OsTicket/Installing
(→Configure osTicket) |
|||
Line 118: | Line 118: | ||
Once completed, you'll get a '''Congratulations''' screen, go ahead and change file permissions of the config file to a secure setup. | Once completed, you'll get a '''Congratulations''' screen, go ahead and change file permissions of the config file to a secure setup. | ||
<nowiki>~$ sudo chmod 644 /var/www/html/support/include/ost-config.php</nowiki> | <nowiki>~$ sudo chmod 644 /var/www/html/support/include/ost-config.php</nowiki> | ||
+ | |||
+ | Now you'll have a few options for links: | ||
+ | * Main customer portal -- support.yourdomain.com | ||
+ | * Admin portal -- support.yourdomain.com/scp/settings.php |
Revision as of 06:04, 25 February 2017
Contents |
Update
~$ sudo yum update -y
Install EPEL repo
~$ sudo yum install epel-release
Install LAMP
~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y
Secure MariaDB
~$ sudo systemctl start mariadb.service ~$ sudo systemctl enable mariadb.service ~$ sudo mysql_secure_installation Enter current password for root (enter for none): Set root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Test MariaDB password
~$ mysql -u root -p
Install Dependencies
~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y
Download, Extract, and Configure osTicket
~$ sudo mkdir -p /opt/osticket ~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip ~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip ~$ sudo ln -s /opt/osticket/upload /var/www/html/support ~$ sudo chown apache: -R /var/www/html/support /opt/osticket ~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php ~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php
Configure MariaDB
~$ sudo mysql -u root -p MariaDB> create database osticketdb; MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password'; MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost'; flush privileges; exit;
Doublecheck database & user creation, permissions and password
~$ sudo mysql -u root -p MariaDB> SHOW DATABASES; osticketdb MariaDB> SELECT User,Host FROM mysql.user; osticketuser | localhost MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost'; GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost' MariaDB> exit; ~$ sudo mysql -u osticketuser -p
Configure Apache
start and set to start on boot
~$ sudo systemctl start httpd.service ~$ sudo systemctl enable httpd.service
Create file vhosts.conf
and insert configuration line
~$ sudo vi /etc/httpd/conf.d/vhosts.conf IncludeOptional vhosts.d/*.conf
Create Virtual Host
~$ sudo mkdir /etc/httpd/vhosts.d/ ~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/html/support/" ServerName support.yourdomain.com ServerAlias www.support.yourdomain.com ErrorLog "/var/log/httpd/yourdomain.com-error_log" CustomLog "/var/log/httpd/yourdomain.com-access_log" combined <Directory "/var/www/html/support/"> DirectoryIndex index.html index.php Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>
Restart Apache
~$ sudo systemctl restart httpd.service
Disable SELinux
~$ sudo vi /etc/selinux/config change SELinux=enforcing to SELinux=disabled ~$ sudo reboot
check status
~$ sestatus SELinux status: disabled
Disable firewalld replace with iptables
~$ sudo systemctl mask firewalld ~$ sudo systemctl stop firewalld ~$ sudo yum -y install iptables-services ~$ sudo systemctl enable iptables ~$ sudo systemctl start iptables
Configure iptables
There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.
~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal" ~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal" ~$ sudo iptables -P INPUT DROP ~$ sudo iptables -P FORWARD DROP ~$ sudo service iptables save
Create A records
Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable.
Configure osTicket
Go to your osTicket instance, http://support.yourdomain.com
Make sure the default page shows everything found and available.
Go through the steps of configuring the site
- Site Name
- support email address
- root user & password
- database name, user, & password
Once completed, you'll get a Congratulations screen, go ahead and change file permissions of the config file to a secure setup.
~$ sudo chmod 644 /var/www/html/support/include/ost-config.php
Now you'll have a few options for links:
- Main customer portal -- support.yourdomain.com
- Admin portal -- support.yourdomain.com/scp/settings.php