From b29d18c8642037809dcad077e6e71e94566cbd6b Mon Sep 17 00:00:00 2001 From: Thibodeau Bruno Date: Tue, 21 Jun 2022 10:46:10 -0400 Subject: [PATCH] first --- CHANGELOG.md | 133 ++ Dockerfile | 93 + LICENSE | 21 + README.md | 174 ++ examples/docker-compose.yml | 90 + install/assets/cron/osticket.txt | 1 + install/assets/msmtp/msmtp.conf | 23 + install/assets/setup/install.php | 165 ++ install/etc/cont-init.d/30-osticket | 66 + install/etc/nginx/conf.d/default.conf | 56 + zabbix_templates/app_nginx.xml | 541 +++++ zabbix_templates/app_php_fpm7.xml | 724 +++++++ zabbix_templates/app_php_opcache.xml | 2022 +++++++++++++++++++ zabbix_templates/zabbix_agent_container.xml | 515 +++++ 14 files changed, 4624 insertions(+) create mode 100644 CHANGELOG.md create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100644 examples/docker-compose.yml create mode 100644 install/assets/cron/osticket.txt create mode 100644 install/assets/msmtp/msmtp.conf create mode 100644 install/assets/setup/install.php create mode 100755 install/etc/cont-init.d/30-osticket create mode 100644 install/etc/nginx/conf.d/default.conf create mode 100644 zabbix_templates/app_nginx.xml create mode 100644 zabbix_templates/app_php_fpm7.xml create mode 100644 zabbix_templates/app_php_opcache.xml create mode 100644 zabbix_templates/zabbix_agent_container.xml diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..6a93a69 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,133 @@ +## 3.4.0 2021-11-23 + + ### Added + - OSTIcket 1.15.4 + - Debian Bullseye base + + +## 3.3.3 2021-09-06 + + ### Fixed + - Fix spelling mistake in Dockerfile for archiver plugin + +## 3.3.2 2021-08-11 + + ### Fixed + - Clean NGINX_WEBROOT extra /www/ prefix from crontab + +## 3.3.1 2021-08-11 + + ### Changed + - Cleanup composer cache + - Cleanup Debian package cache to reduce image size + + +## 3.3.0 2021-08-11 + + ### Added + - Switch from Alpine to Debian base due to musl not supporting some functions OSTicket requires + - Upgrade OSTicket to 1.15.3 + - PHP 7.4 + + +## 3.2.1 2021-02-16 + + ### Fixed + - Removed erroneous argument in cron job + + +## 3.2.0 2020-06-15 + + ### Added + - Update to support tiredofit/alpine 5.x.x base images + + +## 3.1.2 2020-01-02 + + ### Changed + - Switch to php7-pecl-memcached + + +## 3.1.1 2020-01-02 + + ### Changed + - Additional Changes to support new tiredofit/alpine base image + + +## 3.1.0 2019-12-29 + + ### Added + - Support new tiredofit/nginx and tireofit/alpine base images + + +## 3.0.2 2019-12-17 + + ### Added + - OSTicket 1.14.1 + - Refactored to support new tiredofit/nginx-php-fpm base image + + +## 3.0.1 2019-11-12 + +* OSTicket 1.14-rc2 + +## 3.0 2019-09-12 + +* Modernize Image +* Added many plugins +* OSTicket 1.14rc1 +* PHP 7.3 +* Alpine 3.10 + +## 2.8 2018-02-01 + +* Pull sources from Github instead of mainwebsite +* Compile auth-ldap plugin + +## 2.7 2018-02-01 + +* Rebase + +## 2.6 2017-10-05 + +* Fix Broken Detection of new install + +## 2.5 2017-08-29 + +* Image Cleanup + +## 2.4 2017-07-06 + +* Added PHP_TIMEOUT + +## 2.3 2017-07-03 + +* Added PHP7-IMAP + +## 2.2 2017-07-02 + +* Build PHP7 Memcached Extension + +## 2.1 2017-07-02 + +* Sanity Checks in init scripts + +## 2017-06-17 2.0 + +* Rebase with nginx-php-fpm:7.0 with s6 + +## 2017-05-27 1.0 + +* Production Stable +* Memcached Capable for Sessions +* Reset Admin Password if ENV Set upon Bootup + + +## 2017-05-27 0.9 + +* Initial Release +* OSTicket 1.10 +* Alpine:3.5 +* PHP7 +* Zabbix + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ec91fc6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,93 @@ +FROM docker.io/tiredofit/nginx-php-fpm:debian-7.4-bullseye +LABEL maintainer="Dave Conroy (github.com/tiredofit)" + +### Default Runtime Environment Variables +ENV OSTICKET_VERSION=v1.16.3 \ + DB_PREFIX=ost_ \ + DB_PORT=3306 \ + CRON_INTERVAL=10 \ + MEMCACHE_PORT=11211 \ + PHP_ENABLE_FILEINFO=TRUE \ + PHP_ENABLE_IMAP=TRUE \ + PHP_ENABLE_LDAP=TRUE \ + PHP_ENABLE_MYSQLI=TRUE \ + PHP_ENABLE_SESSION=TRUE \ + PHP_ENABLE_CREATE_SAMPLE_PHP=FALSE \ + PHP_ENALBLE_ZIP=TRUE \ + NGINX_WEBROOT=/www/osticket \ + ZABBIX_AGENT_TYPE=classic \ + CONTAINER_NAME=osticket-app + +### Dependency Installation +RUN set -x && \ + apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y \ + git \ + libldap-common \ + openssl \ + php${PHP_BASE}-memcached \ + tar \ + wget \ + zlib1g \ + && \ + \ +### Download & Prepare OSTicket for Install + git clone https://github.com/osTicket/osTicket /usr/src/osticket && \ + git -C /usr/src/osticket checkout ${OSTICKET_VERSION} && \ + mkdir -p /assets/install && \ + mv /usr/src/osticket/* /assets/install && \ + chown -R nginx:www-data /assets/install && \ + chmod -R a+rX /assets/install/ && \ + chmod -R u+rw /assets/install/ && \ + mv /assets/install/setup /assets/install/setup_hidden && \ + chown -R root:root /assets/install/setup_hidden && \ + chmod 700 /assets/install/setup_hidden && \ + \ +# Setup Official Plugins + git clone -b develop https://github.com/osTicket/osTicket-plugins /usr/src/plugins && \ + cd /usr/src/plugins && \ + php make.php hydrate && \ + for plugin in $(find * -maxdepth 0 -type d ! -path doc ! -path lib); do cp -r ${plugin} /assets/install/include/plugins; done; \ + cp -R /usr/src/plugins/*.phar /assets/install/include/plugins/ && \ + cd / && \ + \ +# Add Community Plugins + ## Archiver + git clone https://github.com/clonemeagain/osticket-plugin-archiver /assets/install/include/plugins/archiver && \ + ## Attachment Preview + git clone https://github.com/clonemeagain/attachment_preview /assets/install/include/plugins/attachment-preview && \ + ## Auto Closer + git clone https://github.com/clonemeagain/plugin-autocloser /assets/install/include/plugins/auto-closer && \ + ## Fetch Note + git clone https://github.com/bkonetzny/osticket-fetch-note /assets/install/include/plugins/fetch-note && \ + ## Field Radio Buttons + git clone https://github.com/Micke1101/OSTicket-plugin-field-radiobuttons /assets/install/include/plugins/field-radiobuttons && \ + ## Mentioner + git clone https://github.com/clonemeagain/osticket-plugin-mentioner /assets/install/include/plugins/mentioner && \ + ## Multi LDAP Auth + git clone https://github.com/philbertphotos/osticket-multildap-auth /assets/install/include/plugins/multi-ldap && \ + mv /assets/install/include/plugins/multi-ldap/multi-ldap/* /assets/install/include/plugins/multi-ldap/ && \ + rm -rf /assets/install/include/plugins/multi-ldap/multi-ldap && \ + ## Prevent Autoscroll + git clone https://github.com/clonemeagain/osticket-plugin-preventautoscroll /assets/install/include/plugins/prevent-autoscroll && \ + ## Rewriter + git clone https://github.com/clonemeagain/plugin-fwd-rewriter /assets/install/include/plugins/rewriter && \ + ## Slack + git clone https://github.com/clonemeagain/osticket-slack /assets/install/include/plugins/slack && \ + ## Teams (Microsoft) + git clone https://github.com/ipavlovi/osTicket-Microsoft-Teams-plugin /assets/install/include/plugins/teams && \ + \ +### Log Miscellany Installation + touch /var/log/msmtp.log && \ + chown nginx:www-data /var/log/msmtp.log && \ + \ +## Cleanup + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + rm -rf /tmp/* && \ + rm -rf /usr/src/* && \ + rm -rf /root/.composer/cache + +### Add Files +ADD install / diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6a30d48 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2019 Dave Conroy + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..e10e0a5 --- /dev/null +++ b/README.md @@ -0,0 +1,174 @@ +# github.com/tiredofit/docker-osticket + +[![GitHub release](https://img.shields.io/github/v/tag/tiredofit/docker-osticket?style=flat-square)](https://github.com/tiredofit/docker-osticket/releases/latest) +[![Build Status](https://img.shields.io/github/workflow/status/tiredofit/docker-osticket/build?style=flat-square)](https://github.com/tiredofit/docker-osticket/actions?query=workflow%3Abuild) +[![Docker Stars](https://img.shields.io/docker/stars/tiredofit/osticket.svg?style=flat-square&logo=docker)](https://hub.docker.com/r/tiredofit/osticket/) +[![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/osticket.svg?style=flat-square&logo=docker)](https://hub.docker.com/r/tiredofit/osticket/) +[![Become a sponsor](https://img.shields.io/badge/sponsor-tiredofit-181717.svg?logo=github&style=flat-square)](https://github.com/sponsors/tiredofit) +[![Paypal Donate](https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal&style=flat-square)](https://www.paypal.me/tiredofit) + +* * * +## About + +This will build a Docker Image for [OSTicket](https://www.osticket.org) - An open