Za
Developer Tools Azure

Zammad on Ubuntu 24.04 on Azure User Guide

| Product: Zammad on Ubuntu 24.04 LTS on Azure

Overview

Zammad is a modern open-source helpdesk and customer-support platform: a shared inbox and ticketing system that brings requests from email, web forms, chat, phone and social channels into one agent workspace, with SLAs, triggers and schedulers, a knowledge base, reporting and a full web UI for agents and customers. It is a Ruby on Rails application backed by PostgreSQL, with Redis for background jobs and Elasticsearch for fast full-text ticket and knowledge-base search. The cloudimg image installs Zammad 7.1 from the official Zammad package repository, keeps the database and search index on a dedicated Azure data disk, and generates the initial administrator account plus the application secret uniquely on the first boot of each VM. Backed by 24/7 cloudimg support.

What is included:

  • Zammad 7.1 installed from the official Zammad apt repository (AGPL-3.0)
  • The zammad-web (Puma railsserver), zammad-websocket and zammad-worker services, fronted by nginx on :80 with an unauthenticated /healthz probe
  • PostgreSQL 16 and Redis bound to loopback; Elasticsearch 8 bound to 127.0.0.1:9200 (X-Pack security disabled because it is never network-reachable) with a conservative 512m-1g heap
  • A single administrator account created uniquely on first boot and recorded in a root-only credentials file - no default login ships in the image
  • The Getting Started wizard is closed on the shipped image, so nobody can claim the instance before you retrieve the per-VM admin password
  • A per-VM Rails application secret generated on first boot - none is baked into the image
  • A dedicated 20 GiB Azure data disk at /var/lib/zammad-data holding the PostgreSQL cluster and the Elasticsearch index, captured into the image and re-provisioned with every VM
  • 24/7 cloudimg support

The Zammad sign-in page served by the VM

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_D4s_v5 (4 vCPU / 16 GiB RAM) is the recommended size - Zammad runs the Rails web, websocket and worker services alongside PostgreSQL, Redis and Elasticsearch, so do not go below 8 GiB of RAM. NSG inbound: allow 22/tcp from your management network, and 80/tcp (plus 443/tcp once you add your own TLS certificate) for the web interface. The appliance serves plain HTTP on port 80 so the UI works immediately; for production you add a domain and TLS (see "Harden for production").

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Zammad by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size (Standard_D4s_v5); under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name zammad \
  --image <marketplace-image-urn> \
  --size Standard_D4s_v5 \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name zammad --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the services are running

On first boot the image generates the per-VM application secret, sets the Zammad fqdn to the VM public IP, creates the administrator account, rebuilds the search index and starts the stack. Confirm all services are active and bound to loopback:

PG=$(ls /etc/postgresql | sort -V | tail -1)
systemctl is-active postgresql@${PG}-main elasticsearch redis-server nginx zammad-web zammad-websocket zammad-worker
sudo ss -tlnp | grep -E ':80 |127.0.0.1:3000 |127.0.0.1:6042 |127.0.0.1:9200 |127.0.0.1:5432 |127.0.0.1:6379 '

Zammad services active and the loopback listeners for the railsserver, websocket, Elasticsearch, PostgreSQL, Redis and nginx

Step 5 - Check health and search

The unauthenticated :80/healthz returns 200 for load-balancer probes. The Elasticsearch index powers Zammad's full-text ticket and knowledge-base search, and system_init_done confirms the Getting Started wizard is closed:

curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/healthz
curl -s 'http://127.0.0.1:9200/_cat/indices?v' | grep zammad

The Zammad version, the healthz probe returning 200, the Elasticsearch indices, and the closed Getting Started wizard

Step 6 - Retrieve the per-VM admin credentials

The administrator account and a strong password are generated on first boot and written to a root-only file. The Rails application secret is unique to this VM and never leaves it:

sudo cat /root/zammad-credentials.txt

The file records the web URL, the admin e-mail and password. The PostgreSQL cluster and the Elasticsearch index live on the dedicated data disk:

findmnt -no SOURCE,TARGET,FSTYPE,SIZE /var/lib/zammad-data

The per-VM Zammad credentials file with the password masked, and the data disk holding PostgreSQL and Elasticsearch

Step 7 - Sign in and work your ticket queue

Browse to http://<vm-public-ip>/ and sign in with the admin e-mail and password from the credentials file. Zammad opens on your ticket overviews - the agent workspace where incoming requests are triaged. Each overview (Open Tickets, Unassigned & Open, Escalated, and so on) is a live, filterable queue.

The Zammad agent ticket overview showing the Open Tickets queue

Open a ticket to see the full conversation: every article (email, note or chat message), the customer and organisation, and the right-hand panel where you set the owner, state, priority and tags, add internal notes, and reply to the customer.

A Zammad ticket detail view showing the conversation and the owner, state, priority and tags panel

Step 8 - Administration settings

Open the admin area (the gear icon, or http://<vm-public-ip>/#manage) to configure the system. From here you manage users and agents, groups, roles and permissions, organisations, ticket overviews, SLAs, triggers and schedulers, macros, text modules, the knowledge base and channels (email, chat, and more).

The Zammad admin area showing user management and the settings navigation

Step 9 - Harden for production

The appliance boots ready to evaluate on a bare IP over plain HTTP. Before going live:

  1. Set your fully qualified domain name. Point a DNS record (for example helpdesk.example.com) at the VM public IP, then set it in Admin -> Settings -> System -> Base, or from the shell:

bash sudo zammad run rails r "Setting.set('fqdn','helpdesk.example.com')"

  1. Add TLS. Put a certificate in front of nginx (for example with certbot), open port 443, and set the Zammad http_type to https so generated links and email use HTTPS.

  2. Configure an email channel. In Admin -> Channels -> Email, add the mailbox Zammad polls for new tickets and the SMTP server it sends replies and notifications through - this is what turns Zammad into a shared support inbox and delivers password-reset e-mails.

  3. Review agents, groups and roles. Create individual agent accounts (do not share the initial admin), assign them to groups, and define which groups each role can access.

Maintenance and production notes

  • Data and search on the data disk: the PostgreSQL cluster and the Elasticsearch index live on the dedicated 20 GiB disk at /var/lib/zammad-data. For a busy helpdesk, attach a larger disk and monitor free space.
  • Search index: if search results ever look stale, rebuild the index with sudo zammad run rake zammad:searchindex:rebuild.
  • Backups: back up the PostgreSQL database (which also holds ticket attachments) regularly; the Elasticsearch index can always be rebuilt from the database.
  • Updates: apply OS security updates with sudo apt update && sudo apt upgrade. Zammad version upgrades follow the upstream release notes and are delivered through the Zammad package repository.
  • Security: the appliance ships no default login - the administrator account and the application secret are generated uniquely per VM on first boot, and the Getting Started wizard is closed. Keep /root/zammad-credentials.txt protected and change the admin password after first sign-in.

Zammad is free software licensed under the AGPL-3.0. This image is produced by cloudimg and is not affiliated with, sponsored by, or endorsed by Zammad GmbH or the Zammad Foundation. "Zammad" is a trademark of its respective owner.