How to Install osTicket on Debian 10

Updated on August 31, 2021
How to Install osTicket on Debian 10 header image


osTicket is a widely used and trusted open source support ticketing system. It's open-source and actively developed on GitHub with 22.3k stars at the time of writing. It's built on PHP and requires a MySQL database, which will be configured in this guide. An HTTPS certificate will also be set up as well for added security.


  • A Debian 10 instance on Vultr.
  • A sudo user.
  • System is fully up-to-date.
  • DNS A record pointing your fully-qualified domain name to your instance IP address.

1. Install packages

The following components are required for this setup:

  • UFW: network firewall.
  • Nginx: web server.
  • Certbot: will issue and renew an HTTPS certificate for Nginx.
  • PHP-FPM: runtime required to run osTicket.
  • PHP-MySQL: allows PHP to connect to the database.
  • MariaDB: MySQL-compatible database for osTicket.
  • Unzip: for extracting the osTicket code.
  • PHP-Gdilb: part of osTicket's recommended prerequisites.
  • PHP-IMAP: part of osTicket's recommended prerequisites.
  • PHP-XML: part of osTicket's recommended prerequisites.
  • PHP-Mbstring: part of osTicket's recommended prerequisites.
  • PHP-Intl: part of osTicket's recommended prerequisites.
  • PHP-APCu: part of osTicket's recommended prerequisites.

Install the packages with APT.

$ sudo apt install -y ufw nginx python3-certbot python3-certbot-nginx php-fpm php-mysql mariadb-server unzip php-gd php-imap php-xml php-mbstring php-intl php-apcu

2. Configure Firewall

Now, configure UFW it to allow SSH (port 22) and HTTP/HTTPS (ports 80, 443). This will allow remote login to the server and for Certbot to verify the domain and issue HTTPS certificates.

$ sudo ufw allow 22/tcp
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp

Enable UFW. Answer y and press Enter when prompted to proceed.

$ sudo ufw enable

3. Obtain an HTTPS Certificate

Obtain an HTTPS certificate with Certbot by telling it to use Nginx for serving the verification files.

  • Make sure to replace with your email.

  • Make sure to replace with your fully-qualified domain name.

      $ sudo certbot certonly --nginx --agree-tos --no-eff-email -m -d

4. Automate HTTPS Certificate Renewal

In order for Certbot to automatically renew the HTTPS certificate and prevent it from expiring, it is necessary to add a job to the system's Crontab. Open the Crontab for editing.

$ sudo EDITOR=nano crontab -e

At the end of the file, insert the following line:

0 0 * * * certbot renew

Save by pressing Ctrl + S and exit by pressing Ctrl + X.

5. Download osTicket

Make a directory for the osTicket code, and move into it.

$ sudo mkdir -p /var/www/osticket
$ cd /var/www/osticket

Download the osTicket code. As of writing, is the latest version of osTicket, but this can be substituted for another version if needed.

$ sudo wget

Extract the code from the downloaded archive.

$ sudo unzip

Clean up by deleting the archive file, and the optional scripts directory included with the code.

$ sudo rm -rf scripts

Create a copy of the sample configuration file.

$ sudo cp upload/include/ost-{sample,}config.php

Fix the permissions so that only Nginx and PHP will have access to the files.

$ sudo chown -R www-data:www-data /var/www/osticket

6. Configure MariaDB

Start configuring MariaDB by running it's secure installation script.

MariaDB doesn't use a password for the root user, instead it uses the system's mysql user. When prompted for the current root password, press Enter for none. When asked to set the root password, answer N and press Enter to leave it at the default.

The rest of the questions should remain at their defaults, so press Enter when prompted to accept the secure defaults.

$ sudo mysql_secure_installation

Now, log in to MariaDB as the root user.

$ sudo mysql -u root

Create a database and user, then grant permissions for the user to access the newly created database.

CREATE USER osticket@localhost IDENTIFIED BY 'osticket';
GRANT ALL PRIVILEGES ON osticket.* TO osticket@localhost;

7. Configure Nginx

Create an Nginx configuration file for the domain name.

Make sure to replace with your fully-qualified domain name.

$ sudo nano /etc/nginx/sites-available/osticket

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;


    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    root /var/www/osticket/upload;
    index index.html index.htm index.php;

    set $path_info "";

    location ~ /include {
        deny all;
        return 403;

    if ($request_uri ~ "^/api(/[^\?]+)") {
        set $path_info $1;

    location ~ ^/api/(?:tickets|tasks).*$ {
        try_files $uri $uri/ /api/http.php?$query_string;

    if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
        set $path_info $1;

    if ($request_uri ~ "^/.*\.php(/[^\?]+)") {
        set $path_info $1;

    location ~ ^/scp/ajax.php/.*$ {
        try_files $uri $uri/ /scp/ajax.php?$query_string;

    location ~ ^/ajax.php/.*$ {
        try_files $uri $uri/ /ajax.php?$query_string;

    location / {
        try_files $uri $uri/ index.php;

    location ~ \.php$ {
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        include snippets/fastcgi-php.conf;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;

Enable the Nginx configuration by creating a symbolic link to the enabled directory.

$ sudo ln -s /etc/nginx/sites-available/osticket /etc/nginx/sites-enabled

Reload Nginx for the new configuration to be loaded.

$ sudo systemctl reload nginx

8. Configure osTicket

Navigate to, replacing with you fully-qualified domain name. You should see a page that begins with "Thank you for Choosing osTicket!".

If this is not the case, try restarting Nginx and PHP-FPM.

$ sudo systemctl restart nginx
$ sudo systemctl restart php7.3-fpm

Make sure that all dependencies are satisfied, and if so, click "Continue" at the bottom of the page.

Fill in the sections on the page entitled "System Settings" and "Admin User" with information most suitable to your deployment.

In the section entitled "Database Settings" use the following settings:

  • MySQL Table Prefix: ost_
  • MySQL Hostname: localhost
  • MySQL Database: osticket
  • MySQL Username: osticket
  • MySQL Password: osticket

Once done, press the button at the bottom of the page to continue. You should see a page that starts with "Congratulations" at the end of the setup process.

9. Clean up Setup Files

As per osTicket's recommendation when first signing into the Admin Panel, delete the initial setup files from the web directory.

$ sudo rm -rf /var/www/osticket/upload/setup