• Home
  • GLPI on Ubuntu 20.04+ LTS

Good, license-free ticketing system


It does the job of opening and tracking tickets. A friend recently asked me to help him install GLPI on Ubuntu 20.04 LTS, with support for sending emails from the most popular clouds, such as Azure, GCP and AWS.

He had some difficulty in the process because the material he found on the internet lacked some essential details. So I decided to write this article in tutorial format, in the hope that it will be useful to anyone else who finds themselves in the same situation.


This installation will work on any Cloud, Hypervisor or server with a minimum of 2GB RAM and 20Gb HD.

The minimum configuration for GLPI to work properly is:

- 2 GB RAM

- 2 vCPU

- 20 GB HD

Tip to increase the size of the HD if you are not using LVM

In my case, I used an Ubuntu cloud image. Although this is a practical approach, the HD of this type of image can be very small, as we can see in the image below.

Login to Ubuntu via shell

To expand the disk, shut down the VM, increase the disk size via your hypervisor’s management console, and start the VM again. The VM’s disk will be larger, but the filesystem will remain the same size.

Ubuntu's small cloud image filesystem

To expand the filesystem, run these commands:

sudo growpart /dev/sda 1
sudo resize2fs /dev/sda1
Filesystem increased in size


After installing Ubuntu, start preparing the VM:

Update the packages:

sudo apt-get update
sudo apt-get -y upgrade

Install and activate the VM Guest Agent, so that Clouds and Hypervisors can obtain information from the instance or VM:

sudo apt-get -y install qemu-guest-agent
sudo systemctl enable --now qemu-guest-agent.service

Install the necessary software:

sudo apt-get -y install bash-completion chrony xz-utils libarchive-tools bzip2 unzip curl sendmail
sudo apt-get -y install apache2 libapache2-mod-php php-soap php-cas
sudo apt-get -y install php-{apcu,curl,gd,imap,ldap,mysql,xmlrpc,xml,mbstring,bcmath,intl,zip,bz2}
sudo apt-get -y install php-mail libphp-phpmailer


sudo apt-get -y install mariadb-server

Installing the database may take a few minutes, as Ubuntu’s mariadb-server package runs some post-installation scripts. To follow the process, open another terminal and run this command:

while true; do ps faxuwww | grep mysql; sleep 5; clear; done

Timezone and Clock

sudo timedatectl set-timezone America/Sao_Paulo
sudo systemctl enable --now chrony
chronyc sources

The server must have the correct time:

Ajuste de hora via NTP

Operating system settings

It is important that the VM has a well-defined hostname, as well as a correctly configured domain name and timezone. These settings are important for GLIP to be able to send emails, as well as operate correctly when opening tickets. We also need to adjust the default log rotation behavior, as well as activate the email trigger service.

sudo hostnamectl set-hostname
sudo sed -i s/weekly/daily/g /etc/logrotate.conf
sudo systemctl enable --now sendmail

Web Server

By default, GLPI uses Apache as its web server. We will now create a directory for GLPI and authorize access to it:

$ sudo mkdir -p /var/www/html/glpi
$ sudo -i
# echo -e "<Directory \"/var/www/html/glpi\">\nAllowOverride All\n</Directory>" > /etc/apache2/conf-available/glpi.conf

Activate the created configuration:

a2enconf glpi.conf
systemctl reload apache2


Downloading GLPI:

wget -O- | tar -zxv -C /var/www/html/
Downloading GLPI

Change the owner of the files to the user running Apache (this may have security implications, but due to the way GLPI operates, it is necessary):

sudo chown -vRf www-data:www-data /var/www/html/glpi
Changing the owner of GLPI files

Change file permissions:

sudo find /var/www/html/glpi -type d -exec chmod 755 {} \;
sudo find /var/www/html/glpi -type f -exec chmod 644 {} \;

Creating a User and Database in MariaDB (take note of the password, as it will be used later):

sudo mysql -e "create database glpidb character set utf8"
sudo mysql -e "create user 'glpi_admin'@'localhost' identified by '**k21f7f82a493f01X**'"
sudo mysql -e "grant all privileges on glpidb.* to 'glpi_admin'@'localhost' with grant option";

Set a strong password for the MariaDB root (example: labx32g8g93b514g12M):

$ sudo mysql_secure_installation

responder Y para todas as perguntas

Adjusting the database timezone so that GLPI displays time data correctly and can work properly with schedules:

mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql mysql
sudo mysql -e "GRANT SELECT ON mysql.time_zone_name TO 'glpi_admin'@'localhost';"
sudo mysql -e "FLUSH PRIVILEGES;"

Installing GLPI via shell:

sudo php /var/www/html/glpi/bin/console glpi:database:install \
--db-host='localhost' \
--db-name='glpidb' \
--db-user='glpi_admin' \
GLPI DB instalada

Adjust once again the files owner:

sudo chown -vRf www-data:www-data /var/www/html/glpi/files
Ajuste de proprietário dos arquivos

Configuring CRON so that GLPI can trigger tasks automatically:

$ sudo -i
# echo -e "* * * * *\troot\tphp\t/var/www/html/glpi/front/cron.php" >> /etc/crontab
# exit
$ sudo systemctl restart cron.service

Remove the GLPI installation directory to free up disk space.

$ sudo rm -vRf /var/www/html/glpi/install

GLPI access

If you have already configured your FQDN, use it to access GLPI via the Web Browser. Otherwise, use the IP of the VM or Instance.

