Install OTRS v5.x.x on centos 7 with SSL
OTRS is an Open source Ticket Request System, the best, flexible ticket and process management system that allows service management professionals in any company to support, managing, ordering and track back the solutions, based on IT department cooperation, will become an indispensable tool in everyday life of IT troubleshooters.
Requirements:
-Centos 7.3 server with Minimum 1 CPU, 2 GB of RAM for normal working ( if you have a massive email flow, we suggest to upgrade the hardware )
-ROOT permission on server.
-E-mail account and mail-server settings
-Internet connection to download all needed packages.
-Good IT knowledge and a bit of patience…
Let’s Start!
Setup network with static IP and set DNS
First of all, update your server
yum update -y
Change hostname at your server if needed
hostnamectl set-hostname otrs.yobicloud.local
Install some useful packages, wget to download, network tools (always useful to troubleshoot network), htop to monitor the hardware and processes with a helpful graphics and mod_ssl to configure Secure connection SSL/TLS over HTTP on Apache2.
yum install wget net-tools htop mod_ssl
Enable the EPEL repository
yum install epel-release
Disable selinux in /etc/selinux/config file to avoid problems until you know what are doing…
Then open the file and change the line SELINUX=enforcing to SELINUX=disabled, save and reboot server
reboot
Then re-update your system.
yum update -y
I will use MySQL opensource for database, then install MariaDB, but there are different alternatives like Postgres, Oracle or MS-SQL, and if you are comfortable with them, use it. you just need to install differents otrs modules for make it working properly. I will continue with a standard MariaDB database
yum install mariadb-server mariadb
You will need to change the default MySQL settings in order to make it suitable for OTRS. Open its configuration file using vi or your favorite text editor
vi /etc/my.cnf
Add the following lines under the [mysqld] section, which specify the sizes of a few files.
[mysqld]
max_allowed_packet=64M
query_cache_size=32M
innodb_log_file_size=256M
datadir=/var/lib/mysql
Then save and close the file. Make sure you do this before you start MySQL for the first time.
Now, start MariaDB.
systemctl start mariadb
Next, secure the MySQL database.
/usr/bin/mysql_secure_installation
You will be asked a few questions. You can accept the default values for all of the questions by just pressing ENTER for each, except for setting the new root password. Make a note of your root user password because you will need it later in this tutorial.
Now that we have everything, we need to install the OTRS application
We will install OTRS using the pre-built RPM package for CentOS. First, we need to download the latest RPM from their official repository. You can browse the repository directory to determine the latest version.
wget http://ftp.otrs.org/pub/otrs/RPMS/rhel/7/otrs-5.0.21-02.noarch.rpm
Next, install OTRS (note that sometimes you have to install twice).
yum install --nogpgcheck otrs-5.0.21-02.noarch.rpm
OTRS is written in Perl and uses a number of Perl modules. We can check for missing modules by using the CheckModules.pl script included with OTRS.
If some PERL modules are missing, install which might be needed for your configuration
/opt/otrs/bin/otrs.CheckModules.pl
The output will be something like this:
o Apache::DBI......................ok (v1.12) o Apache2::Reload..................ok (v0.13) o Archive::Tar.....................ok (v1.92) o Archive::Zip.....................ok (v1.30) o Crypt::Eksblowfish::Bcrypt.......Not installed! Use: 'yum install "perl(Crypt::Eksblowfish::Bcrypt)"' (optional - For strong password hashing.) o Crypt::SSLeay....................ok (v0.64) o Date::Format.....................ok (v2.24) o DBI..............................ok (v1.627) o DBD::mysql.......................ok (v4.023 o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.) o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.) o DBD::Pg..........................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.) o Digest::SHA......................ok (v5.85) o Encode::HanExtra.................Not installed! Use: 'yum install "perl(Encode::HanExtra)"' (optional - Required to handle mails with several Chinese character sets.) o IO::Socket::SSL..................ok (v1.94) o JSON::XS.........................Not installed! Use: 'yum install "perl(JSON::XS)"' (optional - Recommended for faster AJAX/JavaScript handling.) o List::Util::XS...................ok (v1.27) o LWP::UserAgent...................ok (v6.13) o Mail::IMAPClient.................Not installed! Use: 'yum install "perl(Mail::IMAPClient)"' (optional - Required for IMAP TLS connections.) o IO::Socket::SSL..................ok (v1.94) o Authen::SASL.....................ok (v2.15) o Authen::NTLM.....................Not installed! Use: 'yum install "perl(Authen::NTLM)"' (optional - Required for NTLM authentication mechanism in IMAP connections.) o ModPerl::Util....................Not installed! Use: 'yum install "perl(ModPerl::Util)"' (optional - Improves Performance on Apache webservers dramatically.) o Net::DNS.........................ok (v0.72) o Net::LDAP........................ok (v0.56) o Template.........................ok (v2.24) o Template::Stash::XS..............ok (undef) o Text::CSV_XS.....................Not installed! Use: 'yum install "perl(Text::CSV_XS)"' (optional - Recommended for faster CSV handling.) o Time::HiRes......................ok (v1.9725) o Time::Piece......................ok (v1.20_01) o XML::LibXML......................ok (v2.0018) o XML::LibXSLT.....................ok (v1.80) o XML::Parser......................ok (v2.41) o YAML::XS.........................Not installed! Use: 'yum install "perl(YAML::XS)"' (required - Very important)
As you can see, all checked modules are followed by a comment that will help you in the installation. Not all modules are necessary to you, for example if you have a my-sql DB (DBD::mysql module already install), the “perl(DBD::Pg)” or “perl(DBD::ODBC)” or “perl(DBD::Oracle)” are not required to OTRS, instead if you have a PG DB than follow the comments and install with the command shown below, an so on…
example: yum install "perl(DBD::Pg)"
In my case i will not install any DB modules other than my-sql, but I’ll proceed with the missing tagged like required, optional and recommended needed to me (so analyze your needs before continue and install your needs )
yum install "perl(XML::LibXSLT)"
yum install "perl(Authen::NTLM)"
yum install "perl(YAML::XS)"
yum install "perl(Text::CSV_XS)"
yum install "perl(ModPerl::Util)"
yum install "perl(Mail::IMAPClient)"
yum install "perl(JSON::XS)"
yum install "perl(Crypt::Eksblowfish::Bcrypt)"
You can re-check the modules with the script:
/opt/otrs/bin/otrs.CheckModules.pl
Add firewall exceptions for port 80-443 and reload firewalld conf
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload
Restart Apache2 service.
