Deployment Overview of Zammad on Server¶
Prerequisites and Basic Requirements¶
To ensure the successful deployment and operation of Zammad, the following system requirements must be met:
-
Operating System: Ubuntu (based on the use of
aptpackage management). -
Privileges: Root or sudo access is required for installing packages and managing Docker services.
-
Domain Configuration: A valid domain name under the
hostkey.inzone is required. -
Required Packages:
-
ca-certificates -
curl -
git
-
FQDN of the final panel on the hostkey.in domain¶
The application is accessible via a Fully Qualified Domain Name (FQDN) following this pattern: <prefix><Server ID>.hostkey.in
Where <prefix> is set to zammad.
File and Directory Structure¶
The deployment utilizes several key directories for configuration, source code, and SSL certificates:
| Path | Description |
|---|---|
/root/zammad-docker-compose | Application source files and Docker Compose orchestration. |
/etc/nginx/sites-available/zammad | Nginx server configuration file. |
/etc/nginx/sites-enabled/zammad | Active Nginx site symbolic link. |
/etc/apt/keyrings/docker.asc | Docker GPG security key. |
/etc/letsencrypt/live/<domain>/ | SSL certificates managed by Certbot. |
Application installation process¶
The application is deployed using a containerized approach via Docker Compose v2. The deployment follows these steps:
-
Installation of the Docker Engine and the Docker Compose plugin.
-
Cloning the
zammad-docker-composerepository into/root/zammad-docker-compose. -
Configuration of environment variables within the
.envfile to support HTTPS and trusted proxies. -
Orchestration of services using
docker compose up -d.
Access Rights and Security¶
Security is managed through a combination of Nginx reverse proxying and SSL encryption:
-
Firewall/Proxy: Nginx acts as a reverse proxy, forwarding traffic from the external port to the internal application container.
-
SSL/TLS: Certbot is used to obtain and manage Let's Encrypt SSL certificates. Automatic redirection from HTTP to HTTPS is enabled.
-
Trusted Proxies: The application is configured to trust
127.0.0.1/32for proxy headers.
Docker Containers and Their Deployment¶
The deployment relies on Docker Compose to manage the Zammad stack. The following command is used to initialize the containers:
Proxy Servers¶
Nginx is configured as a reverse proxy to handle incoming web traffic and terminate SSL connections.
| Component | Configuration Detail |
|---|---|
| Web Server | Nginx |
| SSL Provider | Certbot (Let's Encrypt) |
| Proxy Protocol | HTTP/1.1 with WebSocket support (Upgrade header) |
| Internal Proxy Target | http://127.0.0.1:8080 |
Location of configuration files and data¶
The following files govern the behavior of the proxy and the application environment:
-
Nginx Configuration:
/etc/nginx/sites-available/zammad -
Docker Environment Variables:
/root/zammad-docker-compose/.env
Available ports for connection¶
| Port | Direction | Usage |
|---|---|---|
443 | External | Secure HTTPS web access (via Nginx) |
80 | External | HTTP redirection to HTTPS |
8080 | Internal | Zammad application service (internal container traffic) |
Starting, Stopping, and Updating¶
Service management is performed via Docker Compose within the application directory.
-
Start/Restart Services:
-
Stop/Recreate Containers: