Home AlmaLinux How To Install osTicket on AlmaLinux 10

How To Install osTicket on AlmaLinux 10

AlmaLinux April 24, 2026 comments off

Install osTicket on AlmaLinux 10

Support requests pile up fast. Emails get lost, colleagues forget to follow up, and there is no single place where your whole team can see what is open, who owns it, or what the status is. That is the exact problem osTicket solves, and this guide walks you through the complete process to install osTicket on AlmaLinux 10 using Nginx, PHP 8.3 (via the Remi repository), and MariaDB as the database backend.

AlmaLinux 10 is a rock-solid, RHEL-compatible distribution with a long support lifecycle and SELinux enforcing mode enabled out of the box. It is a smart choice for self-hosted business tools like osTicket where stability and security matter more than cutting-edge kernel features.

By the end of this guide, you will have a fully working osTicket v1.18 instance with secure file permissions, SELinux properly configured, firewall rules in place, and an automated cron job fetching emails every five minutes. No guesswork and no skipped steps.

Prerequisites

Before you start, make sure your environment meets these requirements:

  • AlmaLinux 10 server with a fresh install (minimal or standard)
  • Root access or a sudo-enabled user — system-level changes require elevated permissions
  • Minimum 2 GB RAM and 10 GB free disk space — PHP-FPM worker pools and MariaDB both consume memory; under-provisioning causes intermittent 502 errors under load
  • A domain name or subdomain pointed to your server IP — the Nginx virtual host configuration requires a resolvable hostname for production use; a server IP works for testing
  • Ports 80 and 443 open — AlmaLinux 10’s firewalld blocks all inbound traffic by default; explicit rules are required
  • SSH access to the server — all steps in this guide run from the command line
  • unzip utility — needed to extract the osTicket release archive

If your server is a fresh VPS, you are ready to go. Start at Step 1.

Step 1: Update the System

The first thing you do on any fresh Linux server is update all packages. This is not optional housekeeping. Running an outdated system means running known CVEs. AlmaLinux 10 package updates include kernel patches, glibc fixes, and OpenSSL updates that directly affect the security of every web application running on top of them.

sudo dnf update -y

After the update completes, check whether a new kernel was installed and reboot if needed:

needs-restarting -r

If that command outputs a message indicating a reboot is required, reboot now before continuing:

sudo reboot

Reconnect via SSH after the reboot and move on to the next step.

Step 2: Install Nginx Web Server

Nginx is the web server that handles all HTTP traffic and passes PHP requests to PHP-FPM. It is available in the default AlmaLinux 10 repositories, so no extra repo configuration is needed here.

sudo dnf install -y nginx

Enable and start Nginx in a single command:

sudo systemctl enable --now nginx

The --now flag does two things simultaneously: it starts the service right now and registers it to autostart on every future reboot. Forgetting to enable a service is one of the most common reasons a server comes back after a reboot with half the stack not running.

Verify the service is healthy:

sudo systemctl status nginx

Look for active (running) in green text. If you see failed or inactive, check the error output with journalctl -u nginx --no-pager -n 30 and fix the issue before continuing.

Step 3: Install PHP 8.3 and All Required Extensions

osTicket requires PHP 8.2 or newer. AlmaLinux 10’s default repositories do not always ship the latest PHP versions, so you need to pull PHP 8.3 from the Remi repository. Remi is a well-maintained, community-trusted repository specifically for PHP on RHEL-compatible distros.

Enable EPEL and Remi Repositories

Start with EPEL (Extra Packages for Enterprise Linux), which Remi depends on:

sudo dnf install -y epel-release
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-10.rpm

Now reset any existing PHP module stream and enable PHP 8.3 from Remi:

sudo dnf module reset php -y
sudo dnf module enable php:remi-8.3 -y

WHY reset the module stream first: AlmaLinux 10 uses the DNF module system to manage application streams. If you skip the reset, enabling a new stream fails with a conflict error. The reset clears any active stream state before you switch to Remi’s PHP 8.3 build.