source helpdesk / ticketing system. + +* Automatically installs and sets up installation upon first start + +## Maintainer + +- [Dave Conroy](https://github.com/tiredofit) + +## Table of Contents + + +- [About](#about) +- [Maintainer](#maintainer) +- [Table of Contents](#table-of-contents) +- [Prerequisites and Assumptions](#prerequisites-and-assumptions) +- [Installation](#installation) + - [Build from Source](#build-from-source) + - [Prebuilt Images](#prebuilt-images) +- [Configuration](#configuration) + - [Quick Start](#quick-start) + - [Persistent Storage](#persistent-storage) + - [Environment Variables](#environment-variables) + - [Base Images used](#base-images-used) + - [Networking](#networking) +- [Maintenance](#maintenance) + - [Shell Access](#shell-access) +- [Support](#support) + - [Usage](#usage) + - [Bugfixes](#bugfixes) + - [Feature Requests](#feature-requests) + - [Updates](#updates) +- [License](#license) +- [References](#references) + +## Prerequisites and Assumptions +* Assumes you are using some sort of SSL terminating reverse proxy such as: + * [Traefik](https://github.com/tiredofit/docker-traefik) + * [Nginx](https://github.com/jc21/nginx-proxy-manager) + * [Caddy](https://github.com/caddyserver/caddy) +* Requires access to a MySQL/MariaDB Server + +## Installation + +### Build from Source +Clone this repository and build the image with `docker build -t (imagename) .` + +### Prebuilt Images +Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/osticket) and is the recommended method of installation. + +```bash +docker pull tiredofit/osticket:(imagetag) +``` + +The following image tags are available along with their tagged release based on what's written in the [Changelog](CHANGELOG.md): + +| Container OS | Tag | +| ------------ | --------- | +| Debian | `:latest` | + +## Configuration + +### Quick Start + +- The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working [docker-compose.yml](examples/docker-compose.yml) that can be modified for development or production use. + +- Set various [environment variables](#environment-variables) to understand the capabilities of this image. +- Map [persistent storage](#data-volumes) for access to configuration and data files for backup. +- Make [networking ports](#networking) available for public access if necessary + +**The first boot can take from 2 minutes - 5 minutes depending on your CPU to setup the proper schemas.** + +- Login to the web server and enter in your admin email address, admin password and start configuring the system! + +### Persistent Storage +The following directories are used for configuration and can be mapped for persistent storage. + +| Directory | Description | +| --------------- | ------------------------------------------------------------------------------------------- | +| `/www/osticket` | (Not needed as we want to keep base clean, move to a custom/assets approach) Root Directory | +| `/www/logs` | Nginx and php-fpm logfiles | + +### Environment Variables + +#### Base Images used + +This image relies on an [Alpine Linux](https://hub.docker.com/r/tiredofit/alpine) or [Debian Linux](https://hub.docker.com/r/tiredofit/debian) base image that relies on an [init system](https://github.com/just-containers/s6-overlay) for added capabilities. Outgoing SMTP capabilities are handlded via `msmtp`. Individual container performance monitoring is performed by [zabbix-agent](https://zabbix.org). Additional tools include: `bash`,`curl`,`less`,`logrotate`,`nano`,`vim`. + +Be sure to view the following repositories to understand all the customizable options: + +| Image | Description | +| ------------------------------------------------------------- | -------------------------------------- | +| [OS Base](https://github.com/tiredofit/docker-debian/) | Customized Image based on Debian Linux | +| [Nginx](https://github.com/tiredofit/docker-nginx/) | Nginx webserver | +| [PHP-FPM](https://github.com/tiredofit/docker-nginx-php-fpm/) | PHP Interpreter | + + +| Parameter | Description | default | +| ----------------- | --------------------------------------------------------------------------- | ----------------------- | +| `INSTALL_SECRET` | A Large and Random Installation String (Auto Generates on Install if empty) | | +| `INSTALL_EMAIL` | Installer Email (Use different email