Request Tracker on Ubuntu 24.04 on Azure User Guide
Overview
Request Tracker (RT) is a mature, enterprise grade open source ticketing platform from Best Practical, used to track requests, incidents and tasks through their whole lifecycle. It gives you queues, custom fields, approvals, service level reminders, a full rights and permission model, and a searchable history of every interaction, so teams can run help desks, IT service management, and operational and security workflows from one place. The cloudimg image ships RT 5 served by Apache with mod_perl on a hardened, fully patched Ubuntu 24.04 LTS base, together with a bundled local PostgreSQL server so the appliance is complete and useful on its own. RT is served on port 80. The bundled PostgreSQL listens only on the loopback interface (127.0.0.1:5432) and keeps its data on a dedicated Azure data disk. A unique administrator password, and a unique database secret, are generated on the first boot of every VM. Backed by 24/7 cloudimg support.
What is included:
- Request Tracker 5 served by Apache 2 with mod_perl (prefork), managed by systemd
- A bundled PostgreSQL 16 server holding the RT database, already installed and initialised
- RT served on
:80, with the login page reachable at/ - A per VM administrator password generated on first boot and recorded in a root only file
- No shipped default login: RT's well known
root/passworddefault is replaced by a unique per VM secret, and no known or blank credential authenticates - A per VM PostgreSQL secret: the database password and the RT_SiteConfig database secret are also rotated on first boot, so nothing is baked into the image
- PostgreSQL bound to
127.0.0.1only, never exposed to the network - A dedicated Azure data disk carrying the entire PostgreSQL cluster, so all of your ticket data lives off the operating system disk
postgresql.serviceandapache2.serviceas enabled systemd units- 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for larger or busier instances. NSG inbound: allow 22/tcp from your management network and 80/tcp for RT. RT serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The bundled PostgreSQL is never exposed: it listens on 127.0.0.1 only, so port 5432 stays off the network.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Request Tracker by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name request-tracker \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Then open port 80 to RT:
az vm open-port --resource-group <your-rg> --name request-tracker --port 80
Step 3 - Confirm the services are running
SSH in as azureuser and confirm PostgreSQL and Apache are both active. Note that PostgreSQL listens only on 127.0.0.1:5432 while Apache serves RT on port 80.
systemctl is-active postgresql apache2 request-tracker-firstboot
ss -tln | grep -E ':80 |:5432 '

Step 4 - Retrieve the per VM administrator password
Every VM generates its own RT administrator password on first boot and writes it, along with the login user and URL, to a root only credentials file. Read it with sudo:
sudo cat /root/request-tracker-credentials.txt

You sign in to RT as user root with the RT_ADMIN_PASSWORD from this file. On the box itself you can also run sudo -u postgres psql rt5 to reach the database directly over the local socket.
Step 5 - Sign in to Request Tracker
Browse to http://<vm-public-ip>/. You land on the RT login page. Sign in with username root and the password from Step 4.

Step 6 - The RT dashboard
Once signed in you land on RT at a glance, your home dashboard. It summarises the highest priority tickets you own, the newest unowned tickets and your bookmarks, with a quick ticket creation box, and the top menu gives you Search, Reports, an Admin area and the Create button.

Step 7 - Create and view a ticket
Click Create in the top menu, choose a queue such as General, give the ticket a subject and description, and submit. RT opens the ticket display page, where you can see the basics (status, priority, owner and queue), add correspondence and comments, set custom fields, and follow the full history.

Step 8 - The administration area
Open the Admin area to configure RT. From here you manage Users and their passwords, Groups and membership, Queues and their properties, Custom Fields, Custom Roles and Scrips (the automation rules that drive RT's workflows). This is where you tailor RT to your team's process.

Step 9 - No known or default credentials
Request Tracker ships with a well known default web login of root / password. The cloudimg image removes it: the root account is given a unique per VM secret on first boot, and no known or blank password authenticates. You can prove this with the built in round-trip check, which confirms the per VM administrator signs in through RT's web login while a blank password and common weak guesses are all rejected:
sudo -u postgres psql -d rt5 -c "SELECT id, name FROM users WHERE name = 'root'"
sudo bash /usr/local/sbin/request-tracker-cred-roundtrip.sh

Step 10 - Verify the stack and where your data lives
Confirm the RT version, the dedicated data disk and the installed database. The entire PostgreSQL cluster lives on the data disk mounted at /data (bind mounted onto /var/lib/postgresql), so all of your tickets, transactions, attachments and users are kept separate from the operating system disk and ride with the VM:
dpkg-query -W -f='RT ${Version}\n' request-tracker5
findmnt -no SOURCE,TARGET,FSTYPE,SIZE /data; findmnt -no SOURCE,TARGET /var/lib/postgresql
sudo -u postgres psql -d rt5 -tAc "SELECT 'tickets = '||count(*) FROM tickets UNION ALL SELECT 'users = '||count(*) FROM users UNION ALL SELECT 'queues = '||count(*) FROM queues"

Adding your own domain and TLS
The appliance serves plain HTTP on port 80, and RT bakes its base URL into the links it puts in tickets and notifications, so for production you should set your own address. Front RT with your domain and a TLS certificate, then set $WebDomain to your public hostname in /etc/request-tracker5/RT_SiteConfig.d/91-cloudimg-web.pm and restart Apache:
sudo systemctl restart apache2
You can terminate TLS with Azure Application Gateway, an nginx or Caddy reverse proxy, or a managed load balancer with a certificate for your domain.
Security notes
- RT serves plain HTTP on port 80. For anything beyond a trusted network, put it behind your own TLS terminating reverse proxy or Azure Application Gateway with a certificate for your domain.
- The bundled PostgreSQL listens on
127.0.0.1only and is never reachable from the network. Administer it through RT or over SSH withsudo -u postgres psql rt5. - The administrator password and the database secret are unique per VM, and no known or blank credential authenticates. Keep
/root/request-tracker-credentials.txtprotected and change the password from within RT if you share access. - Restrict inbound
80/tcpin your NSG to the networks that need RT.
Support
This image is maintained by cloudimg with 24/7 support. If you need help deploying or operating Request Tracker on Azure, contact us at cloudimg.co.uk.