Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Installation for Centos with https and SELinux enabled

One of the strengths I've found with OsTicket is the robust and easy initial installation.

Naturally, everyone does things a little differently though so I thought I would share my own build notes.

I tend to stick to Centos, have a policy of services are always born https only, and like to keep SELinux enabled.

My notes tend to be in short hand a little so if any additional explanation is required just ask.

<after a standard Centos 7 minimal x64 install>

Prereq software installs:
as root:
yum install epel-release
yum update

yum -y group install "Development Tools"
yum -y install httpd httpd-devel mod_ssl mariadb-server mariadb mariadb-devel php php-devel
yum -y install php-mysql php-gd php-php-gettext php-imap php-mbstring php-xml php-pecl-apcu php-intl php-pecl-zendopcache php-ldap


Modifications to php config:
vi /etc/php.ini
^
date.timezone = "Australia/Brisbane"
upload_max_filesize = 20M

Configure and start mariadb:
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation
^- set db root password

mysql -u root -p
^
CREATE DATABASE osticket CHARACTER SET utf8;
CREATE USER 'osticket'@'localhost' IDENTIFIED BY '<yourdbpassword>';
GRANT ALL privileges ON osticket.* TO 'osticket'@'localhost';
quit

Add in a dedicated user account for this service, you can just use your own account too if that is easier:
Just run commands from your own account whenever I have an "as osticket" section:

useradd osticket
su - osticket

Grab the latest OsTicket source and plugins repos:

Setup a directory in the webroot to host osTicket from:
as root:
mkdir /var/www/html/osticket
chown osticket:osticket /var/www/html/osticket

Use the OsTicket manage.php to sync from git repo to webroot, includes copying the setup folder:
Copy the ost-config.php file in order for the installer to be able to save settings to it:

as osticket:
cd osTicket
php manage.php deploy --setup /var/www/html/osticket
cd /var/www/html/osticket
cp include/ost-sampleconfig.php include/ost-config.php
chmod 0666 include/ost-config.php

Allow writing of this file even with Selinux active:
as root:  chcon -t httpd_sys_rw_content_t include/ost-config.php

... continued in next post...
Tagged:

Comments

  • <part 2>

    <configure apache for https>
    I'll leave this as a separate exercise for the reader, however, I usually configure a "VirtualHost *:443" entry with a server name of the virtualname I want to use, it's own log files, the certs, and anything else as per this page:

    ^- httpd server version is 2.4.6 and openssl is version 1.0.1e

    I'll also add a "VirtualHost *:80" entry with the same servername with a permanent redirect like this to ensure any non https traffic is forwarded to https.
    Redirect permanent / https://<yoururl>;

    Configure firewall and SELinux:
    as root:
    firewall-cmd --add-service=http
    firewall-cmd --add-service=https
    firewall-cmd --runtime-to-permanent

    Minor SELinux configuration options to allow SELinux to be kept running and not needing to be turned off:
    setsebool -P httpd_can_sendmail 1
    setsebool -P httpd_can_connect_ldap 1
    ^- only need ldap if that is what you are actually using

    systemctl enable httpd
    systemctl start httpd

    Visit the website to start the setup:

    Afterwards, you can remove write permission on ost-config.php file and remove the setup folder:
    as root:
    chmod 0644 include/ost-config.php

    Deny apache to write to this file using SELinux:
    chcon -t httpd_sys_content_t include/ost-config.php

    and remove the entire setup folder:
    rm -rf /var/www/html/osticket/setup

    For updates from the OsTicket git repo, you can update the repo then run the following:
    as osticket:
    cd ~/osTicket
    ./manage.php deploy /var/www/html/osticket

    For backups I have a script from a while ago which uses mysqldump and is based upon the discussion here:

    Otherwise, phpMyAdmin is your friend and easily installed with "yum install phpmyadmin" and should be covered by the https configuration above automatically if all set correctly which is nice to have too.

    All pretty standard stuff and I haven't included plugins or any mods/patches, however, I hope this is useful for someone.

  • I think I missed this as it is more of an after setting up emails thing, however, it is an important part of the OS setup.

    Set cron to schedule the checking of emails every 5 mins:

    as osticket:
    crontab -e
    ^
    */5 * * * * /bin/php /var/www/html/osticket/api/cron.php

  • Thanks for sharing your experiences I'm sure that someone else will find this and find it helpful.
  • semanage
    fcontext -a -t httpd_sys_content_t "/var/www/html/
    include/ost-config.php"


    This command i have used before i saw this thread 



    @pcjkollmorgen

    Minor SELinux configuration options to allow SELinux to be kept running and not needing to be turned off:

    setsebool -P httpd_can_sendmail 1

    This is for sending emails only ? 
  • Yes, semanage looks like a way to call a bunch of different SELinux commands, or it might be vice-versa and the individual commands just call the semanage tool with different options.

    Thankfully it is all relatively easy here for OsTicket, SELinux can become complex fast however. 
  • Sorry, I missed your question and no doubt you have it worked out already, but yes the "httpd_can_sendmail" is only for sending emails.
Sign In or Register to comment.