systemctl restart httpd
Start the OTRS daemon, activate cronjob as otrs user, and as root enable webserver and database at boot, now reboot to check that everything is starting alone.
sudo su - otrs -c "bin/otrs.Daemon.pl start"
sudo su - otrs -c "/opt/otrs/bin/Cron.sh start"
systemctl enable httpd
systemctl enable mariadb
reboot
Configure from the front-end, once all previous step went done.
Open in browser https://otrs.yobicloud.local/otrs/installer.pl use your own ip or hostname instead of “otrs.yobicloud.local”, note that if you installed mod_ssl, the apache package for SSL, you will have https already activated with basic configuration and certificate, later you will need just to make default, and tune otrs sysconfig and the apache conf files, to generate new certificate follow our apache tutorial.
will show world offices info, click next, and after reading you have to accept the license terms and conditions.
Is time to choose the DB, our installation is with MariaDB, so select MYSQL and ‘Create new DB for OTRS’ if you don’t want to use an existing one.
Fill in password, DB address if is different than local and press check DB settings, if everything is green like the photo below you can continue, Write down the password generated or change it (this is needed to log-in OTRS)
NEXT
In the STEP 3 fill in a fully qualified domain name(FQDN), or you can just use your server’s IP address, the Administrator email to get notify about errors or warning, the organization name, select logging type, main language and if you prefer to check MX record select YES.
To receive e-mails from customers configure an incoming account with type of mail ‘IMAP preferred’ mail address, user and password.
For outbound you can leave it so, if you not have particular configuration, you can check if will work pressing button ‘check mail configuration’ or ‘Skip this step’ to continue and check later.
Congratulation!!! Installation Completed, write down the Admin login credential
Now login using the credentials of the previus page at the link https://otrs.yobicloud.local/otrs/index.pl (use your own ip or hostname instead of “otrs.yobicloud.local”), after login you will receive two advice, one to create a new user for working with otrs, clicking on this link will redirect to the operators management page so create the new user here, and the other are relative at otrs daemon, to check if the daemon is up, use:
sudo su - otrs -c "bin/otrs.Daemon.pl status"
Note that the cron call the daemon every 5 minutes, than wait minimum 5 minutes and if the Daemon still is not running, follow the suggestion in the pop-up.
SSL/TLS connection over http is essential today in the scary web, consider activate the HTTPS on your web server.
(OPTIONAL)
If you have no possibility to activate it from the server click in the header menu on admin and select SysConfig, search for HTTPS, in the result click on core, scroll untill the configuration option HttpType and change to HTTPS.
Good practice is to also redirect all HTTP traffic to HTTPS, in case someone tries to access via an insecure link. This should be done on web server configuration level for maximum effect. However, in case this is not possible, you can set HTTPSForceRedirect to Yes in SysConfig if available.
(BEST WAY)
The best way is edit apache2 configuration, than if can be possible, chose this method instead previus (optional method), by creating a new file that will redirect all http request to otrs main page in https.
cd /etc/httpd/conf.d
vi ssl.conf
And add the following text (remember to edit with your own settings):
<VirtualHost *:80>
ServerName otrs.yobicloud.local
ServerName 192.168.24.101
Redirect permanent / https://otrs.yobicloud.local/otrs/index.pl
</VirtualHost>
Edit the main SSL config file for all HTTPS connection with some hardening tips
vi /etc/httpd/conf.d/ssl.conf
Uncomment and edit (always with your data) as:
DocumentRoot "/var/www/html"
ServerName 192.168.24.101:443
Some where in the file comment this line:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
and add the following lines to hardening a bit apache2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
until you leave untouched the default certificates, paths and names, you don’t need further changes, than restart apache2 to apply configuration.
systemctl restart httpd
Here the official documentation about OTRS.
—>>> ENJOY!!! <<<—