then ADMIN_EMAIL) | `helpdesk@example.com` | +| `INSTALL_NAME` | Site Name | `My Helpdesk` | +| `ADMIN_FIRSTNAME` | First name of Admin User | | +| `ADMIN_LASTNAME` | Last name of Admin User | | +| `ADMIN_EMAIL` | Admin Email address (Make sure it is different than INSTALL_EMAIL) | | +| `ADMIN_USER` | Admin Username | | +| `ADMIN_PASS` | Admin Password | | +| `CRON_PERIOD` | Amount of time in Minutes to Check Incoming Mail | `10` | +| `DB_HOST` | Host or container name of MariaDB Server e.g. `osticket-db` | | +| `DB_PORT` | MariaDB Port | `3306` | +| `DB_NAME` | MariaDB Database name e.g. `osticket` | | +| `DB_USER` | MariaDB Username for above Database e.g. `osticket` | | +| `DB_PASS` | MariaDB Password for above Database e.g. `password` | | +| `DB_PREFIX` | Prefix for Tables | `ost_` | +| `SMTP_HOST` | SMTP Host | `postfix` | +| `SMTP_PORT` | SMTP Host Port | `25` | +| `SMTP_FROM` | SMTP From Address | `osticket@hostname.com` | +| `SMTP_TLS` | Should TLS be used (`0`=no `1`=yes) | `1` | +| `SMTP_USER` | SMTP Authentication user | | +| `SMTP_PASS` | SMTP Authentication password | | + +### Networking + +The following ports are exposed. + +| Port | Description | +| ---- | ----------- | +| `80` | HTTP | + +* * * +## Maintenance + +### Shell Access + +For debugging and maintenance purposes you may want access the containers shell. + +``bash +docker exec -it (whatever your container name is) bash +`` +## Support + +These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community. +### Usage +- The [Discussions board](../../discussions) is a great place for working with the community on tips and tricks of using this image. +- Consider [sponsoring me](https://github.com/sponsors/tiredofit) personalized support. +### Bugfixes +- Please, submit a [Bug Report](issues/new) if something isn't working as expected. I'll do my best to issue a fix in short order. + +### Feature Requests +- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline. +- Consider [sponsoring me](https://github.com/sponsors/tiredofit) regarding development of features. + +### Updates +- Best effort to track upstream changes, More priority if I am actively using the image in a production environment. +- Consider [sponsoring me](https://github.com/sponsors/tiredofit) for up to date releases. + +## License +MIT. See [LICENSE](LICENSE) for more details. + +## References + +* https://osticket.org + diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml new file mode 100644 index 0000000..a4844c1 --- /dev/null +++ b/examples/docker-compose.yml @@ -0,0 +1,90 @@ +version: '3.7' +services: + + osticket-app: + image: tiredofit/osticket + container_name: osticket-app + labels: + - traefik.enable=true + - traefik.frontend.rule=Host:url.example.com + - traefik.port=80 + - traefik.protocol=http + - traefik.docker.network=proxy + - traefik.backend=osticket-app + volumes: + - ./data/:/www/osticket + - ./logs/:/www/logs + environment: + - CONTAINER_NAME=osticket-app + + - CRON_PERIOD=10 + + - DB_HOST=osticket-db + - DB_NAME=osticket + - DB_USER=osticket + - DB_PASS=password + + - SMTP_HOST=localhost + - SMTP_PORT=25 + - SMTP_FROM=osticket@example.com + - SMTP_TLS=0 + - SMTP_USER=osticket@example.com + - SMTP_PASS=password + + - INSTALL_SECRET=somerandomlargecharacterstring + - INSTALL_EMAIL=osticket@example.com + - INSTALL_NAME=OSTicket Helpdesk + + - ADMIN_FIRSTNAME=Admin + - ADMIN_LASTNAME=User + - ADMIN_EMAIL=admin@example.com + - ADMIN_USER=ostadmin + - ADMIN_PASS=Password123 + networks: + - proxy + - services + restart: always + + osticket-db: + image: tiredofit/mariadb + container_name: osticket-db + volumes: + - /var/local/db/osticket:/var/lib/mysql + environment: + - ROOT_PASS=securepassword + - DB_NAME=osticket + - DB_USER=osticket + - DB_PASS=password + + - CONTAINER_NAME=osticket-db + networks: + - services + restart: always + + osticket-db-backup: + container_name: osticket-db-backup + image: tiredofit/mariadb-backup + links: + - osticket-db + volumes: + - ./dbbackup:/backup + environment: + - DB_HOST=osticket-db + - DB_TYPE=mariadb + - DB_NAME=osticket + - DB_USER=osticket + - DB_PASSWORD=userpassword + - DB_DUMP_FREQ=1440 + - DB_DUMP_BEGIN=0000 + - DB_CLEANUP_TIME=8640 + - COMPRESSION=BZ + networks: + - services + restart: always + +networks: + proxy: + external: true + services: + external: true + diff --git a/install/assets/cron/osticket.txt b/install/assets/cron/osticket.txt new file mode 100644 index 0000000..ada2a27 --- /dev/null +++ b/install/assets/cron/osticket.txt @@ -0,0 +1 @@ +*/ * * * * TZ=${TIMEZONE} php -q ${NGINX_WEBROOT}/api/cron.php >/dev/null 2>&1 diff --git a/install/assets/msmtp/msmtp.conf b/install/assets/msmtp/msmtp.conf new file mode 100644 index 0000000..fb72fff --- /dev/null +++ b/install/assets/msmtp/msmtp.conf @@ -0,0 +1,23 @@ +# msmtp configuration template +# +# This is populated and saved as /etc/msmtp when image starts +# + +# Default settings +defaults + logfile /var/log/msmtp.log + +# OSTicket account +account osticket + protocol smtp + host %SMTP_HOSTNAME% + tls %SMTP_TLS% + tls_trust_file %SMTP_TLS_CERTS% + port %SMTP_PORT% + auth %SMTP_AUTH% + user %SMTP_USER% + password %SMTP_PASS% + from %SMTP_FROM% + +# If you don't use the '-a' parameter in your command line, the default account will be used. +account default: osticket diff --git a/install/assets/setup/install.php b/install/assets/setup/install.php new file mode 100644 index 0000000..dec295d --- /dev/null +++ b/install/assets/setup/install.php @@ -0,0 +1,165 @@ + getenv("INSTALL_NAME") ?: 'My Helpdesk', + 'email' => getenv("INSTALL_EMAIL") ?: 'helpdesk@example.com', + 'url' => getenv("INSTALL_URL") ?: 'http://localhost', + 'fname' => getenv("ADMIN_FIRSTNAME"), + 'lname' => getenv("ADMIN_LASTNAME"), + 'admin_email' => getenv("ADMIN_EMAIL"), + 'username' => getenv("ADMIN_USER"), + 'passwd' => getenv("ADMIN_PASS"), + 'passwd2' => getenv("ADMIN_PASS"), + 'prefix' => getenv("DB_PREFIX") ?: 'ost_', + 'dbhost' => getenv("DB_HOST"), + 'dbname' => getenv("DB_NAME"), + 'dbuser' => getenv("DB_USER"), + 'dbport' => getenv("DB_PORT") ?: '3306', + 'dbpass' => getenv("DB_PASS") ?: getenv("DB_PASS"), + 'smtp_host' => getenv("SMTP_HOST") ?: 'postfix-relay', + 'smtp_port' => getenv("SMTP_PORT") ?: 25, + 'smtp_from' => getenv("SMTP_FROM"), + 'smtp_tls' => getenv("SMTP_TLS"), + 'smtp_tls_certs' => getenv("SMTP_TLS_CERTS") ?: '/etc/ssl/certs/ca-certificates.crt', + 'smtp_user' => getenv("SMTP_USER"), + 'smtp_pass' => getenv("SMTP_PASSWORD"), + 'cron_interval' => getenv("CRON_INTERVAL") ?: 5, + 'siri' => getenv("INSTALL_SECRET"), + 'config' => getenv("INSTALL_CONFIG") ?: '/include/ost-sampleconfig.php' +); + +//Script settings +define('CONNECTION_TIMEOUT_SEC', 180); +function err( $msg) { + fwrite(STDERR, "$msg\n"); + exit(1); +} +function boolToOnOff($v) { + return ((boolean) $v) ? 'on' : 'off'; +} +function convertStrToBool($varName, $default) { + global $vars; + if ($vars[$varName] != '') { + return $vars[$varName] == '1'; + } + return $default; +} + +// Override Helpdesk URL. Only applied during database installation. +define("URL",$vars['url']); + +//Require files (must be done before any output to avoid session start warnings) +chdir("/setup_hidden"); +require "/setup_hidden/setup.inc.php"; +require_once INC_DIR.'class.installer.php'; + + +/************************* Mail Configuration *******************************************/ +define('MAIL_CONFIG_FILE','/etc/msmtp'); + +echo "** [osticket] Configuring mail settings\n"; +if (!$mailConfig = file_get_contents('/assets/msmtp/msmtp.conf')) { + err("** [osticket] Failed to load mail configuration file"); +}; +$mailConfig = str_replace('%SMTP_HOSTNAME%', $vars['smtp_host'], $mailConfig); +$mailConfig = str_replace('%SMTP_PORT%', $vars['smtp_port'], $mailConfig); +$v = !empty($vars['smtp_from']) ? $vars['smtp_from'] : $vars['smtp_user']; +$mailConfig = str_replace('%SMTP_FROM%', $v, $mailConfig); +$mailConfig = str_replace('%SMTP_USER%', $vars['smtp_user'], $mailConfig); +$mailConfig = str_replace('%SMTP_PASS%', $vars['smtp_pass'], $mailConfig); +$mailConfig = str_replace('%SMTP_TLS_CERTS%', $vars['smtp_tls_certs'], $mailConfig); + +$mailConfig = str_replace('%SMTP_TLS%', boolToOnOff(convertStrToBool('smtp_tls',true)), +$mailConfig); +$mailConfig = str_replace('%SMTP_AUTH%', boolToOnOff($vars['smtp_user'] != ''), $mailConfig); + +if (!file_put_contents(MAIL_CONFIG_FILE, $mailConfig) || !chown(MAIL_CONFIG_FILE,'nginx') + || !chgrp(MAIL_CONFIG_FILE,'www-data') || !chmod(MAIL_CONFIG_FILE,0600)) { + err("Failed to write mail configuration file"); +} + + +/************************* OSTicket Installation *******************************************/ + +//Create installer class +define('OSTICKET_CONFIGFILE','/include/ost-config.php'); +$installer = new Installer(OSTICKET_CONFIGFILE); //Installer instance. + + +// Always set mysqli.default_port for osTicket db_connect +ini_set('mysqli.default_port', $vars['dbport']); + +//Check database installation status +$db_installed = false; +echo "** [osticket] DB - Connecting to database mysql://${vars['dbuser']}@${vars['dbhost']}/${vars['dbname']}\n"; +if (!db_connect($vars['dbhost'],$vars['dbuser'],$vars['dbpass'])) + err(sprintf(__('** [osticket] Unable to connect to MySQL server: %s'), db_connect_error())); +elseif(explode('.', db_version()) < explode('.', $installer->getMySQLVersion())) + err(sprintf(__('** [osticket] osTicket requires MySQL %s or later!'),$installer->getMySQLVersion())); +elseif(!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { + err("** [osticket] Database doesn't exist"); +} elseif(!db_select_database($vars['dbname'])) { + err('** [osticket] Unable to select the database'); +} else { + $sql = 'SELECT * FROM `'.$vars['prefix'].'config` LIMIT 1'; + if(db_query($sql, false)) { + $db_installed = true; + echo "** [osticket] Database already installed\n"; + } +} + +//Create secret if not set by env var and not previously stored +DEFINE('SECRET_FILE','/secret.txt'); +if (!$vars['siri']) { + if (file_exists(SECRET_FILE)) { + echo "** [osticket] DB - Loading installation secret\n"; + $vars['siri'] = file_get_contents(SECRET_FILE); + } else { + echo "** [osticket] DB - Generating new installation secret and saving\n"; + //Note that this randomly generated value is not intended to secure production sites! + $vars['siri'] = +substr(str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890_="), 0, 64); + file_put_contents(SECRET_FILE, $vars['siri']); + } +} else { + echo "** [osticket] DB - Using installation secret from INSTALL_SECRET environmental variable\n"; +} + +//Always rewrite config file in case MySQL details changed (e.g. ip address) +echo "** [osticket] DB - Updating configuration file\n"; +if (!$configFile = file_get_contents($vars['config'])) { + err("** [osticket] DB - Failed to load configuration file: {$vars['config']}"); +}; +$configFile= +str_replace("define('OSTINSTALLED',FALSE);","define('OSTINSTALLED',TRUE);",$configFile); +$configFile= str_replace('%ADMIN-EMAIL',$vars['admin_email'],$configFile); +$configFile= str_replace('%CONFIG-DBHOST',$vars['dbhost'],$configFile); +$configFile= str_replace('%CONFIG-DBNAME',$vars['dbname'],$configFile); +$configFile= str_replace('%CONFIG-DBUSER',$vars['dbuser'],$configFile); +$configFile= str_replace('%CONFIG-DBPASS',$vars['dbpass'],$configFile); +$configFile= str_replace('%CONFIG-PREFIX',$vars['prefix'],$configFile); +$configFile= str_replace('%CONFIG-SIRI',$vars['siri'],$configFile); + +if (!file_put_contents($installer->getConfigFile(), $configFile)) { + err("** [osticket] DB - Failed to write configuration file"); +} + +//Perform database installation if required +if (!$db_installed) { + echo "** [osticket] DB - Installing database. Please wait...\n"; + if (!$installer->install($vars)) { + $errors=$installer->getErrors(); + echo "** [osticket] DB - Database installation failed. Errors:\n"; + foreach($errors as $e) { + echo " $e\n"; + } + exit(1); + } else { + echo "** [osticket] DB - Database installation successful\n"; + } +} + +?> diff --git a/install/etc/cont-init.d/30-osticket b/install/etc/cont-init.d/30-osticket new file mode 100755 index 0000000..9b69a44 --- /dev/null +++ b/install/etc/cont-init.d/30-osticket @@ -0,0 +1,66 @@ +#!/usr/bin/with-contenv bash + +source /assets/functions/00-container +prepare_service +PROCESS_NAME="osticket" + +check_service_initialized init 20-php-fpm + +### Sanity Test +sanity_db +sanity_var ADMIN_PASS "Admin Password" +sanity_var ADMIN_EMAIL "Admin Email" +sanity_var ADMIN_USER "Admin Username" +sanity_var INSTALL_SECRET "Install Secret" + +db_ready mariadb + +### Adjust Runtime Variables +sed -i -e "s//$CRON_PERIOD/g" /assets/cron/osticket.txt +sed -i -e "s##${NGINX_WEBROOT}#g" /assets/setup/install.php + +### Check to see if this is a new install, if yes copy information from assets create directories... +if [ ! -f "${NGINX_WEBROOT}"/index.php ] ; then + print_warn "New OSTicket Installation