Skip to main content

Helpdesk (Zammad)

This document contains all necessary steps to successfully clone zammad (an open source helpdesk and ticketing system) and deploy it using https. It also contains steps to configure OIDC and also keycloak.

  • [Clone zammad deployment repository from Github] git clone https://github.com/zammad/zammad-docker-compose

  • [Install nginx on host VM] sudo apt install nginx

  • [Configure nginx reverse proxy for zammad] Let's assume that the domain is people-helpdesk.westeurope.cloudapp.azure.com and we already have created an SSL certificate using lets encrypt. Execute the following steps as root.

  1. cd /etc/nginx/sites-available/zammad.conf
  2. vim zammad.conf
  3. Copy and paste the nginx configuration in the file

Nginx SSL Configuration

server {
    listen 80;
    server_name people-helpdesk.westeurope.cloudapp.azure.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name people-helpdesk.westeurope.cloudapp.azure.com;

    ssl_certificate /etc/letsencrypt/live/people-helpdesk.westeurope.cloudapp.azure.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/people-helpdesk.westeurope.cloudapp.azure.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8080;


        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
  1. ln -s /etc/nginx/sites-available/zammad.conf /etc/nginx/sites-enabled/
  2. nginx -t
  3. systemctl reload nginx

A few important notes: The symbolic link is necessary to create because nginx is configured to always look at the sites-enabled directory and not on the sites-available. Please keep this convention. The 5th step is used to check that nginx compiles with no errors and the 6th step is used to reload nginx in order to apply the new settings.

  1. Make sure that zammad is listening curl -I http://127.0.0.1:8080

Disable VM Firewall: In very unlikely situations the VM ports 80 and 443 might be disabled. Run the following commands as root to verify that this is not the case

  1. ufw status

We need: 80/tcp ALLOW 443/tcp ALLOW

  1. Verify that nginx is listening on 80 and 443 ss -tlnp | grep nginx
  2. Make sure that ports 443 and 80 are enabled on Azure

Note that port 80 must be enabled to allow lets encrypt to automatically refresh the certificate every month. Nginx will always gracefully handle http traffic on port 80 and reroute it in the secure https 443 port.