====== Ticketsystem - Stand: 03-APR-2025 (bei Änderung bitte aktualisieren) ====== ===== Basisinformationen: ===== ^ Eigenschaft ^ Wert ^ | Systemart | virtualisiert | | Physischer Host FQDN | | | Virtueller Host FQDN | helpdesk.smns-bw.de (a-record) | | IP-Adresse (VM) | 192.168.1.155 | | Adresskonfigurationsart | statisch (innerhalb VM) | | | | WICHTIG: Bei Update der Pakete (apt update && apt upgrade) gehen die Änderungen in Kapitel "Eigenes CSS-Einfügen" verloren. Die "custom.css" bleibt erhalten, muss allerdings erneut mit "sudo zammad run rake assets:precompile" und anschließendem "sudo systemctl restart zammad" eingelesen werden. Die modifizierte "icons.svg" wird überschrieben und muss nochmal neu modifiziert werden. ===== Installation ===== Offizielle Installationsanleitung (via packetmanager): [[https://docs.zammad.org/en/latest/install/package.html|KLICK]] ([[https://docs.zammad.org/en/latest/install/package.html|https://docs.zammad.org/en/latest/install/package.html]]) Vorgehensweise (Beispiel mit Ubuntu 24.04): sudo apt install curl apt-transport-https gnupg wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list sudo apt-get update && sudo apt-get install elasticsearch #note down elasticsearch superuser password which is dumped to shell during installation of elasticsearch sudo sysctl -w vm.max_map_count=262144 sudo nano /etc/elasticsearch/elasticsearch.yml append... http.max_content_length: 400mb indices.query.bool.max_clause_count: 2000 sudo systemctl enable elasticsearch sudo systemctl start elasticsearch sudo apt install locales sudo locale-gen en_US.UTF-8 echo "LANG=en_US.UTF-8"> sudo /etc/default/locale curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \ gpg --dearmor | sudo tee /etc/apt/keyrings/pkgr-zammad.gpg> /dev/null echo "deb [signed-by=/etc/apt/keyrings/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 24.04 main"| \ sudo tee /etc/apt/sources.list.d/zammad.list> /dev/null sudo apt update sudo apt install zammad sudo zammad run rails r "Setting.set('es_url', 'https://localhost:9200')" sudo zammad run rails r "Setting.set('es_user', 'elastic')" sudo zammad run rails r "Setting.set('es_password', '')" #replace with above noted elasticsearch superuser password sudo cat /etc/elasticsearch/certs/http_ca.crt #copy and temporary save the certificate (with the delimiters) sudo cp /opt/zammad/contrib/nginx/zammad.conf /etc/nginx/sites-available/zammad.conf sudo rm /etc/nginx/sites-enabled/default sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.old sudo systemctl restart nginx # complete initial login via zammad-webui and add previously copied certificate under "Security> SSL Certificates" sudo zammad run rake zammad:searchindex:rebuild sudo systemctl restart elasticsearch ===== Selbst-signiertes HTTPS/SSL/TLS-Zertifikate erstellen und einspeisen ===== sudo openssl genrsa -des3 -out selfsigned_rootca.key 4096 # creates new root-CA (key) sudo openssl req -x509 -new -nodes -key selfsigned_rootca.key -sha256 -days 1825 -out selfsigned_rootca.pem # creates certificate for the new CA sudo openssl genrsa -out helpdesk.smns-bw.de_key.key 4096 # creates a new key (for the SSL-certificate) sudo openssl req -new -key helpdesk.smns-bw.de_key.key -out helpdesk.smns-bw.de_request.csr # creates certificate signing request file for the SSL-certificate: use zammad instance FQDN for common name sudo nano helpdesk.smns-bw.de_requestextfile.ext # creates certificate signing request extension file ...put in... authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment subjectAltName=@alt_names [alt_names] DNS.1=helpdesk.smns-bw.de sudo openssl x509 -req -in helpdesk.smns-bw.de_request.csr -CA selfsigned_rootca.pem -CAkey selfsigned_rootca.key -CAcreateserial -out helpdesk.smns-bw.de_key.crt -days 1825 -sha256 -extfile helpdesk.smns-bw.de_requestextfile.ext # creates and signes SSL-certificate with the root-CA-cert. sudo cp /opt/zammad/contrib/nginx/zammad_ssl.conf /etc/nginx/sites-available/zammad.conf sudo nano /etc/nginx/sites-available/zammad.conf ...replace value of any server_name directive with actual FQDN (helpdesk.smns-bw.de)! ...replace value of ssl_certificate directive with path to previously generated certificate (e.g. /home/nooba/webserver_certificate/helpdesk.smns-bw.de_key.crt)! ...replace value of ssl_certificate_key directive with path to previously generated key (e.g. /home/nooba/webserver_certificate/helpdesk.smns-bw.de_key.key)! ...look for path of ssl-configuration file inside the zammad.conf (value of ssl_dhparam directive, e.g. /etc/ssl/dhparam.pem)! sudo openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 4096 sudo nano /etc/nginx/sites-available/zammad.conf ...go to https://cipherlist.eu/ and adjust ssl security settings accordingly. ...however set ssl_stapling off and ssl_stapling_verify off and comment ssl_trusted_certificate out! ===== Eigenes CSS-Einfügen ===== sudo nano /opt/zammad/app/assets/stylesheets/custom/custom.css sudo chown zammad:zammad /opt/zammad/app/assets/stylesheets/custom/custom.css sudo zammad run rake assets:precompile sudo systemctl restart