======Hesk Helpdesk======
Instructions for installing Hesk on Ubuntu 22.04
=====Initial Networking Configuration=====
Removing netplan is completely optional, but simplifies the networking configuration process. Later we will set a static IP address.
sudo apt install network-manager
sudo apt purge netplan.io
Config File:
''/etc/systemd/network/05-eth0.network''
[Match]
Name=eth0
[Network]
DHCP=yes
Reboot to apply networking changes.
reboot
=====Prerequisites=====
These are the packages required for the installation of Hesk.
sudo apt install ufw nginx mariadb-server p7zip-full apache2-utils
sudo apt install php8.1 php8.1-common php8.1-cli php8.1-gd php8.1-mysql php8.1-xml php8.1-ldap php8.1-fpm php8.1-imap
=====Firewall=====
Uncomplicated FireWall (UFW) will be the firewall on this server, we need to configure it to allow ssh, http, https, and imap traffic. We can later configure the ssh port to be something non-standard so that our server is more secure.
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow imap
sudo ufw disable
sudo ufw enable
=====MySQL=====
Run this to enter the MySQL prompt.
sudo mysql -uroot -p
Then a mysql> or MariaDB [root]> prompt will appear. Now enter the following lines and confirm them with the enter key. The username can be whatever you like, but be sure to replace password with a good password. These will be used later when initially configuring Hesk from the browser.
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS heskdb;
GRANT ALL PRIVILEGES ON heskdb.* TO 'hdbuser'@'localhost' IDENTIFIED BY 'password';
=====Setting up Hesk=====
Transfer the hesk archive to the server with sftp
Unpack the archive file into a conveniently named directory
7z x -o./hesk/ hesk343.zip
sudo cp -r ./hesk /var/www/
Set the correct owner and permissions on some files
sudo chown www-data:www-data -R /var/www/hesk
Enable IMAP on Hesk:
sudo chmod 755 /var/www/hesk/inc/mail/hesk_imap.php
Nginx security settings:
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
This will create a user/password combination for when a user tries to access a certain folder (see config)
It can be further locked down to a specific IP range.
htpasswd -c /etc/nginx/.htpasswd
Nginx Configuration:
Create the nginx config file
''/etc/nginx/conf.d/support.biochem.net.conf''
server {
listen 80;
server_name support.biochem.net;
root /var/www/hesk;
index index.php;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location "~^/admin/.*" {
try_files $uri $uri/ =404;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location ~ /admin/ {
try_files $uri $uri/ =404;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location ~ /\.ht {
deny all;
}
}
Remove the symlink to the default nginx config
sudo rm -rf /etc/nginx/sites-enabled/default
Check the config for errors first
sudo nginx -t
Restart the nginx service
sudo systemctl restart nginx
Installing Language Packs:
Download language pack from here: https://www.hesk.com/language/
Using sftp put the zip file on the server.
Extract the archive.
7z x de.zip
Move the the correct folder.
mv -r ./de /var/www/hesk/language/
Set ownership.
chown www-data:www-data -R /var/www/hesk/language/de
Afterwards make sure to test the language folder via the Web GUI [Settings => General] This will add the language pack to Hesk.