Detected." + mkdir -p "${NGINX_WEBROOT}" + cp -R /assets/install/* "${NGINX_WEBROOT}"/ + chown -R "${NGINX_USER}":"${NGINX_GROUP}" "${NGINX_WEBROOT}"/ + chmod -R a+rX "${NGINX_WEBROOT}" + chmod -R u+rw "${NGINX_WEBROOT}" + chown -R root:root "${NGINX_WEBROOT}"/setup_hidden + chmod 700 "${NGINX_WEBROOT}"/setup_hidden +fi + +# Automate installation +silent php /assets/setup/install.php + +## Check Memcache Settings +if [ ${MEMCACHE_HOST:+1} ]; then + print_notice "Setting Memcache" + sed -i -e "s/# define('SESSION_BACKEND', 'memcache');/define('SESSION_BACKEND', 'memcache');/g" "${NGINX_WEBROOT}"/include/ost-config.php + sed -i -e "s/# define('MEMCACHE_SERVERS', 'server1:11211,server2:11211');/define('MEMCACHE_SERVERS', '$MEMCACHE_HOST:$MEMCACHE_PORT');/g" "${NGINX_WEBROOT}"/include/ost-config.php +fi + +## Proxy Fix +if [ ${VIRTUAL_HOST:+1} ]; then + print_notice "Configuring Reverse Proxy settings" + sed -i -e "s/define('TRUSTED_PROXIES', '');/define('TRUSTED_PROXIES', '*');/g" "${NGINX_WEBROOT}"/include/ost-config.php +fi + +print_notice "Applying configuration file security" +chmod 644 "${NGINX_WEBROOT}"/include/ost-config.php + +#if [ ${ADMIN_PASS:+1} ]; then +# print_notice "Setting Administrative User Password" +# mysqlcmd='mysql -u'$DB_USER' -h'$DB_HOST' -p'$DB_PASS' -P'$DB_PORT +# $mysqlcmd -e "use "$DB_NAME"; UPDATE "$DB_PREFIX"staff SET passwd = MD5( '"$ADMIN_PASS"' ) WHERE username = '"$ADMIN_USER"';" +#fi + +### Force Reset Permissions for Security +chown -R "${NGINX_USER}":"${NGINX_GROUP}" "${NGINX_WEBROOT}" +chmod -R a+rX "${NGINX_WEBROOT}"/ +chmod -R u+rw "${NGINX_WEBROOT}"/ +chown -R root:root "${NGINX_WEBROOT}"/setup_hidden +chmod 700 "${NGINX_WEBROOT}"/setup_hidden + +liftoff \ No newline at end of file diff --git a/install/etc/nginx/conf.d/default.conf b/install/etc/nginx/conf.d/default.conf new file mode 100644 index 0000000..d694759 --- /dev/null +++ b/install/etc/nginx/conf.d/default.conf @@ -0,0 +1,56 @@ + server { + listen ; + root ; + index index.php; + + charset utf-8; + + set $path_info ""; + + location ~ /include { + deny all; + return 403; + } + + if ($request_uri ~ "^/api(/[^\?]+)") { + set $path_info $1; + } + + location /api { + try_files $uri $uri/ /api/http.php?$query_string; + } + + if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") { + set $path_info $1; + } + + location ~ ^/scp/ajax.php/.*$ { + try_files $uri $uri/ /scp/ajax.php?$query_string; + } + + if ($request_uri ~ "^/ajax.php(/[^\?]+)") { + set $path_info $1; + } + + location ~ ^/ajax.php/.*$ { + try_files $uri $uri/ /ajax.php?$query_string; + } + + location / { + try_files $uri $uri/ index.php; + } + + location ~ \.php$ { + include /etc/nginx/nginx.conf.d/php-fpm.conf; + try_files $uri = 404; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param LARA_ENV local; # Environment variable for Laravel + fastcgi_param PATH_INFO $path_info; + } + + ### Don't edit past here + include /etc/nginx/nginx.conf.d/site_optimization.conf; + include /etc/nginx/nginx.conf.d/exploit_protection.conf; +} diff --git a/zabbix_templates/app_nginx.xml b/zabbix_templates/app_nginx.xml new file mode 100644 index 0000000..cd01176 --- /dev/null +++ b/zabbix_templates/app_nginx.xml @@ -0,0 +1,541 @@ + + + 3.4 + 2018-02-02T19:00:11Z + + + Templates + + + VPN + + + Websites + + + + + + + + {APP - Nginx:nginx.status[proc_num].last()}=0 + 0 + + Nginx is down + 0 + + + 0 + 5 + + 0 + 0 + + + + + + + Active connections + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - Nginx + nginx.status[active] + + + + 1 + 0 + C80000 + 0 + 2 + 0 + + APP - Nginx + nginx.status[waiting] + + + + + + Nginx Connections\min + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 1 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - Nginx + nginx.status[accepts] + + + + 1 + 0 + C80000 + 0 + 2 + 0 + + APP - Nginx + nginx.status[handled] + + + + 2 + 0 + 0000C8 + 0 + 2 + 0 + + APP - Nginx + nginx.status[requests] + + + + + + Nginx Proc_Num + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 1 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - Nginx + nginx.status[proc_num] + + + + + + diff --git a/zabbix_templates/app_php_fpm7.xml b/zabbix_templates/app_php_fpm7.xml new file mode 100644 index 0000000..393a5a2 --- /dev/null +++ b/zabbix_templates/app_php_fpm7.xml @@ -0,0 +1,724 @@ + + + 3.4 + 