zammad --- Replace logo/svg on top left corner: SVG-collection file is located at... /opt/zammad/public/assets/images/icons.svg Inside the file replace symbol with id... icon-logo ...with... ==== Derzeitiger "custom.css"-Inhalt ==== /*wheel of color*/ :root { --smns-green: #93BF1F; --vitriol-green: #58887b; --dark-vitriol-green: #34413d; --bordeaux-red: #641C34; --flarum-green: #88936c; --near-white-a: hsl(210, 17%, 98%); --near-white-b: #f1f1f1; --near-black-a: hsl(233, 9%, 19%); } /*light mode color definitions*/ :root[data-theme="light"] { /*custom added variables*/ --custom-themecolor: var(--smns-green); /*pre-existing variables*/ --menu-background-active: var(--near-black-a); --menu-background-primary: var(--near-white-a); --menu-background-secondary: var(--custom-themecolor); --text-link: var(--near-black-a); --text-nav: var(--near-black-a); --menu-text: var(--near-black-a); } /*dark mode color definitions*/ :root[data-theme="dark"] { /*custom added variables*/ --custom-themecolor: var(--vitriol-green); /*pre-existing variables*/ --menu-background-active: var(--dark-vitriol-green); --menu-background-secondary: var(--dark-vitriol-green); --background-active: var(--custom-themecolor); --text-normal: var(--flarum-green); --text-link: var(--flarum-green); --text-nav: var(--near-white-b); --menu-text: var(--near-white-b); } /*all mode color definitions*/ :root { /*custom added variables*/ --custom-textcolor: var(--near-white-b); /*pre-existing variables*/ --danger-color: var(--bordeaux-red); --highlight: var(--custom-themecolor); --menu-icon-secondary: var(--custom-themecolor); --menu-icon-secondary-hover-background: var(--custom-themecolor); --button-primary-background: var(--custom-themecolor); --supergood-color: var(--custom-themecolor); } /*svg / clickable icons*/ #icon-mood-supergood path, #icon-mood-supergood g, #icon-signout path, #icon-signout g, #icon-plus path, #icon-plus g, #icon-report path, #icon-report g, #icon-cog path, #icon-cog g { fill: inherit; } .icon-mood-supergood use, .icon-signout use, .icon-plus use, .icon-report use, .icon-cog use { fill: var(--custom-themecolor); } ul.user-menu.navbar-items-personal> li:hover> a use { fill: var(--menu-background-primary); } .list-button.fit.horizontal.centered::before { background-color: var(--custom-themecolor) !important; } /*buttons*/ a.btn.btn--success.btn--quad { background-color: var(--menu-background-primary); } .btn--quad, .btn--success, .btn--create { background-color: var(--custom-themecolor); } .btn--text.btn--create { color: var(--custom-textcolor) !important; } .tasks-navigation .nav-tab:not(.is-active) { background-color: var(--background-primary-alt); } .tasks-navigation .nav-tab:not(.is-active):hover { background-color: var(--menu-background-primary); } /*global search bar*/ #global-search { background-color: var(--background-primary-alt); } ==== Zammad favicon.ico ersetzen ==== sudo nano /etc/nginx/sites-available/zammad.conf ...inside server{}-block for HTTPS (when https is enables ofc.), modify the "location = /favicon.ico"-location... location = /favicon.ico { access_log off; log_not_found off; alias /opt/zammad/app/assets/stylesheets/custom/smns-favicon.ico; } ...and put a favicon-file with same name to the mentioned location. ===== Firewall-Regeln setzen ===== sudo apt update && sudo apt install ufw sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 22 sudo ufw allow 80 sudo ufw allow 443 sudo ufw enable sudo ufw reload ===== Ticketsystem konfigurieren ===== Instanzbackup (Benutzerdaten+Backup) vom 22.01.2025:\\ + [[https://itwiki.smns-bw.org/_media/it/software/zammad_backup_2.001.7z|https://itwiki.smns-bw.org/_media/it/software/zammad_backup_2.001.7z]]\\ + [[https://itwiki.smns-bw.org/_media/it/software/zammad_backup_2.002.7z|https://itwiki.smns-bw.org/_media/it/software/zammad_backup_2.002.7z]] Einstellungsübersicht im Textformat: + [[https://itwiki.smns-bw.org/_media/it/software/ttsyscfg.7z|https://itwiki.smns-bw.org/_media/it/software/ttsyscfg.7z]] ===== Gruppennamen übersetzbar machen ===== "Gruppen" sind in Zammad ja sozusagen Abteilungen, an die Tickets gesendet werden. Standardmäßig können diese nicht durch das Übersetzungstool von Zammad übersetzt werden. Damit dies möglich ist muss man folgendes auf der Kommandozeile des Servers machen: sudo zammad run rails c ObjectManager::Attribute.for_object('Ticket').find_by(name: 'group_id').tap { _1['data_option']['translate'] = true; _1.save! } Danach kann man über das Einstellungsmenü > Übersetzungen eigene Übersetzungen für die Gruppennamen festlegen. ===== Datenschutz ===== Nach der Verfahrensbeschreibung gem. Artikel 30 Abs. 1 DSGVO (Stand APR-2025) sind geschlossene Tickets nach 9 Monaten zu löschen. * [[https://itwiki.smns-bw.org/_media/it/software/ticketsystem_vvt_smns.docx|Verfahrensbeschreibung (Stand APR-2025)]] * Dienstvereinbarung Personalrat (Noch hinzuzufügen) Dazu gibt es in der "zammadeigenen" Aufgabenplanung eine wiederkehrende Aufgabe, die jeden Freitag um 16 Uhr (Zeitzone Berlin) durchgeführt wird: {{:it:software:e00bb70794faa740201950cafc812695.png}}