Install from package¶

Note

Please ensure to meet Zammads Software requirements beforehand.

This page expects administrative permissions, this is why sudo is not used.

Prerequisites¶

Additional software dependencies¶

In addition to already mentioned Package dependencies, some operating systems may require additional packages if not already installed.

$ apt install curl apt-transport-https gnupg

The openSUSE Enterprise 15 variant requires additional repositories to be activated. To do so, run the following commands.

$ SUSEConnect --product sle-module-desktop-applications/$(. /etc/os-release; echo $VERSION_ID)/$(uname -i)
$ SUSEConnect --product PackageHub/$(. /etc/os-release; echo $VERSION_ID)/$(uname -i)

$ yum install wget epel-release

# CentOS 7
$ yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Setup Elasticsearch¶

Elasticsearch is a dependency of Zammad and needs to be provided before installing Zammad. Please take a look at the following page: Set up Elasticsearch.

Ensure correct locale¶

For Zammad to function correctly, your system has to use the correct locales.

List your current locale settings.

$ locale |grep "LANG="

If above does not return <lang_code>.utf8 you can correct this issue as follows.

$ apt install locales
$ locale-gen en_US.UTF-8
$ echo "LANG=en_US.UTF-8" > /etc/default/locale

List your current locale settings.

$ locale |grep "LANG="

If above does not return <lang_code>.utf8 you can correct this issue as follows.

$ localectl set-locale LANG=en_US.utf8

List your current locale settings.

$ localectl status |grep "LC_CTYPE"

If above does not return <lang_code>.utf8 you can correct this issue as follows.

$ localectl set-locale LC_CTYPE=en_US.UTF-8

Hint

By default OpenSUSE uses POSIX as LANG value for the root user. Learn more about this within the OpenSUSE documentation.

This does not affect other users and thus can be ignored.

Add Repository and install Zammad¶

Add Repository

Install Repository Key

$ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
  gpg --dearmor | tee /etc/apt/trusted.gpg.d/pkgr-zammad.gpg> /dev/null

Ubuntu 16.04

$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 16.04 main"| \
  tee /etc/apt/sources.list.d/zammad.list > /dev/null

Ubuntu 18.04

$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 main"| \
  tee /etc/apt/sources.list.d/zammad.list > /dev/null

Ubuntu 20.04

$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 20.04 main"| \
  tee /etc/apt/sources.list.d/zammad.list > /dev/null

Ubuntu 22.04

$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 22.04 main"| \
  tee /etc/apt/sources.list.d/zammad.list > /dev/null

Install Repository Key

$ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
  gpg --dearmor | tee /etc/apt/trusted.gpg.d/pkgr-zammad.gpg> /dev/null

Debian 10

$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/debian 10 main"| \
  tee /etc/apt/sources.list.d/zammad.list > /dev/null

Debian 11

$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/debian 11 main"| \
  tee /etc/apt/sources.list.d/zammad.list > /dev/null

Install Repository Key

$ rpm --import https://dl.packager.io/srv/zammad/zammad/key

RHEL 7 / CentOS 7

$ wget -O /etc/yum.repos.d/zammad.repo \
https://dl.packager.io/srv/zammad/zammad/stable/installer/el/7.repo

RHEL 8 / CentOS 8

$ wget -O /etc/yum.repos.d/zammad.repo \
https://dl.packager.io/srv/zammad/zammad/stable/installer/el/8.repo

Remove obsolete Let’s Encrypt CA (SLES12 and openSUSE 42.x only)

$ rm /usr/share/pki/trust/DST_Root_CA_X3.pem
$ update-ca-certificates

Install Repository Key

$ rpm --import https://dl.packager.io/srv/zammad/zammad/key

SLES 12 / openSUSE 42.x

$ wget -O /etc/zypp/repos.d/zammad.repo \
https://dl.packager.io/srv/zammad/zammad/stable/installer/sles/12.repo

SLES 15 / openSUSE 15.x

$ wget -O /etc/zypp/repos.d/zammad.repo \
https://dl.packager.io/srv/zammad/zammad/stable/installer/sles/15.repo

