Set Up a Help Desk System using osTicket on CentOS, RHEL 8

This tutorial will walk you through the steps to set up a help desk system using a free and open source osTicket on CentOS/RHEL 8.

osTicket is a widely-used open source support desk system. It seamlessly integrates inquiries created via email, phone and web-based forms into a simple easy-to-use multi-user web interface. Manage, organize and archive all your support requests and responses in one place while providing your customers with accountability and responsiveness they deserve.

Note: With CentOS 8 release, yum command has been replaced with dnf and in near future yum package manager will be discontinued. It is now recommended to use dnf for installing packages but if you still wish to use yum you can use it.

Prerequisites

You will need one (physical or virtual) machine installed with CentOS/RHEL 8, must have root user privileges.

Disabling Selinux

It is entirely my recommendation that you should disable selinux before proceeding to install software and packages. However, you should enable it later when you are done with your installation and configuration:

sudo vi /etc/selinux/config

and change SELINUX=enforcing parameter to SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are pro
tected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save and close file when your finished.

You must reboot your server now to make changes into effect:

reboot

Once reboot complete, proceed with the following steps.

Adding EPEL Repository

It is always recommended to add extra packages for enterprise Linux repository before proceeding to install any other software or packages.

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
ARCH=$( /bin/arch )
dnf config-manager --set-enabled PowerTools

If you are on RHEL 8 server, execute the following command as well:

subscription-manager repos --enable "codeready-builder-for-rhel-8-${ARCH}-rpms"
dnf config-manager --set-enabled PowerTools

Installing PHP

You will need to install PHP and its required extensions commonly used with osTicket.

dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf -y install php php-fpm php-mysqlnd php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-apcu php-intl php-opcache php-json php72-php-imap zip unzip tar wget

Start the PHP service and make it persistent even when system reboots by typing the following commands:

systemctl start php-fpm
systemctl enable php-fpm

Installing Apache

To serve osticket web services to users and customers, you need to install either Nginx or Apache as your web server. For this guide, we are going with Apache.

dnf -y install httpd httpd-devel openssl mod_ssl

systemctl start httpd
systemctl enable httpd

Installing MySQL

You can install MySQL as your database server using the following command:

dnf -y install mysql-server

systemctl start mysqld
systemctl enable mysqld

Securing MySQL

By default MySQL database has no root password and anyone can access it from anywhere. It is important to secure your database before bringing it into production.

mysql_secure_installation

Now follow on screen instruction like below to complete it:

mysql_secure_installation

Now follow on screen instruction like below to complete it:

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0
Please set the password for root here.

New password:
Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Downloading osTicket

You can download latest version of osTicket from the official website . At the time of writing this tutorial, the latest release of osTicket is 1.14.1:

wget https://github.com/osTicket/osTicket/releases/download/v1.14.1/osTicket-v1.14.1.zip

When download finished, extract it into the following directory and set the appropriate permission:

mkdir /var/www/osTicket
unzip -d /var/www/osTicket/ osTicket-*.zip
cp /var/www/osTicket/upload/include/ost-sampleconfig.php /var/www/osTicket/upload/include/ost-config.php
chown -R apache:apache /var/www/osTicket
chmod 0666 /var/www/osTicket/upload/include/ost-config.php

Creating Database

At this point, you need to create a database and a user for osticket:

mysql -u root -p

create database osticket;
create user 'osticket'@'localhost' identified by 'osticket';
grant all privileges on osticket.* to 'osticket'@'localhost';
flush privileges;
exit

Configuring Apache

Now, you need to make osticket web directory available to Apache. Replace highlighted parameters to reflect yours.

vi /etc/httpd/conf.d/osticket.conf

<VirtualHost *:80>

ServerAdmin webmaster@techsupportpk.com
DocumentRoot "/var/www/osTicket/upload"
ServerName labserver.techsupportpk.com

ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" combined

<Directory "/var/www/osTicket/upload">
DirectoryIndex index.html index.php
Options FollowSymLinks

AllowOverride All
Require all granted

</Directory>
</VirtualHost>

Save and close file when you are finished.

Now type the following command to backup Apache default index page file as we don't need it

mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/bkpwelcome

Now restart Apache service to take changes into effect:

systemctl restart httpd

Updating Firewall Rules

firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --reload

Open up your favorite web browser and navigate to http://your_server_name or http://your_server_ip and it will take you to osTicket web installer page like below:

If you encounter (PHP IMAP Extension — Required for mail fetching) is missing as you can see in the above screenshot then you will need to perform the following additional step to make it work:

find / -name imap.so

The above command will return you an absolute path to imap.so which you need to copy and make a symbolic links like below:

ln -s /opt/remi/php72/root/usr/lib64/php/modules/imap.so /usr/lib64/php/modules/imap.so
ln -s /opt/remi/php72/root/usr/lib64/php/modules/imap.so /usr/lib64/php/modules/imap.so.so

Now edit /etc/php.ini and add the extension = imap.so directive anywhere in the file:

vi /etc/php.ini

extension = imap.so

Save and close file when you are finished.

Now restart php-fpm service to take changes into effect:

systemctl restart php-fpm

Go back to your browser, refresh the osticket installer page and you will see (PHP IMAP Extension — Required for mail fetching) is now turn green.

Make sure all the prerequisites are green like below before Continue

Fill out the information below with yours, make sure you provide correct credentials in database field as you have created in earlier step. Also, do not change MySQL Table Prefix and keep it default. When done, click Install Now button.

Please wait while, the installer will take few minutes to complete:

You will see the following page contains information to access osTicket administrative control panel and users/customer support link:

Write it down to remember it

Now go back to command line terminal and change permission of ost-config.php to remove write access as shown below:

chmod 0644 /var/www/osTicket/upload/include/ost-config.php

Also remove setup directory as we do not need it anymore:

rm -rf /var/www/osTicket/upload/setup

Now navigate back to http://your_server_name/scp or http://your_server_ip/scp and you will see the following login page. Login with the username and password you created in earlier web installer step.

In our case, the username is helpdesk and password also helpdesk

Once log in, you will see the following dashboard of admin panel. From here you can control, customize and manage your osTicket support desk according your organizational requirement. 

Navigate to http://your_server_name or http://your_server_ip and you will see the following support center page. From here users and customers can create support ticket, check status of already created tickets etc.

Securing osTicket

By default osTicket web interface is accessible via HTTP protocol which is not secure. In this step we will generate an SSL certificate to enable HTTPS for our osTicket web interface.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/certs/osticket.key -out /etc/ssl/certs/osticket.crt

You will need to provide information to the following highlighted output:

Generating a RSA private key
...............+++++
....+++++
writing new private key to '/etc/ssl/certs/osticket.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:PK
State or Province Name (full name) []:Sindh
Locality Name (eg, city) [Default City]:Karachi
Organization Name (eg, company) [Default Company Ltd]:TECH SUPPORT
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:labserver.techsupportpk.com
Email Address []:info@techsupportpk.com

Now edit /etc/httpd/conf.d/osticket.conf and make the following highlighted changes:

vi /etc/httpd/conf.d/osticket.com

<VirtualHost *:443>

ServerAdmin webmaster@techsupportpk.com

DocumentRoot "/var/www/osTicket/upload"
ServerName labserver.techsupportpk.com

ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" combined

SSLEngine on
SSLCertificateFile /etc/ssl/certs/osticket.crt
SSLCertificateKeyFile /etc/ssl/certs/osticket.key

<Directory "/var/www/osTicket/upload">
DirectoryIndex index.html index.php
Options FollowSymLinks

AllowOverride All
Require all granted

</Directory>
</VirtualHost>

Save and close file file when you are finished.

Now edit /etc/httpd/conf.d/ssl.conf file and disable SSLEngine directive by adding # like below:

vi /etc/httpd/conf.d/ssl.conf

#SSLEngine on

Save and close file.

Now restart Apache service to take changes into effect:

systemctl restart httpd

Update firewall rules

firewall-cmd --zone=public --permanent --remove-port=80/tcp
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload

Wrapping up

Your osTicket installation has been completed successfully. Your next step is to fully configure your new support ticket system for use.