How to setup OpenSupports Ticket System

OpenSupports is an open source ticket system, very simple to setup and use. Here I will go through setting up step by step. I am assuming you have your server is set up with correct permission. You will need to able to create database and upload installation files to your server. The installation has 7 steps it will go through and check requirements, and settings as it goes to the next step. This one is a very very simple Ticket system.

Server Requirements

PHP 5.6+
MySQL 4.1+
PDO Extension
Apache 2.4+

Installation of OpenSupports

You can start by downloading the OpenSupports ticket system from https://www.opensupports.com/download/

Once you have download the OpenSupports ticket system, then upload to your server and go to URL of your OpenSupports, you should see Step 1 of 7 Select the language and click Next

Then it will check for the Server requirements, if you see any error or missing requirement, install it then click Refresh, once all good, then click Next

You can fill in MySQL server info, at this point create a database if you have not yet, then fill in info below and click Next

  • MySQL database name: this can be left blank and it will generate automatic
  • MySQL server port (this can be left blank (default port is 3306)
  • MySQL user:
  • MySQL password:

Then select the option if you want your user to access and be able to register it, it’s toggle on/off, make selection, then click Next

Fill in the name of your ticket system, Check box if you want your user to attach a file to ticket and email server info (option to confirm SMTP connection test, to make sure your email server can communicate), then click Next

Admin account name, email and password, fill in info, make sure it’s strong and keep it safe, you will use this account to make changes to your system. Once you have filled in info, click Next
Then it will go through installation and redirect to login page

This is login page where you will enter your admin login info you choose in your last step.
User URL will be yourdomain
Admin URL will be yourdomain/admin

Once you are logged in you will see Dashboard of your new Ticket System, where you can make changes, add user/agents, etc…

That’s it, very simple ready to use your OpenSupports open source ticket system. If you are looking for more feature you can use another open source ticket system called osTickets, I have written a post on how to install osTicket on Ubuntu, enjoy it



How to upgrade osTicket to 1.11

update: this version no longer support please use 1.12 or latest

Finally, osTicket v1.11 is released open source ticket system, it has lots of new feature people been waiting for a long time. You can find official documents and a full list of all the features on here. Most important issues people had was PHP version too old in 1.10.4.  The osTicket v1.11 supports PHP version v5.6-v7.2.

How to upgrade from 1.10.4 to 1.11

  1. Make sure you have a good backup of Database and files of osTicket
  2. Then put the system in the offline mode: by going to /scp/settings.php
  3. Download the new version from https://osticket.com/download/ and choose the osTicket Core, v1.11 (Latest Release)
  4. Upload to your server v. 1.11 and replace current files/folders from Upload folder from your downloaded, and exclude the script folder/files
  5. Make sure you have the correct permission, then go to the URL/SCP of the osTicket system and login, you should see osTicket Upgrader, make sure your Prerequisites are all good, if any errors correct it, then click Start Upgrade Now
  6. Then you should see Apply updates to database stream: core, click Upgrade Now
  7. If everything went well you should see Upgrade Completed

  8. Delete the /setup folder and update any customization you may have, test it, then once all is good you can put the system back online

That’s it if you have customized PHP core files, those needs to be re-applied after the upgrade. Also, make sure your plugins are good, if needed upgrade do so, make sure it supports the new version. one more thing, if using Language packs, you can find them at the osTicket website, those do needs to be updated.   You will find many solutions to the problem in a forum where people report and help out each other. Please read your error message and logs of your system web server, PHP, osTicket, it gives many ideas about why things are not working. Many of them due to the PHP version not supported. If you were to get help from the forum, please include your system information, like osTicket, PHP version, web server, and remember forum support is free, so don’t order/demand to fix your issues.  They do offer paid support if you wish to pay for it.  Thank you very much to the osTicket team for their hard work on keeping osTicket System up to date.



Encrypt TLS-SNI-01 validation is reaching end-of-life

If you are using Let’s Encrypt certification and have received an email to take action on renewal of your certificate.  That’s because lets Encrypt had announced last October 2018, that they will end support for TLS-SNI-01 validation method on February 13, 2019.  You need to update your ACME client to use an alternative validation method alternative validation method: HTTP-01, DNS-01 or TLS-ALPN-01. If no action taken you may have out-dated certificate for your domain.

To check your certbot version:

certbot –version

If have your server up to update, then the version should be 0.28.  If not you can upgrade your Certbot at https://certbot.eff.org/.   It will ask you to pick your software and system and it will give you detail documentation on how to upgrade, baased on your version of software/system.

To install for Apache, you can run this command:

sudo apt-get install python-certbot-apache

To test do a renewal dry run:

sudo certbot renew –dry-run

If everything goes well you should see Congratulation, all renewals succeeded, if it fails then you need to fix it. Take a look at log, firewall to make sure it’s not been blocked and try again.

Here is a link from Let’s Encrypt Community Support on How to stop using TLS-SNI-01 with Certbot Please update your server certificate to keep it secure.



How to upgrade Ubuntu 14.04 to 16.04

If you are still running Ubuntu server 14.04, which will be End of Life this Aril 2019, so you should upgrade to 16.04 or 18.04. You can check out Ubuntu Release dates at https://wiki.ubuntu.com/Releases Even though Linux is more secure, that does not mean it should not be kept up to date, to keep your data safe. Longer you keep put out the updates harder it gets, due to many changes on each upgrade. You can check out my post on How to secure your Ubuntu server. Make sure you have a good backup and your backup is tested to be sure data you are backup are good. If you have an option you can do an upgrade on a test server and work out any issues, that way when you do upgrade on production system it goes smooth.

Check list before starting upgrade process

  • Data backed up and verified
  • Make sure your application supports newer packages versions
  • List of application/services so it can be tested after the upgrade
  • Direct access to the server, remote session will give you an error
  • Stopping application/services, not required but if dealing with a database it’s safer
  • Double check storage space for an upgrade to download/install

Login to server directly to do the upgrade
Command: sudo do-release-upgrade

It will go through a list of currently installed packages and then let you choose if you want to go for the upgrade or not.  If you need more details you should press d otherwise press y and ENTER

You may get a message like this select Yes, so if any services needed to be restarted it will automatically without asking you each time. It will start the process of removing obsolete packages, downloading, installing and setting up automatically, unless you have chosen No.

You may get this message and you can make your own choice to keep current version or install newer, you can select to show differences between the versions

It will go though upgrade process, then if everything goes well you should see message System upgrade is complete, then restart by pressing y and Enter key, so your server can restart to finish upgrading.

If everything went well you should see login screen

After an upgrade, you should do the following

  • This will check for any updates:
    • sudo apt-get update
  • This will install any updates that it found:
    • sudo apt upgrade
  • This will remove any packages no longer needed:
    • sudo apt-get autoremove 
  • Then check your application/services to make sure they are running and if there any errors fix it.

That’s it, hope this helps out someone out there, good luck

Common issues and solutions:

If you are remotely doing upgrade you will get this warning, if something goes wrong with your SSH connection while you are in the middle of an upgrade, then you would have issues getting into your server

You may have issues with PHP version, most likely you may have been running version 5.6, installing the PHP7.0 might fix your issues or newer version:

sudo apt-get install -y libapache2-mod-php7.0



How to secure your Ubuntu server

As you may know, already there are many ways to secure Ubuntu server based on your environment and version of OS. Double checking to be sure you are secure does not hurt at all, but don’t go overboard by locking your self from accessing own server. I have been working with Ubuntu server since Ubuntu 5.04 back in 2007, but have not done any post about it and was not using that much as I am now. Ubuntu Linux system has come a long way for sure, now even power users start using their desktop version. For the most part default security secures your server from any major attack to your server. There are many attacks are from within your own environments and some lazy admin or management who don’t want to pay for support or just keeps post ponding updates. Anyways here I have some list of tweaks I have been using and learning more from other Linux admins on internet.

Keep your server up to date:


sudo apt-get update This will search for an update of your current version and packages that in installed
sudo apt-get upgrade This will install the updates and packages
sudo apt-get dist-upgrade This will look for newer next LTS version

Check supported Releases:
https://wiki.ubuntu.com/Releases

Remove unnecessary packages

sudo apt-get auto-remove
sudo apt-get purge NameOfPackage

Enable built-in basic Uncomplicated Firewall (ufw): by allowing only need services name or ports

ufw allow ssh
ufw allow 80
ufw allow ftp

Disabled telnet: very old but have seen people still using it
apt-get remove telnet

Check for hidden open ports with:

netstat

Set a shorter timeout for root sessions

edit /etc/profiles
[ $UID -eq 0 ] && TMOUT=600.
The $UID -eq 0 part refers to the user with the ID of 0 — always root.
The TMOUT=600 or 900 part sets the timeout limit to 10-15 minutes (600-900 seconds)

Change default SSH port from 22 to something else and disable Root user:

Port 22 > Port 90xx or whatever port you want (don’t forget to add a new port to your firewall)
edit /etc/ssh/sshd_config:
PermitRootLogin yes > PermitRootLogin no

Limiting allowed users to login via SSH:

edit /etc/ssh/sshd_config to have ssh login for specific users
bottom of the file, add the line x=device you going to log in from IP or just type User1 User2, etc…
AllowUsers YourUserName@192.xxx.xxx.x
if you need to use a wildcard: to allow any username and from x=network:
AllowUsers @192.xxx.xxx.*

You could also add a Group:
Create group:
groupadd -r SSHGroupName

Add allowed group to /etc/ssh/sshd_config
AllowGroups SSHGroupName

Then add user to the group:
usermod -a -G SSHGroupName user1

service ssh restart

edit /etc/ssh/sshd_config to have ssh login for specific users
bottom of the file, add the line x=device you going to log in from IP
AllowUsers YourUserName@192.xxx.xxx.x
if you need to use a wildcard: to allow any username and from x=network:
AllowUsers @192.xxx.xxx.*

service ssh restart

Add Login Banner which displays before user login:

edit /etc/issue.net
add your own warning message whomever login can see

Then edit /etc/ssh/sshd_config and uncomment the line:
Banner /etc/issue.net

some more options to disable server info by comment out:

edit /etc/pam.d/sshd
session optional pam_motd.so motd=/run/motd.dynamic

network messages to allow or disable (like ICMP, redirects, SYN, etc..):
edit /etc/sysctl.conf

Blocking IP spoofing:


edit /etc/host.conf
change from “multi on” to “nospoof on”

To Turn off Server Signature:

edit /etc/apache2/apache2.conf and add these 2 lines at the end of the config file. Most cases user types wrong URL or by IP address, it display’s your web server info by default.
ServerSignature Off
ServerTokens Prod

service apache2 restart

Hide PHP Version

edit (your version of PHP maybe different) /etc/php/7.0/apache2/php.ini
expose_php = Off

You may have older version of PHP:
/etc/php5/apache2/php.ini
expose_php = Off

Also youcould add to your .htaccess file:
# Disable server signature
ServerSignature Off

will add more later on