Install PHP-FPM and osTicket Extensions

Install PHP-FPM and every extension osTicket needs in one command:

sudo dnf install -y php php-fpm php-mysqlnd php-gd php-imap php-mbstring \
php-xml php-json php-intl php-apcu php-opcache php-ldap php-phar \
php-ctype php-iconv php-dom php-zip

Here is why the key extensions matter for osTicket specifically:

  • php-mysqlnd — the native MariaDB/MySQL driver; faster than the older libmysql client
  • php-imap — required for fetching support emails via IMAP or POP3; without this, email piping does not work at all
  • php-gd — handles image processing for ticket attachments and inline images
  • php-mbstring and php-intl — multilingual ticket content, international character support
  • php-opcache and php-apcu — in-memory caching that reduces PHP parse time on every page request, noticeable performance difference in a busy helpdesk

Confirm the correct PHP version is active:

php -v

The output should show PHP 8.3.x built by Remi’s RPM repository.

Configure PHP-FPM to Work With Nginx

By default, PHP-FPM on RHEL-based systems runs under the apache user. Since you are using Nginx, that mismatch causes permission errors when PHP-FPM tries to access files owned by nginx. Fix it now:

sudo vi /etc/php-fpm.d/www.conf

Find and update these four lines:

user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

Next, tune the main php.ini for osTicket’s requirements:

sudo vi /etc/php.ini

Update these values:

upload_max_filesize = 20M
post_max_size = 20M
max_execution_time = 300
date.timezone = UTC

WHY 20M for uploads: osTicket’s default 2M upload limit silently fails when agents try to attach log files, screenshots, or support documents to tickets. 20M covers most real-world support attachments.

Enable and start PHP-FPM:

sudo systemctl enable --now php-fpm

Check the status:

sudo systemctl status php-fpm

Confirm it shows active (running) and is listening on the Unix socket at /run/php-fpm/www.sock.

Step 4: Install and Configure MariaDB

MariaDB is the database engine that stores every ticket, user account, department, SLA record, and system setting. It ships in the default AlmaLinux 10 repositories.

sudo dnf install -y mariadb-server
sudo systemctl enable --now mariadb

Secure the MariaDB Installation

Run the built-in security script immediately after installing MariaDB. A fresh install ships with anonymous users, a test database, and remote root login enabled. These are classic attack vectors:

sudo mariadb-secure-installation

Answer the prompts as follows:

  • Enter current password for root: Press Enter (no password set yet)
  • Set root password: Y — set a strong password and remember it
  • Remove anonymous users: Y
  • Disallow root login remotely: Y
  • Remove test database: Y
  • Reload privilege tables: Y

Create the osTicket Database and Dedicated User

Log into MariaDB as root:

sudo mariadb -u root -p

Run these SQL statements at the MariaDB prompt. Replace StrongPassword123 with your own secure password:

CREATE DATABASE osticket CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'osticket'@'localhost' IDENTIFIED BY 'StrongPassword123';
GRANT ALL PRIVILEGES ON osticket.* TO 'osticket'@'localhost';
FLUSH PRIVILEGES;
EXIT;

WHY utf8mb4 instead of plain utf8: MariaDB’s standard utf8 character set is actually a 3-byte implementation that cannot store 4-byte Unicode characters. That means certain scripts and emoji found in real support tickets corrupt silently. utf8mb4 is the full 4-byte Unicode implementation and avoids that problem entirely.

WHY a dedicated database user instead of root: If the osTicket application credentials are ever compromised, an attacker with those credentials can only access the osticket database. Using root for the application would hand over access to every database on the server.

Step 5: Download and Install osTicket on AlmaLinux 10

This is where you grab the osTicket application files and place them in the correct location for Nginx to serve.

Navigate to /tmp and download osTicket v1.18.3 from the official GitHub releases:

cd /tmp
curl -LO https://github.com/osTicket/osTicket/releases/download/v1.18.3/osTicket-v1.18.3.zip

WHY download from GitHub releases and not third-party mirrors: GitHub release assets are tied to a verified release tag on the official osTicket repository. Third-party mirrors may host outdated versions or modified packages. Always pull from the source.

Install unzip if it is not available, then extract the archive:

sudo dnf install -y unzip
sudo mkdir -p /var/www/osticket
sudo unzip /tmp/osTicket-v1.18.3.zip -d /var/www/osticket

The extraction produces two directories:

  • upload/ — the web application files; this is your document root
  • scripts/ — cron scripts and helper utilities

WHY point the web root at upload/ and not the parent directory: The scripts/ folder contains server-side utilities that should never be web-accessible. Pointing Nginx at upload/ keeps those scripts entirely outside the public HTTP path.

Create the Configuration File

osTicket ships with a sample configuration file. Copy it to the expected location so the web installer can write database credentials into it:

sudo cp /var/www/osticket/upload/include/ost-sampleconfig.php \
/var/www/osticket/upload/include/ost-config.php

Set Ownership and Temporary Permissions

Give the nginx user ownership of the entire application directory, and make the config file temporarily writable for the web installer:

sudo chown -R nginx:nginx /var/www/osticket
sudo chmod 0666 /var/www/osticket/upload/include/ost-config.php

WHY 0666 only during installation: The web installer must write database connection details into ost-config.php. Once installation is done, you will lock this down to 0644. Leaving it world-writable after setup is a security hole, and osTicket’s admin panel will warn you about it until you fix it.

Step 6: Configure Nginx Virtual Host for osTicket

Create a dedicated Nginx server block for osTicket:

sudo vi /etc/nginx/conf.d/osticket.conf

Paste in this complete configuration, replacing osticket.example.com with your actual domain or server IP:

server {
    listen 80;
    server_name osticket.example.com;
    root /var/www/osticket/upload;
    index index.php index.html;

    access_log /var/log/nginx/osticket_access.log;
    error_log /var/log/nginx/osticket_error.log;

    client_max_body_size 20M;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
    }
}

Key directives explained:

  • try_files $uri $uri/ /index.php?$query_string — osTicket uses clean URLs for ticket links and routing. Without this directive, any URL beyond the root returns a 404 because there is no matching static file on disk.
  • fastcgi_pass unix:/run/php-fpm/www.sock — Unix socket communication bypasses the entire TCP stack for local PHP-FPM calls, reducing latency compared to a TCP connection on 127.0.0.1:9000.
  • client_max_body_size 20M — matches the upload_max_filesize you set in php.ini. Nginx rejects the upload before PHP even sees it if this value is lower than the PHP setting.
  • expires 30d on static assets — instructs browsers to cache CSS, JS, and images locally for 30 days, speeding up repeat visits to the staff panel.

Test the configuration for syntax errors:

sudo nginx -t

You should see syntax is ok and test is successful. If there are errors, check bracket placement and file paths carefully.

Reload Nginx to activate the new virtual host:

sudo systemctl reload nginx

Step 7: Configure SELinux and Firewall

This section trips up most people. Do not skip it.

Configure SELinux

AlmaLinux 10 runs SELinux in Enforcing mode by default. Without the right SELinux file contexts and boolean policies, Nginx cannot read your application files and PHP-FPM cannot connect to MariaDB. The result is 403 errors or completely blank pages that look like Nginx misconfigurations but are actually SELinux denials.

Set the correct file context so Nginx can serve the osTicket files:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/osticket(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t \
"/var/www/osticket/upload/include/ost-config.php"
sudo restorecon -Rv /var/www/osticket

WHY two different context types: httpd_sys_content_t gives Nginx read-only access to serve files. The config file needs httpd_sys_rw_content_t (read-write) because the web installer writes database credentials into it during setup.

Now enable the SELinux booleans that osTicket requires:

sudo setsebool -P httpd_can_network_connect_db 1
sudo setsebool -P httpd_can_sendmail 1
sudo setsebool -P httpd_can_network_connect 1
  • httpd_can_network_connect_db — allows PHP-FPM to open a socket connection to MariaDB
  • httpd_can_sendmail — allows osTicket to send outgoing email notifications via SMTP
  • httpd_can_network_connect — required when osTicket connects to external IMAP or SMTP servers to fetch or send email

Verify no active SELinux denials exist:

sudo ausearch -m avc -ts recent

Zero output means SELinux is not blocking anything. If you see AVC denial messages, the context labels were not applied correctly. Re-run the semanage fcontext and restorecon commands.

Also set writable contexts for plugin and language directories in advance:

sudo semanage fcontext -a -t httpd_sys_rw_content_t \
"/var/www/osticket/upload/include/plugins(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t \
"/var/www/osticket/upload/include/i18n(/.*)?"
sudo restorecon -Rv /var/www/osticket/upload/include

Open Firewall Ports

AlmaLinux 10 uses firewalld as its default firewall. Open HTTP and HTTPS ports now:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

WHY the –permanent flag: Without it, firewall rules vanish on the next firewalld restart or server reboot. The --permanent flag writes the rule to the persistent zone configuration file so it survives reboots.

Confirm both services are active:

sudo firewall-cmd --list-services

The output should include both http and https.

Step 8: Run the Web Installer

Open your browser and navigate to:

http://osticket.example.com/setup/

Prerequisites Check Page

The first screen checks your server for required and recommended PHP extensions. Every item under Required must show a green checkmark. If any required item shows red, you have a missing PHP extension. Go back and install it before continuing, as skipping this step leads to cryptic database errors mid-installation.

Click Continue once all required checks pass.

System Settings, Admin Info, and Database Configuration

Fill in the installation form across three sections:

System Settings:

  • Helpdesk Name — your support portal name (e.g., “IT Support Desk”)
  • Default Email — the system address for outgoing notifications

Admin Information:

  • First Name, Last Name — your admin account details
  • Email Address — used for admin login
  • Username — admin login username
  • Password — use at least 12 characters with mixed case, numbers, and symbols

Database Settings:

  • MySQL Hostname — localhost
  • MySQL Database — osticket
  • MySQL Username — osticket
  • MySQL Password — the password you set in Step 4
  • Table Prefix — leave as ost_

WHY keep the ost_ prefix: If you ever host multiple osTicket instances on the same database server, distinct table prefixes prevent table name collisions that would corrupt both installations.

Click Install Now. The installer creates all database tables and writes the configuration. This takes a few seconds.

Step 9: Post-Installation Security Hardening

Two tasks must be completed immediately after the installer finishes. osTicket will display warnings in the admin panel until both are done.

Lock down the configuration file:

sudo chmod 0644 /var/www/osticket/upload/include/ost-config.php

WHY: During installation, the config file was set to 0666 (world-writable). Leaving it writable after setup means any process or user on the server can overwrite your database credentials.

Remove the setup directory:

sudo rm -rf /var/www/osticket/upload/setup

WHY: Leaving /setup/ accessible after installation allows anyone on the internet to visit it and re-run the installer, which would wipe your database and reset the entire system. This is not a hypothetical risk.

Update the SELinux context on the config file back to read-only now that installation is done:

sudo semanage fcontext -m -t httpd_sys_content_t \
"/var/www/osticket/upload/include/ost-config.php"
sudo restorecon -v /var/www/osticket/upload/include/ost-config.php

Step 10: Set Up the Cron Job for Background Tasks

osTicket uses a cron job to pull emails from your mailbox, trigger SLA escalation alerts, and run scheduled background tasks. Without this cron job, email-based ticketing does not work at all.

Add the cron job for the nginx user:

sudo crontab -e -u nginx

Add this line:

*/5 * * * * /usr/bin/php /var/www/osticket/upload/api/cron.php

WHY run it as the nginx user: The cron script reads and writes files inside the osTicket directory, which is owned by nginx. Running it as root creates root-owned files inside the web directory, which breaks PHP-FPM’s ability to write to those same files later.

WHY every 5 minutes: This interval balances email responsiveness with server load. A new ticket submitted by email appears in the system within 5 minutes. Adjust to 2 minutes for high-traffic helpdesks or 10 minutes for low-volume deployments.

Step 11: Initial osTicket Admin Panel Setup

Log into the staff panel at:

http://osticket.example.com/scp/

Use the admin username and password you set during the web installer.

Configure Departments

Departments control ticket routing, SLA assignment, and agent visibility. Navigate to Admin Panel > Agents > Departments and click Add New Department.

Recommended starting departments:

  • Technical Support — hardware, software, and infrastructure issues
  • Billing — payment, invoicing, and account questions
  • General Inquiries — anything that does not fit the other categories

For each department, set the Manager, SLA Plan, and Outgoing Email.

Add Agents

Agents are the support staff members who work tickets. Go to Admin Panel > Agents > Agents and click Add New Agent.

For each agent, set:

  • Name, email, username, and temporary password
  • Primary Department — where their tickets land by default
  • Role — permission level (All Access, Expanded Access, Limited Access, or View Only)

WHY set roles carefully: Overly permissioned agents can delete ticket threads, alter SLA plans, or close tickets prematurely. Apply the principle of least privilege: give agents only the access they need to do their job.

Configure Email Integration

Email integration is what transforms osTicket from a basic form system into a full email-driven helpdesk. Navigate to Admin Panel > Emails > Emails and click Add New Email.

Configure your support email address with IMAP fetching:

  • Protocol — IMAP (recommended over POP3)
  • Host — your mail server hostname
  • Port — 993 (IMAP SSL) or 143 (IMAP STARTTLS)
  • Fetch Frequency — handled by the cron job you set up in Step 10

WHY IMAP over POP3: IMAP leaves messages on the mail server and marks them as read after fetching. POP3 deletes them. If the cron job runs while a previous fetch is still in progress, POP3 can result in the same email creating duplicate tickets or disappearing entirely.

Configure outgoing SMTP under Admin Panel > Emails > Settings:

  • SMTP Server — your outgoing mail server
  • Port — 587 (STARTTLS) or 465 (SSL/TLS)

Click Send Test Email to verify outgoing notifications work before saving.

Troubleshooting Common Issues

403 Forbidden or Blank Page

This is almost always an SELinux denial. Run the following to check for recent denials:

sudo ausearch -m avc -ts recent | grep nginx

If you see AVC denial messages, re-apply the file contexts from Step 7:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/osticket(/.*)?"
sudo restorecon -Rv /var/www/osticket

502 Bad Gateway

Nginx is returning a 502, which means it cannot reach PHP-FPM. Check whether the socket file exists:

ls -la /run/php-fpm/www.sock

If it is missing, PHP-FPM is not running. Restart it and review the logs:

sudo systemctl restart php-fpm
sudo journalctl -u php-fpm --no-pager -n 30

The logs will tell you exactly why PHP-FPM failed to start, usually a configuration syntax error or a missing extension.

Database Connection Failed During Installation

Verify the MariaDB user has the correct privileges:

sudo mariadb -u root -p -e "SHOW GRANTS FOR 'osticket'@'localhost';"

If the grant is missing, log back in and re-run the GRANT ALL PRIVILEGES statement from Step 4. Also confirm the SELinux boolean is enabled:

sudo getsebool httpd_can_network_connect_db

It should return on. If it returns off, run sudo setsebool -P httpd_can_network_connect_db 1.

Emails Not Fetching

Test the cron script manually as the nginx user to see error output directly:

sudo -u nginx /usr/bin/php /var/www/osticket/upload/api/cron.php

If the output shows IMAP errors, verify php-imap is installed:

php -m | grep imap

If no output appears, the extension is missing. Install it with sudo dnf install -y php-imap and restart PHP-FPM.

Installer Warnings After Setup

If the admin panel still shows warnings after installation, confirm both post-install steps completed correctly:

ls -la /var/www/osticket/upload/include/ost-config.php
ls -d /var/www/osticket/upload/setup 2>/dev/null && echo "SETUP DIR EXISTS - DELETE IT"

The config file permissions should show -rw-r--r-- (0644) and the setup directory should not exist.

Congratulations! You have successfully installed. Thanks for using this tutorial for installing the osTicket support ticketing system on your AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official osTicket website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
r00t
r00t is a Linux Systems Administrator and open-source advocate with over ten years of hands-on experience in server infrastructure, system hardening, and performance tuning. Having worked across distributions such as Debian, Arch, RHEL, and Ubuntu, he brings real-world depth to every article published on this blog. r00t writes to bridge the gap between complex sysadmin concepts and practical, everyday application — whether you are configuring your first server or optimizing a production environment. Based in New York, US, he is a firm believer that knowledge, like open-source software, is best when shared freely. "Linux is not just an operating system. It is a philosophy — and the terminal is where that philosophy comes to life."

Related Posts

How To Install Bitwarden on Fedora 43

How To Install OpenClaw on Fedora 43

How To Install Ventoy on AlmaLinux 10

How To Install PulseAudio on Fedora 43

How To Install DirectAdmin on Fedora 43

How To Install SeaMonkey on Fedora 43