password
 +
*database name, user, & password
 +
Once completed, you'll get a '''Congratulations''' screen, go ahead and change file permissions of the config file to a secure setup.
 +
<nowiki>~$ sudo chmod 644 /var/www/html/support/include/ost-config.php</nowiki>
 +
 
 +
Now you'll have a few options for links:
 +
* Main customer portal -- support.yourdomain.com
 +
* Admin portal -- support.yourdomain.com/scp/settings.php
 +
 
 +
==FAQ==
 +
Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public.

Latest revision as of 06:24, 25 February 2017

Contents

[edit] Update

~$ sudo yum update -y

Install EPEL repo

~$ sudo yum install epel-release

[edit] Install LAMP

~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y 

Secure MariaDB

~$ sudo systemctl start mariadb.service
~$ sudo systemctl enable mariadb.service
~$ sudo mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Test MariaDB password

~$ mysql -u root -p

[edit] Install Dependencies

~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y 

[edit] Download, Extract, and Configure osTicket

~$ sudo mkdir -p /opt/osticket
~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip
~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip
~$ sudo ln -s /opt/osticket/upload /var/www/html/support
~$ sudo chown apache: -R /var/www/html/support /opt/osticket
~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php

[edit] Configure MariaDB

~$ sudo mysql -u root -p
MariaDB> create database osticketdb;
MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password';
MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost';
flush privileges;
exit;

Doublecheck database & user creation, permissions and password

~$ sudo mysql -u root -p
MariaDB> SHOW DATABASES;
osticketdb
MariaDB> SELECT User,Host FROM mysql.user;
osticketuser | localhost
MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost';
GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost'
MariaDB> exit;
~$ sudo mysql -u osticketuser -p

[edit] Configure Apache

start and set to start on boot

~$ sudo systemctl start httpd.service
~$ sudo systemctl enable httpd.service

Create file vhosts.conf and insert configuration line

~$ sudo vi /etc/httpd/conf.d/vhosts.conf
IncludeOptional vhosts.d/*.conf

Create Virtual Host

~$ sudo mkdir /etc/httpd/vhosts.d/
~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/support/"
ServerName support.yourdomain.com
ServerAlias www.support.yourdomain.com
ErrorLog "/var/log/httpd/yourdomain.com-error_log"
CustomLog "/var/log/httpd/yourdomain.com-access_log" combined
 
<Directory "/var/www/html/support/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Restart Apache

~$ sudo systemctl restart httpd.service

[edit] Disable SELinux

~$ sudo vi /etc/selinux/config
change SELinux=enforcing to SELinux=disabled

~$ sudo reboot

check status

~$ sestatus
SELinux status:                 disabled

[edit] Disable firewalld replace with iptables

~$ sudo systemctl mask firewalld
~$ sudo systemctl stop firewalld
~$ sudo yum -y install iptables-services
~$ sudo systemctl enable iptables
~$ sudo systemctl start iptables

[edit] Configure iptables

There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.

~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal"
~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal"
~$ sudo iptables -P INPUT DROP
~$ sudo iptables -P FORWARD DROP
~$ sudo service iptables save

[edit] Create A records

Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable.

[edit] Configure osTicket

Go to your osTicket instance, http://support.yourdomain.com
Make sure the default page shows everything found and available.
Go through the steps of configuring the site

  • Site Name
  • support email address
  • root user & password
  • database name, user, & password

Once completed, you'll get a Congratulations screen, go ahead and change file permissions of the config file to a secure setup.

~$ sudo chmod 644 /var/www/html/support/include/ost-config.php

Now you'll have a few options for links:

  • Main customer portal -- support.yourdomain.com
  • Admin portal -- support.yourdomain.com/scp/settings.php

[edit] FAQ

Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public.

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox