Install Freeside v3.X

Install Freeside v3.X

Bootstrapping

• Install Debian 9 Server with SSH (Unselect Desktop Install, Select SSH)
• login as root
• apt update && apt -y upgrade && apt-get -y autoremove && apt-get -y autoclean
• apt install sudo
• adduser username — add a system user
• usermod -aG sudo username

Connect via ssh or on the terminal as your normal linux system user and continue with the install.

Configure Freeside repos

sudo vi /etc/apt/sources.list

Copy/Paste:

Debian 9 (stretch)

# Freeside Repos
deb [trusted=yes] http://pkg.freeside.biz/freeside-stretch/ ./
deb [trusted=yes] http://pkg.freeside.biz/freeside3-stretch-testing/ ./

or, use my own release of the Freeside software. This is currently available for Debian 9 only.

# My repo
deb [trusted=yes] https://www.cmsws.com/repo/stretch/freeside/ ./
deb [trusted=yes] https://www.cmsws.com/repo/stretch/freeside3/ ./

note: out of the box, apt cannot use the https protocol. Be sure to install the ‘apt-transport-https’ package.

Debian 10 (buster)

# Freeside Repos
deb [trusted=yes] http://pkg.freeside.biz/freeside-buster/ ./
deb [trusted=yes] http://pkg.freeside.biz/freeside3-stretch-testing/ ./

Update and Upgrade system

sudo apt update
sudo apt upgrade

Administrative package setup (non-Freeside)

Install packages that I find useful

sudo apt install exim4- exim4-base- exim4-config- exim4-daemon-light- \
                 dnsutils locate net-tools nmap rsync screen strace \
                 telnet traceroute whois

Install Freeside Packages

 sudo apt install freeside freeside-lib freeside-webui \
                 libbusiness-onlinepayment-cardfortress-perl \
                 libev-perl- \
                 liblocale-codes-perl \
                 liblocale-subcountry-perl=1.63-1 \
                 texlive-fonts-recommended-doc- \
                 texlive-latex-base-doc- \
                 texlive-latex-extra-doc- \
                 texlive-latex-recommended-doc- \
                 texlive-pictures-doc- \
                 texlive-pstricks-doc-

If you prefer to install a specific version of Freeside, view the list of all packages that have been generated and select a version. Adjust the line including the freeside package names accordingly.

freeside=3.93~git-2019062510 freeside-lib=3.93~git-2019062510 freeside-webui=3.93~git-2019062510 \

Place hold on specific packages

sudo apt-mark hold 'freeside*' liblocale-subcountry-perl

Setup Postgres

Create the freeside user in PostgreSQL

sudo su postgres -c "createuser --createdb --no-createrole --no-superuser freeside"

• Configure /usr/local/etc/freeside/secrets if necessary. This file contains three lines: DBI datasource, username and password
  • See the DBI manpage and the manpage for your DBD for the exact syntax of your DBI data source.

As the freeside user in PostgreSQL, create the freeside database

sudo su freeside -c "createdb -E UTF8 -T template0 freeside"

Bootstrap RT

Run these one at a time and enter your password during each one:

sudo su freeside -c '/opt/rt3/sbin/rt-setup-database --action schema'
sudo su freeside -c '/opt/rt3/sbin/rt-setup-database --action coredata'
sudo su freeside -c '/opt/rt3/sbin/rt-setup-database --action insert --datafile /opt/rt3/etc/initialdata'

Request Tracker (RT) settings

Open /opt/rt3/etc/RT_SiteConfig.pm and update or insert the following lines:

• Set rtname to your domain name (this is the same domain used with freeside-setup earlier)
• Set Organization to your company name
• Update Timezone
• Set RT::URI::freeside::URL to your local URL for Freeside
• Add the following lines:

Set($WebPort, 443);
Set($WebDomain, 'FQDN of their freeside server');

Bootstrap Freeside

• If migrating then skip to the Setting up apache section
• Replace $DOMAIN with the customers domain, sets up database and temp permissions

sudo su freeside -c "freeside-setup -d $DOMAIN"

• Add default Freeside system users

sudo su freeside -c "freeside-adduser -g 1 fs_queue"
sudo su freeside -c "freeside-adduser -g 1 fs_daily"
sudo su freeside -c "freeside-adduser -g 1 fs_selfservice"
sudo su freeside -c "freeside-adduser -g 1 fs_api"

• Add your user in

sudo su freeside -c "freeside-adduser -g 1 {freeside_username} {temp password}"

(after you log in for the first time reset your password using a more secure one)

• v3 uses htaccess authentication

sudo htpasswd -c /usr/local/etc/freeside/htpasswd {freeside_username}

Setup Apache

Enable Apache modules and configuration

sudo a2enconf freeside-base2
sudo a2enconf freeside-rt
sudo a2dismod mpm_event
sudo a2enmod mpm_prefork
sudo a2enmod rewrite
sudo a2enmod ssl
sudo chown freeside /var/lock/apache2

Make a backup of your original /etc/apache2/envvars file and modify user and group fields

sudo cp /etc/apache2/envvars /etc/apache2/envvars.$(date +%s)
sudo sed -i "s/www-data/freeside/g" /etc/apache2/envvars

Make a backup of your original /etc/apache2/site-available/000-default.conf file and make changes to the original file

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.$(date +%s)

Add the following to the end of the default config file just before the closing </VirtualHost> block.

sudo vi /etc/apache2/sites-available/000-default.conf

	<Directory />
                Options +FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/html>
                Options +Indexes +FollowSymLinks +MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
        RewriteEngine   on
        RewriteCond     %{SERVER_PORT} ^80$
        RewriteCond     %{REMOTE_ADDR} !^127.0.0.1$
        RewriteCond     %{REMOTE_ADDR} !^\:\:1$
        RewriteRule     ^/(.*)$ https://%{SERVER_NAME}/$1 [L,R]

Enable the default Apache SSL site

sudo a2ensite default-ssl

For an pre-built script that does all the above, copy/paste the following into a script on your freeside server and run it.

# backup envars then change apache user and group
sudo cp /etc/apache2/envvars /etc/apache2/envvars.$(date +%s)
sudo sed -i "s/www-data/freeside/g" /etc/apache2/envvars

# backup the original 000-default.conf  then create new 

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.$(date +%s)
sudo bash -c 'cat <<EOF >/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the reques s Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
    
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog \${APACHE_LOG_DIR}/error.log
	CustomLog \${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

	<Directory />
                Options +FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/html>
                Options +Indexes +FollowSymLinks +MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
	RewriteEngine   on
	RewriteCond     %{SERVER_PORT} ^80$
	RewriteCond     %{REMOTE_ADDR} !^127.0.0.1$
	RewriteCond     %{REMOTE_ADDR} !^\:\:1$
	RewriteRule     ^/(.*)$ https://%{SERVER_NAME}/$1 [L,R]

</VirtualHost>
EOF'

# seems redundant, directory and files in sites-available owned by root
# sudo chown -R root:root /etc/apache2/sites-available

# Enable modules
sudo a2enconf freeside-base2
sudo a2enconf freeside-rt
sudo a2dismod mpm_event
sudo a2enmod mpm_prefork
sudo a2enmod rewrite
sudo a2enmod ssl
sudo chown freeside /var/lock/apache2sudo

# Enable Default SSL site
sudo a2ensite default-ssl
# ssl enabling complains, default now?

Finish installation

• Converts templates to msg_template

sudo su freeside -c 'freeside-upgrade freeside_username'

• Start Apache/Freeside

sudo systemctl start freeside
sudo systemctl restart apache2

• Login to the web interface, click on “Ticketing main”
• Bootstrap your RT Login, replace freeside_username with your freeside account name created above

sudo su freeside -c psql
insert into acl ( principaltype, principalid, rightname, objecttype, objectid )
         values ( 'Group',
                 ( select id from groups where instance = ( select id from users where name = 'freeside_username' )
                                           and domain = 'ACLEquivalence' and type = 'UserEquiv'        ),
                  'SuperUser', 'RT::System', 1 );
\q

• Change your password through the preferences link (you can change it to the same password)
• Verify remote access to UI is via 443 only