2018-02-02T19:00:48Z + + + Templates + + + + + + + + {APP - PHP-FPM7:proc.num[php-fpm7,,,].last()}=0 + 0 + + PHP-FPM is down + 0 + + + 0 + 4 + PHP-FPM process count: 0 + 0 + 0 + + + + + + + php-fpm processes + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[active-processes] + + + + 1 + 0 + C80000 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[idle-processes] + + + + 2 + 0 + 0000C8 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[max-active-processes] + + + + 3 + 0 + C800C8 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[total-processes] + + + + + + php-fpm slow requests + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[slow-requests] + + + + + + php listen queue + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[listen-queue] + + + + 1 + 0 + C80000 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[listen-queue-len] + + + + 2 + 0 + 0000C8 + 0 + 2 + 0 + + APP - PHP-FPM7 + php-fpm.status[max-listen-queue] + + + + + + + + Service state + + + 0 + Down + + + 1 + Up + + + + + diff --git a/zabbix_templates/app_php_opcache.xml b/zabbix_templates/app_php_opcache.xml new file mode 100644 index 0000000..5dcd0f0 --- /dev/null +++ b/zabbix_templates/app_php_opcache.xml @@ -0,0 +1,2022 @@ + + + 3.4 + 2018-02-02T19:01:06Z + + + Templates + + + + + + + + {APP - PHP-OPCache:opcache[version].diff(0)}>0 + 0 + + OPcache version has changed + 0 + + + 1 + 1 + + 0 + 0 + + + + + + + [OPcache] Hits & Misses + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[hits] + + + + 1 + 0 + C80000 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[misses] + + + + + + [OPcache] ISU memory usage + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 1 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + C80000 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[isu.used_memory] + + + + 1 + 5 + 00C800 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[isu.free_memory] + + + + + + [OPcache] Memory usage + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 1 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + C80000 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[used_memory] + + + + 1 + 5 + 00C800 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[free_memory] + + + + + + [OPcache] Number of items + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 00C800 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[num_cached_keys] + + + + 1 + 0 + C80000 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[num_cached_scripts] + + + + 2 + 0 + 0000C8 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[max_accelerated_files] + + + + 3 + 0 + C800C8 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[max_cached_keys] + + + + 4 + 0 + 00C8C8 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[number_of_strings] + + + + + + [OPcache] Restarts + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 0000C8 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[hash_restart] + + + + 1 + 0 + C800C8 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[manual_restarts] + + + + 2 + 0 + 00C8C8 + 0 + 2 + 0 + + APP - PHP-OPCache + opcache[oom_restarts] + + + + + + + + Service state + + + 0 + Down + + + 1 + Up + + + + + diff --git a/zabbix_templates/zabbix_agent_container.xml b/zabbix_templates/zabbix_agent_container.xml new file mode 100644 index 0000000..9532a0e --- /dev/null +++ b/zabbix_templates/zabbix_agent_container.xml @@ -0,0 +1,515 @@ + + + 3.4 + 2018-02-02T19:04:27Z + + + Discovered Containers + + + Templates + + + + + + + + + {Service - ICMP:icmpping.max(3m)}=3 + 0 + + Cannot be pinged + 0 + + + 0 + 5 + + 0 + 0 + + + + + {Service - ICMP:icmppingloss.min(10m)}>50 + 0 + + Ping loss is too high + 0 + + + 0 + 4 + + 0 + 0 + + + Cannot be pinged + {Service - ICMP:icmpping.max(3m)}=3 + + + + + + + {Service - ICMP:icmppingsec.avg(2m)}>100 + 0 + + Ping Response time is too high + 0 + + + 0 + 4 + + 1 + 0 + + + Cannot be pinged + {Service - ICMP:icmpping.max(3m)}=3 + + + + + + + {Zabbix - Container Agent:packages.upgradable.last()}>0 + 0 + + Upgraded Packages in Container Available + 0 + + + 0 + 1 + + 0 + 0 + + + + + {Zabbix - Container Agent:agent.ping.nodata(3m)}=1 + 0 + + Zabbix agent is unreachable + 0 + + + 0 + 5 + + 0 + 0 + + + + + + + Service state + + + 0 + Down + + + 1 + Up + + + + + Zabbix agent ping status + + + 1 + Up + + + + +