Install Zammad

$ apt update
$ apt install zammad

# CentOS 7
$ yum install postgresql14-server
$ postgresql-14-setup initdb
$ systemctl start postgresql-14
$ systemctl enable postgresql-14

# general
$ yum install zammad

Due to an issue with packager.io on CentOS 8 you’ll need to correct file permissions for public files.

chmod -R 755 /opt/zammad/public/

$ zypper ref
$ zypper install zammad

Firewall & SELinux¶

Some parts of these steps may not apply to you, feel free to skip them!

SELinux¶

$ # Allow nginx or apache to access public files of Zammad and communicate
$ chcon -Rv --type=httpd_sys_content_t /opt/zammad/public/
$ setsebool httpd_can_network_connect on -P
$ semanage fcontext -a -t httpd_sys_content_t /opt/zammad/public/
$ restorecon -Rv /opt/zammad/public/
$ chmod -R a+r /opt/zammad/public/

Firewall¶

Note

Below only covers the distributions default firewall. It may not cover your case.

$ # Open Port 80 and 443 on your Firewall
$ ufw allow 80
$ ufw allow 443
$ ufw reload

Warning

We’re covering nftables in this part - iptables is discouraged starting from Debian 10 (Buster). Our example uses the input chain, yours may be a different one!

Add the following lines to /etc/nftables.conf or your specific rule file. Ensure to add these lines to your input-chain.

# Open Port 80 and 443 for Zammad
tcp dport { http, https } accept
udp dport { http, https } accept

The result should look like the following. Keep in mind that your enviroment could require different / more rules.

#!/usr/local/sbin/nft -f
flush ruleset

table inet filter {
   chain input {
      type filter hook input priority 0; policy drop;
      ct state established,related accept
      tcp dport ssh log accept
      tcp dport { http, https } accept
      udp dport { http, https } accept
   }

   chain forward {
      type filter hook forward priority 0; policy accept;
   }

   chain output {
      type filter hook output priority 0; policy accept;
   }
}

To load your new rules, simply run systemctl reload nftables.

$ # Open Port 80 and 443 on your Firewall
$ firewall-cmd --zone=public --add-service=http --permanent
$ firewall-cmd --zone=public --add-service=https --permanent
$ firewall-cmd --reload

If your system does not yet know webserver rules, you can add a new one for your firewall by creating the file /etc/sysconfig/SuSEfirewall2.d/services/webserver with this content:

## Name: Webserver
## Description: Open ports for HTTP and HTTPs

# space separated list of allowed TCP ports
TCP="http https"
# space separated list of allowed UDP ports
UDP="http https"

After that locate FW_CONFIGURATIONS_EXT within /etc/sysconfig/SuSEfirewall2 and add the option webserver to the list. The list is seperated by spaces. You may require a different zone, above covers the external zone.

Now ensure to restart the firewall service.

systemctl restart SuSEfirewall2

If we didn’t cover your distribution or firewall in question, ensure to open ports 80 and 443 (TCP & UDP) beside of the ports you need.

Manage services of Zammad¶

In general Zammad uses three services - these can be (re)started & stopped with the parent zammad.

$ # Zammad service to start all services at once
$ systemctl (status|start|stop|restart) zammad

$ # Zammads internal puma server (relevant for displaying the web app)
$ systemctl (status|start|stop|restart) zammad-web

$ # Zammads background worker - relevant for all delayed- and background jobs
$ systemctl (status|start|stop|restart) zammad-worker

$ # Zammads websocket server for session related information
$ systemctl (status|start|stop|restart) zammad-websocket

Next steps¶

With this Zammad technically is ready to go. However, you’ll need to follow the following further steps to access Zammads Web-UI and getting started with it.

Connect Zammad with Elasticsearch

Configure the webserver

First steps

You may also find Zammads Console commands useful

If you expect usage with 5 agents or more you may also want to consider the following pages.

Performance Tuning

Configure Database server