GLPI login screen, still without HTTPS

A profile must be used to authenticate with GLPI. There are 4 different profiles, with their respective default passwords, which must be changed as soon as you log in for the first time.

GLPI accessed with profile glpi

Default users and passwords for GLPI profiles:

- glpi/glpi (super-admin)

- tech/tech

- postonly/postonly (only for helpdesk)

- normal/normal

We will now create an Apache URL Rewrite, so that accesses to the web server root are redirected to “/glpi”.

Example: From “” to “"

First activate the module:

$ sudo a2enmod rewrite\
$ sudo systemctl restart apache2

Edit the default virtual host so that it makes use of mod_rewrite. But first, create a backup of the original file:

$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.bkp

Replace the contents of the file “/etc/apache2/sites-available/000-default.conf” with this one:

HTTP site configuration

Make sure you’ve done everything right:

$ apachectl -t\

Syntax OK

Create the rewrite policy:

$ sudo vi /var/www/html/.htaccess

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /glpi/ [R=301]

Restart the service to validate the changes:

$ sudo systemctl restart apache2

SSL encryption in Apache

There are 2 ways to activate encryption (HTTPS) in Apache:

1. With purchased (or locally generated and signed) digital certificates,

2. By using Let’s Encrypt.

I recommend using Let’s Encrypt to save money. Just follow this link to configure it.

NOTE: Let’s Encrypt requires valid (public) IPs to be used. However, there is a way to use Let’s Encrypt in an environment that only has private IPs (where access only works on a local network or via VPN).

In this article we will present the approach that uses a locally generated and signed certificate. It doesn’t differ much from a certificate purchased from an official CA.

$ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apacheself.key -out /etc/ssl/certs/apacheself.crt

Fill in the answers so that they are similar to the following:

Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Rio de Janeiro
Locality Name (eg, city) []:Rio de Janeiro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Linux Elite
Organizational Unit Name (eg, section) []:TI
Common Name (e.g. server FQDN or YOUR name) []
Email Address []:[email protected]
Creating a digital certificate

Configure Apache to use SSL:

$ sudo vi /etc/apache2/conf-available/ssl.conf

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLSessionTickets Off

Define an SSL site:

$ sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bkp

The file /etc/apache2/sites-available/default-ssl.conf must have the following content:

$ sudo vi /etc/apache2/sites-available/default-ssl.conf
SSL site configuration (HTTPS)

Activate all changes:

$ sudo a2enmod ssl
$ sudo a2enmod headers
$ sudo a2ensite default-ssl
$ sudo a2enconf ssl

Make sure the settings are correct:

$ sudo apachectl -t

Syntax OK

Restart Apache for the settings to take effect:

$ sudo systemctl restart apache2

Note that there is now an HTTPS service running:

$ ss -ta | grep http

LISTEN 0 511 *:https *:*
LISTEN 0 511 *:http *:*
HTTP and HTTPS web service

If you want to automatically redirect HTTP accesses to HTTPS, make this change in the ".htaccess” file:

$ sudo vi /var/www/html/.htaccess

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /glpi/ [R=301]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

Refresh your web browser. You will be redirected to HTTPS.

Alert for self-signed certificates by a Local CA

Display the details of the digital certificate.

Information on the self-signed certificate

Email Relay

GLPI is unable to authenticate via username and password with the email providers of some public clouds. So we can’t configure it in this way to send emails. To get around this problem, we have to distribute emails via relay.

Ative as notificações do GLPI:

Activate GLPI notifications

Configure GLPI to use the SMTP service we have installed:

Mail Server utilizando o SMTP local

Check in the Postfix logs that the e-mail was sent:

$ tail /var/log/mail.log

Authorizing Relay in Office365

This is the tricky part. In office 365, you need to find out which SMTP pool serves your domain in order to use this information in the Postfix relay configuration. Use MX Toolbox to find out which is your MX SMTP Pool.

MX FQDN that serves the domain in the Office 365 Cloud

Once you have this information, it’s time to configure Postfix to send the emails via relay.

Use this post as a reference when configuring Postfix.

Note only the item “3. Office 365 SMTP relay” in the post. The user and password configuration part is not necessary, as we will be authorizing Mail Flow by IP.

In the Office 365 administrative panel, create a connector:

Exchange Admin Center > Mail Flow > Connectors > + Add a connector

Mail Flow connector example screen

Set it up like this:

- Mail flow scenario: From: Your organization’s email server To: Office 365

- Name: GLPI

- Description: Allow GLPI Mail Relay

Choose the Radio Button “By verifying the IP address of the sending server matches one of the followig IP addresses, which belong exclusively to your organization”.

In the available field, enter the public IP that is associated with GLPI. You can also use the NAT Gateway IP if the environment does not use valid IPs.

Authorizing Relay in GSuite

The relay system is the same as for GCP. All you have to do is authorize the IPs that will send the messages through Google’s SMTP structure.

GSuite Administrator

The Postfix e-mail relay configuration can be done according to Google’s documentation.

GSuite’s SMTP information can be consulted here.

Authorizing Relay on AWS

In the case of AWS, configuration must be done via SNS. Simply follow the setup of the Postfix relayhost, using the information contained in the SNS documentation.

The end

That’s it folks. I hope this material was useful for those who are having trouble installing and configuring GLPI in more modern structures, such as the current public clouds.


Did you like the content? Check out these other interesting articles! 🔥

Could you help?

Please support this content by clicking on one of our advertisers’ banners. ❤️

Perhaps you’ll be interested! 🔝

Are you familiar with OCS Inventory? How about taking a look and learning a bit more?

comments powered by Disqus