Zammad on Ubuntu 24.04 on Azure User Guide
Overview
Zammad is a modern open-source helpdesk and customer-support platform: a shared inbox and ticketing system that brings requests from email, web forms, chat, phone and social channels into one agent workspace, with SLAs, triggers and schedulers, a knowledge base, reporting and a full web UI for agents and customers. It is a Ruby on Rails application backed by PostgreSQL, with Redis for background jobs and Elasticsearch for fast full-text ticket and knowledge-base search. The cloudimg image installs Zammad 7.1 from the official Zammad package repository, keeps the database and search index on a dedicated Azure data disk, and generates the initial administrator account plus the application secret uniquely on the first boot of each VM. Backed by 24/7 cloudimg support.
What is included:
- Zammad 7.1 installed from the official Zammad apt repository (AGPL-3.0)
- The
zammad-web(Puma railsserver),zammad-websocketandzammad-workerservices, fronted by nginx on:80with an unauthenticated/healthzprobe - PostgreSQL 16 and Redis bound to loopback; Elasticsearch 8 bound to
127.0.0.1:9200(X-Pack security disabled because it is never network-reachable) with a conservative512m-1gheap - A single administrator account created uniquely on first boot and recorded in a root-only credentials file - no default login ships in the image
- The Getting Started wizard is closed on the shipped image, so nobody can claim the instance before you retrieve the per-VM admin password
- A per-VM Rails application secret generated on first boot - none is baked into the image
- A dedicated 20 GiB Azure data disk at
/var/lib/zammad-dataholding the PostgreSQL cluster and the Elasticsearch index, captured into the image and re-provisioned with every VM - 24/7 cloudimg support

Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_D4s_v5 (4 vCPU / 16 GiB RAM) is the recommended size - Zammad runs the Rails web, websocket and worker services alongside PostgreSQL, Redis and Elasticsearch, so do not go below 8 GiB of RAM. NSG inbound: allow 22/tcp from your management network, and 80/tcp (plus 443/tcp once you add your own TLS certificate) for the web interface. The appliance serves plain HTTP on port 80 so the UI works immediately; for production you add a domain and TLS (see "Harden for production").
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Zammad by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size (Standard_D4s_v5); under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name zammad \
--image <marketplace-image-urn> \
--size Standard_D4s_v5 \
--admin-username azureuser \
--ssh-key-values ~/.ssh/id_ed25519.pub \
--vnet-name <your-vnet> --subnet <your-subnet> \
--public-ip-sku Standard
az vm open-port --resource-group <your-rg> --name zammad --port 80 --priority 1010
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
On first boot the image generates the per-VM application secret, sets the Zammad fqdn to the VM public IP, creates the administrator account, rebuilds the search index and starts the stack. Confirm all services are active and bound to loopback:
PG=$(ls /etc/postgresql | sort -V | tail -1)
systemctl is-active postgresql@${PG}-main elasticsearch redis-server nginx zammad-web zammad-websocket zammad-worker
sudo ss -tlnp | grep -E ':80 |127.0.0.1:3000 |127.0.0.1:6042 |127.0.0.1:9200 |127.0.0.1:5432 |127.0.0.1:6379 '

Step 5 - Check health and search
The unauthenticated :80/healthz returns 200 for load-balancer probes. The Elasticsearch index powers Zammad's full-text ticket and knowledge-base search, and system_init_done confirms the Getting Started wizard is closed:
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/healthz
curl -s 'http://127.0.0.1:9200/_cat/indices?v' | grep zammad

Step 6 - Retrieve the per-VM admin credentials
The administrator account and a strong password are generated on first boot and written to a root-only file. The Rails application secret is unique to this VM and never leaves it:
sudo cat /root/zammad-credentials.txt
The file records the web URL, the admin e-mail and password. The PostgreSQL cluster and the Elasticsearch index live on the dedicated data disk:
findmnt -no SOURCE,TARGET,FSTYPE,SIZE /var/lib/zammad-data

Step 7 - Sign in and work your ticket queue
Browse to http://<vm-public-ip>/ and sign in with the admin e-mail and password from the credentials file. Zammad opens on your ticket overviews - the agent workspace where incoming requests are triaged. Each overview (Open Tickets, Unassigned & Open, Escalated, and so on) is a live, filterable queue.

Open a ticket to see the full conversation: every article (email, note or chat message), the customer and organisation, and the right-hand panel where you set the owner, state, priority and tags, add internal notes, and reply to the customer.

Step 8 - Administration settings
Open the admin area (the gear icon, or http://<vm-public-ip>/#manage) to configure the system. From here you manage users and agents, groups, roles and permissions, organisations, ticket overviews, SLAs, triggers and schedulers, macros, text modules, the knowledge base and channels (email, chat, and more).

Step 9 - Harden for production
The appliance boots ready to evaluate on a bare IP over plain HTTP. Before going live:
- Set your fully qualified domain name. Point a DNS record (for example
helpdesk.example.com) at the VM public IP, then set it in Admin -> Settings -> System -> Base, or from the shell:
bash
sudo zammad run rails r "Setting.set('fqdn','helpdesk.example.com')"
-
Add TLS. Put a certificate in front of nginx (for example with
certbot), open port443, and set the Zammadhttp_typetohttpsso generated links and email use HTTPS. -
Configure an email channel. In Admin -> Channels -> Email, add the mailbox Zammad polls for new tickets and the SMTP server it sends replies and notifications through - this is what turns Zammad into a shared support inbox and delivers password-reset e-mails.
-
Review agents, groups and roles. Create individual agent accounts (do not share the initial admin), assign them to groups, and define which groups each role can access.
Maintenance and production notes
- Data and search on the data disk: the PostgreSQL cluster and the Elasticsearch index live on the dedicated 20 GiB disk at
/var/lib/zammad-data. For a busy helpdesk, attach a larger disk and monitor free space. - Search index: if search results ever look stale, rebuild the index with
sudo zammad run rake zammad:searchindex:rebuild. - Backups: back up the PostgreSQL database (which also holds ticket attachments) regularly; the Elasticsearch index can always be rebuilt from the database.
- Updates: apply OS security updates with
sudo apt update && sudo apt upgrade. Zammad version upgrades follow the upstream release notes and are delivered through the Zammad package repository. - Security: the appliance ships no default login - the administrator account and the application secret are generated uniquely per VM on first boot, and the Getting Started wizard is closed. Keep
/root/zammad-credentials.txtprotected and change the admin password after first sign-in.
Zammad is free software licensed under the AGPL-3.0. This image is produced by cloudimg and is not affiliated with, sponsored by, or endorsed by Zammad GmbH or the Zammad Foundation. "Zammad" is a trademark of its respective owner.