Implement a Help Desk System using OTRS on Debian 10

Open source ticket request system also known a help desk and IT service management system. The OTRS is written in Perl, supports a variety of databases including (MySQL, MariaDB, PostgreSQL, Oracle etc.), and can integrate with LDAP/Active directory for central authentication.

This tutorial will take you through the steps to install OTRS Community Edition on a Debian 10 server and set up a simple help desk system, which will help you to receive and process requests from your customers using both the web interface and email.

Prerequisites

To follow this guide, you will need one Debian 10 (virtual or physical) machine should have a non-root user with sudo privileges.

Installing Apache

sudo apt update
sudo apt -y install apache2

Installing Perl Modules

sudo apt -y install libapache2-mod-perl2 libdbd-mysql-perl libtimedate-perl libnet-dns-perl libnet-ldap-perl libio-socket-ssl-perl libpdf-api2-perl libsoap-lite-perl libtext-csv-xs-perl libjson-xs-perl libapache-dbi-perl libxml-libxml-perl libxml-libxslt-perl libyaml-perl libarchive-zip-perl libcrypt-eksblowfish-perl libencode-hanextra-perl libmail-imapclient-perl libtemplate-perl libdatetime-perl

Installing MariaDB

sudo apt -y install mariadb-server

Securing MariaDB

sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Allow Root Access in MariaDB

sudo mysql -u root
use mysql;
update user set plugin='' where User='root';
grant all privileges on *.* to 'root'@'localhost' identified by 'TypeYourPasswordHere';

Downloading OTRS

wget http://ftp.otrs.org/pub/otrs/otrs-6.0.20.tar.gz
tar xzf otrs-6.0.20.tar.gz
sudo mv otrs-6.0.20 /opt/otrs

Configuring OTRS

sudo useradd -d /opt/otrs -c 'OTRS User' otrs
sudo usermod -G www-data otrs
sudo cp /opt/otrs/Kernel/Config.pm.dist /opt/otrs/Kernel/Config.pm
sudo /opt/otrs/bin/otrs.SetPermissions.pl
sudo ln -s /opt/otrs/scripts/apache2-httpd.include.conf /etc/apache2/sites-enabled/zzz_otrs.conf

sudo a2enmod perl
sudo a2enmod headers
sudo a2enmod deflate
sudo a2enmod filter

sudo systemctl restart apache2

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Search for the following parameters and update/replace highlighted values

max_allowed_packet      = 64M
query_cache_size        = 32M

Now copy following parameters and paste it within InnoDB section

innodb_log_file_size = 256M

Save and close.

sudo systemctl restart mariadb

Configuring Database using the Web Installer

In this step, you will configure OTRS's database settings in a web browser and start the OTRS daemon process on the command line.

Open http://your_server_hostname/otrs/installer.pl or http://your_server_ip/otrs/installer.pl in your favorite web browser. You will find a welcome screen with the message Welcome to OTRS 6 and information about the OTRS offices.

Click Next.

The next page will have the license for OTRS, which is the GNU General Public License common to open source programs. Accept by clicking Accept license and continue.

On the next page, you will be prompted to select a database type. The defaults (MySQL and Create a new database for OTRS) are fine for your setup, so click Next to proceed.

On the next page, enter the MySQL credentials that you set up during the MySQL server installation. Use root for the User field, then enter the password you created. Leave the default host value.

Click Check database settings to make sure it works. The installer will generate credentials for the new database. There is no need to remember this generated password.

Click Next to proceed.

The database will be created and you will see the successful result like below:

Click Next.

Next, provide the following required system settings:

System FQDN: A fully qualified domain name. Replace yourdomain.com with your own domain name.
AdminEmail: The email address of your system administrator. Emails about errors with OTRS will go here.
Organization: Your organization's name.

Leave all other options at their default values:

Click Next.

Now you will land on the Mail Configuration page. In order to be able to send and receive emails, you have to configure a mail account. We will set up this later step, so click Skip this for now.

The OTRS installation is now complete; you will see a Finished page with a link to the admin panel after Start page, and the credentials of the OTRS super user after that. Make sure you write down the generated password for the root@localhost user and the URL for the Start page.

The only thing left after a successful installation is to start the OTRS daemon and activate its cronjob.

Bring up the terminal you are using to access your Debian 10 server. The OTRS daemon is responsible for handling any asynchronous and recurring tasks in OTRS.

Start it with the otrs user like below:

sudo su - otrs -c "/opt/otrs/bin/otrs.Daemon.pl start"
sudo cp /opt/otrs/var/cron/aaa_base.dist /opt/otrs/var/cron/aaa_base
sudo cp  /opt/otrs/var/cron/otrs_daemon.dist  /opt/otrs/var/cron/otrs_daemon
sudo su - otrs -c "/opt/otrs/bin/Cron.sh start"

Securing OTRS

We have a fully functional OTRS, but it's not secure to use the super user account. Instead, we'll create a new agent. In OTRS, agents are users who have rights to the various functions of the system. In this example, we will use a single agent who has access to all functions of the system.

To get started, log in as root@localhost. Open the Start page link which you received in the previous step. Enter root@localhost for the username and the password you copied from earlier step of web installer, then click Login.

You will see the main dashboard. It contains several widgets which show different information about tickets, statistics, news, etc. You can freely rearrange them by dragging or switch their visibility in settings.

First, create a new agent. To do this, follow the link by clicking on the red message in the top of the screen that reads Don't use the Superuser account to work with OTRS 6! Create new Agents and work with these accounts instead. This will bring you to the Agent Management screen.

Click the Add agent button. This will bring you to the Add Agent screen. Most of the default options are fine. Fill in the first name, last name, username, password, and email fields. Record the username and password for future login. Submit the form by clicking the Save button.

Next, change the group relations for the new agent. Because your agent will also be the administrator, you can give it full read and write access to all groups. To do this, click the checkbox next to RW all the way on the right, under Change Group Relations for Agent.

Finally, click Save and finish.

Now, log out and log back in again using the newly created account. You can find the Logout link by clicking on the avatar picture in the top left corner.

Once you have logged back in, you can customize your agent's preferences by clicking on Personal preferences in the avatar menu. There you can change your password, choose the interface language, configure setup notifications and favorite queues, change interface skins, etc.

Once you have logged in as your new agent and configured the account to your liking, the next step is to configure the inbound mail options to generate tickets from incoming emails.

Configuring OTRS Inbound Mail

Customers have two ways to forward new tickets to OTRS: via the customer front-end or by sending an email. In order to receive customer's messages you need to set up a POP or IMAP account. We will use a Gmail account as an example for OTRS configuration.

Navigate to the Admin tab by clicking on Admin in the top menu. Then find the PostMaster Mail Accounts option and click on it. Press the Add Mail Account button to set up a new mailbox.

On the Add Mail Account screen, select IMAPS for Type. For Username, type in your email address, and Password. Leave all other options as default. Click Save.

Next, send a test email from an external email account to your dedicated OTRS email account. The mail will be fetched every 10 minutes by the OTRS daemon, but you can force receipt by clicking the Fetch mail link.

As a result, you will see the new ticket.

Now you are ready to accept tickets from customers via email. Next, you will go through the process of creating a ticket through the customer front-end.

Configuring OTRS Customer Interface

The second way for a customer to create a ticket is through the OTRS front-end. In this step, you will walk through this process to make sure this ticket creation method is set up.

The customer front-end is located at http://your_server_name/otrs/customer.pl or http://your_server_ip/otrs/customer.pl.

Navigate to it in a web browser. You can create a customer account there and submit a ticket using the GUI.

Use the Sign up now link to open the registration form.

Fill out the form and press the Create button.

You will see a message like this:

New account created. Sent login information to username@youremail.com. Please check your email.

Check your inbox for the message from the OTRS. You will see a message with the new account credentials:

Hi example,

You or someone impersonating you has created a new OTRS account for
you.

Full name: example
User name: example@youremail.com
Password : user_password

You can log in via the following URL. We encourage you to change your password via the Preferences button after logging in.

http://your_server_name/otrs/customer.pl or http://your_server_ip/otrs/customer.pl

Now, use the provided credentials to access the customer front-end and create another ticket. All new tickets created using the customer front-end will immediately appear on the agent's dashboard:

On the agent dashboard, you can see the information on all current tickets: their status (new, opened, escalated, etc.), their age (the time elapsed from the moment when the ticket was received), and subject.

You can click on the ticket number (in the TICKET# column) to view its details. The agent can also take actions on the ticket here, like changing its priority or state, moving it to another queue, closing it, or adding a note.

You have now successfully set up your OTRS account.

Wrapping up

In this guide, you have configured OTRS and created test help desk tickets. Now you can accept and process requests from your users and customer using both the web interface and email.