MantisBT is a free, open-source bug tracking system built with PHP and MySQL/MariaDB. It provides a simple web interface for teams to report, track, and manage software defects and feature requests. MantisBT supports email notifications, role-based access control, custom fields, and plugin extensions – making it a practical choice for small to mid-size development teams that need a self-hosted project management solution.
This guide walks through installing MantisBT 2.28.1 on Ubuntu 24.04 with Apache, PHP 8.3, and MariaDB. We also cover Apache virtual host configuration, SSL with Let’s Encrypt, email notifications, and firewall rules. The same steps work on Ubuntu 22.04 with minor adjustments to PHP version numbers.
Prerequisites
Before starting, make sure you have the following in place:
- A server running Ubuntu 24.04 LTS with at least 1GB RAM and 10GB free disk space
- Root or sudo access to the server
- A registered domain name pointed to your server IP (for SSL setup)
- Ports 80 (HTTP) and 443 (HTTPS) open in your firewall
All commands in this guide are run as root. If you are using a regular user with sudo, switch to root first:
sudo -iStep 1: Install Apache, PHP, and MariaDB (LAMP Stack)
MantisBT requires a web server, PHP, and a database backend. We will use Apache, PHP 8.3 (the default on Ubuntu 24.04), and MariaDB as the database server.
Update the package index and install all required packages:
apt update
apt install -y apache2 mariadb-server php php-mysql php-xml php-mbstring php-curl php-gd php-intl php-zip unzipAfter installation, enable and start both Apache and MariaDB:
systemctl enable --now apache2 mariadbVerify that both services are running:
systemctl status apache2 --no-pager
systemctl status mariadb --no-pagerBoth services should show active (running) in the output.
Confirm the PHP version installed on your system:
php -vYou should see PHP 8.3.x confirmed as the active version:
PHP 8.3.x (cli) (built: ...)
Copyright (c) The PHP Group
Zend Engine v4.3.x, Copyright (c) Zend Technologies
with Zend OPcache v8.3.x, Copyright (c), by Zend TechnologiesSecure the MariaDB installation by running the security script:
mariadb-secure-installationAnswer the prompts: set a root password, remove anonymous users, disallow remote root login, remove the test database, and reload privilege tables.
Step 2: Create a Database for MantisBT
MantisBT stores all bug reports, user accounts, and configuration in a database. Create a dedicated database and user for MantisBT:
mariadb -u root -pRun the following SQL statements at the MariaDB prompt to create the database, user, and grant the necessary privileges:
CREATE DATABASE mantisdb DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'mantisuser'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON mantisdb.* TO 'mantisuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Replace StrongPassword123! with a secure password of your choice. Keep these credentials handy – you will need them during the web installer setup.
Step 3: Download and Install MantisBT
Download the latest stable release of MantisBT (2.28.1 at the time of writing) from the official SourceForge repository:
cd /tmp
wget https://sourceforge.net/projects/mantisbt/files/mantis-stable/2.28.1/mantisbt-2.28.1.zip/download -O mantisbt-2.28.1.zipExtract the archive and move it to the Apache web root:
unzip mantisbt-2.28.1.zip
mv mantisbt-2.28.1 /var/www/mantisbtSet the correct ownership so Apache can read and write to the MantisBT directory:
chown -R www-data:www-data /var/www/mantisbtStep 4: Configure Apache Virtual Host for MantisBT
Create a dedicated Apache virtual host for MantisBT. This keeps the configuration clean and allows you to serve MantisBT on its own domain or subdomain.
Create the virtual host configuration file:
vi /etc/apache2/sites-available/mantisbt.confAdd the following configuration. Replace mantis.example.com with your actual domain name:
<VirtualHost *:80>
ServerName mantis.example.com
DocumentRoot /var/www/mantisbt
<Directory /var/www/mantisbt>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/mantisbt-error.log
CustomLog ${APACHE_LOG_DIR}/mantisbt-access.log combined
</VirtualHost>Enable the new site, enable the Apache rewrite module, and disable the default site:
a2ensite mantisbt.conf
a2enmod rewrite
a2dissite 000-default.conf
systemctl reload apache2Verify Apache is running without configuration errors:
apachectl configtestThe output should show Syntax OK confirming the configuration is valid.
Step 5: Run the MantisBT Web Installer
Open your browser and navigate to your server’s domain to launch the MantisBT web installer:
http://mantis.example.com/admin/install.phpOn the installation page, fill in the following details:
- Type of Database: MySQL Improved
- Hostname: localhost
- Username: mantisuser
- Password: the password you set in Step 2
- Database name: mantisdb
- Admin Username: administrator (default MantisBT admin account)
- Admin Password: root (change this immediately after login)
Click Install/Upgrade Database to proceed. The installer creates all required database tables and configures MantisBT. Once complete, you will see a success message confirming all operations passed.
After the installation finishes, log in at http://mantis.example.com using the default credentials – username administrator and password root. Change the administrator password immediately from My Account > Change Password.
Step 6: Configure MantisBT Settings
MantisBT stores its main configuration in /var/www/mantisbt/config/config_inc.php. This file is created by the web installer, but you should customize several settings for production use.
Open the configuration file:
vi /var/www/mantisbt/config/config_inc.phpAdd or update the following settings after the existing database configuration block:
# Base URL - set to your actual domain
$g_path = 'https://mantis.example.com/';
# Branding
$g_window_title = 'MantisBT Bug Tracker';
# Security settings
$g_crypto_master_salt = 'CHANGE-THIS-TO-A-RANDOM-STRING';
# Time zone
$g_default_timezone = 'UTC';
# Session handling
$g_session_handler = 'php';
# File upload settings
$g_allow_file_upload = ON;
$g_file_upload_method = DISK;
$g_absolute_path_default_upload_folder = '/var/www/mantisbt/uploads/';
$g_max_file_size = 10000000;
# Signup and anonymous access
$g_allow_signup = OFF;
$g_allow_anonymous_login = OFF;Create the uploads directory and set proper permissions:
mkdir -p /var/www/mantisbt/uploads
chown www-data:www-data /var/www/mantisbt/uploadsGenerate a random string for the $g_crypto_master_salt setting:
openssl rand -hex 32Copy the output and replace CHANGE-THIS-TO-A-RANDOM-STRING in the config file with the generated value.
Step 7: Configure Email Notifications
MantisBT can send email notifications when bugs are reported, assigned, or updated. For reliable email delivery, configure an external SMTP server instead of using the local sendmail.
Open the configuration file:
vi /var/www/mantisbt/config/config_inc.phpAdd the SMTP configuration block. Replace the values with your actual mail server details:
# Email configuration
$g_phpMailer_method = PHPMAILER_METHOD_SMTP;
$g_smtp_host = 'smtp.example.com';
$g_smtp_port = 587;
$g_smtp_connection_mode = 'tls';
$g_smtp_username = '[email protected]';
$g_smtp_password = 'your-smtp-password';
# Sender details
$g_from_email = '[email protected]';
$g_from_name = 'MantisBT Bug Tracker';
$g_return_path_email = '[email protected]';
# Enable email notifications
$g_enable_email_notification = ON;Common SMTP providers and their settings:
- Gmail: smtp.gmail.com, port 587, TLS (requires App Password if 2FA is enabled)
- Postfix (local): localhost, port 25, no authentication
- Amazon SES: email-smtp.us-east-1.amazonaws.com, port 587, TLS
To test email delivery, create a test bug report and verify the notification arrives at the assigned user’s email.
Step 8: Secure MantisBT with Let’s Encrypt SSL
Production instances of MantisBT should always run over HTTPS. Install Certbot and obtain a free Let’s Encrypt SSL certificate:
apt install -y certbot python3-certbot-apacheRequest the certificate for your MantisBT domain. Certbot automatically configures the Apache virtual host for SSL:
certbot --apache -d mantis.example.comFollow the prompts to enter your email address and agree to the terms. Choose to redirect all HTTP traffic to HTTPS when asked. Certbot modifies your Apache configuration to enable SSL and sets up automatic certificate renewal.
Verify that automatic renewal is working:
certbot renew --dry-runThe dry-run output should confirm that the certificate renewal process works correctly without errors.
After enabling SSL, update the $g_path setting in /var/www/mantisbt/config/config_inc.php to use HTTPS:
$g_path = 'https://mantis.example.com/';Step 9: Configure Firewall Rules
If UFW (Uncomplicated Firewall) is enabled on your Ubuntu server, allow HTTP and HTTPS traffic so users can access MantisBT:
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 22/tcp
ufw enableVerify the firewall rules are active:
ufw status verboseThe output should show ports 22, 80, and 443 open for incoming TCP connections:
Status: active
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)Step 10: Remove the Admin Installation Directory
The MantisBT admin directory contains the installation script and diagnostic tools. Leaving it accessible after installation is a security risk. Remove or restrict access to it:
rm -rf /var/www/mantisbt/adminAlternatively, if you want to keep the admin tools for future upgrades, restrict access through Apache by adding this to your virtual host configuration:
vi /etc/apache2/sites-available/mantisbt-le-ssl.confAdd the following block inside the <VirtualHost> section:
<Directory /var/www/mantisbt/admin>
Require ip 192.168.1.0/24
Require ip 127.0.0.1
</Directory>Replace 192.168.1.0/24 with your trusted network. Reload Apache to apply the change:
systemctl reload apache2Conclusion
MantisBT is now installed and running on Ubuntu 24.04 with Apache, PHP 8.3, and MariaDB. You have a working bug tracker with SSL encryption, email notifications, and firewall protection. For production environments, set up regular database backups using mariadb-dump, monitor Apache access logs for suspicious activity, and keep MantisBT updated by checking the official MantisBT site for new releases.
