In this Resource I'd like to share how to set-up Snipe-IT in a FreeNAS jail.
Snipe-IT is a Free Open Source Asset Management Software, is web-based and utilizes Apache, mysql/mariadb and php - a standard FAMP-Stack.
Before I run down the steps, make sure to read the documentation thoroughly: https://snipe-it.readme.io/docs/introduction most steps needed are described there in detail.
However, because the doc is not entirely clear when it comes to FreeBSD, I'll provide all steps needed for a deployment in a jail.
In short, it consists of: creating an empty MySQL/MariaDB database, customize the snipe-it configuration file, install the dependencies via composer, and then configure the web server to your needs.
Theoretically you can use the core feature without a Full Qualified Domain Name, simply access the web interface via the jail IP.
Though, I'm not sure how well that works and I did not test it. The setup described below is now in production with multiple users and works very well.
Let's start:
1. Jail-Creation and pkgs
For most of this credit goes to tiagom62 from Github who rewrote the install script to get it working with freebsd. However, I pulled my hair out trying to get that script running in a jail hence I did all the necessary steps manually.
change *** to your network appliance
2. Set-up FAMP-Stack
#go into jail
#activate php
#run apache on startup
#Enable mod_rewrite
#Enable php in apache
Input this:
save and exit nano. (Ctrl + O, Ctrl + X)
#Creating the new virtual host in Apache.
save and exit
Replace ***yourFQDN*** with the domain via you want to access your snipe-IT webGUI, i.e. assets.mydomain.com
Asteriks must be removed, do not put "http" or "www" or slashes in your FQDN. Snipe-IT wants to sit behind a subdomain, if you must use a subdirectory like https://yourserver.com/snipe-it you can read up on that here https://snipe-it.readme.io/docs/subdirectories
#test your apache config
#Starting MariaDB
#Securing MariaDB
Answer questions 1 and 2 with no, the rest with yes.
#Creating MariaDB Database/User
Replace YOURDBPASSWORD with a strong password for your mysql-database, make sure to store it somewhere safe. Keep the apostrophese.
Enter your DB password when asked.
3. Install snipe-it
#Cloning Snipe-IT from github to the web directory
#Configuring .env file.
copy the following into the .env file and save and exit
Things you need to change to your specific setup are:
APP_TIMEZONE = PHP-supported timezone
DB_PASSWORD=mysql password you have chosen
MAIL SERVER SETTINGS= smtp mailservice, more in the snipe-it documenation
APP_TRUSTED_PROXIES=if snipeit runs behind a reverse proxy, the ip adress of the reverse proxy host goes here,
192.168.xxx.xxx or 192.168.xxx.xxx/24 both are possible
#Installing and running composer
#Setting permissions
#Generating the application key
IMPORTANT: write down/copy the generated key somewhere safe
#Artisan Migrate
#Creating scheduler cron
press i, copy line below and paste into crontab
press ESC and type :wq! and hit enter.
#restart apache
Navigate to your servers ip-adress or FQDN. You should now see the snipe-it pre-flight configuration website (http://yourFQDN/setup).
Work your way through the pre-flight setup guide, set-up user and password, if you encounter errors, consult the documentation and ultimatley you should land on the dashboard of Snipe-IT.
That's it!
-----------------------
Upgrading Snipe-IT
A few words about upgrading to a newer version of snipeit.
The snipeit git brings it own updater with it, so running that is enough - for now:
In the future there could be issues with composer. Because composer is installed via pkg and not copied from repo by php, like it is suggested in the documentation,
it would be wise to run composer before using the upgrade.php to let it update to the latest packages, so that the update script later just checks for updates and skips the php composer installation.
I've had yet the chance to test out this approach because there was only a minor update since writing this script. I will test it out when v5 is coming, which should be later this summer.
Snipe-IT is a Free Open Source Asset Management Software, is web-based and utilizes Apache, mysql/mariadb and php - a standard FAMP-Stack.
Before I run down the steps, make sure to read the documentation thoroughly: https://snipe-it.readme.io/docs/introduction most steps needed are described there in detail.
However, because the doc is not entirely clear when it comes to FreeBSD, I'll provide all steps needed for a deployment in a jail.
In short, it consists of: creating an empty MySQL/MariaDB database, customize the snipe-it configuration file, install the dependencies via composer, and then configure the web server to your needs.
Theoretically you can use the core feature without a Full Qualified Domain Name, simply access the web interface via the jail IP.
Though, I'm not sure how well that works and I did not test it. The setup described below is now in production with multiple users and works very well.
Let's start:
1. Jail-Creation and pkgs
For most of this credit goes to tiagom62 from Github who rewrote the install script to get it working with freebsd. However, I pulled my hair out trying to get that script running in a jail hence I did all the necessary steps manually.
Code:
echo '{"pkgs":["nano","git","unzip","apache24","mariadb104-server","mariadb104-client","php74","mod_php74","php74-bcmath","php74-composer","php74-ctype","php74-curl","php74-dom","php74-fileinfo","php74-filter","php74-gd","php74-iconv","php74-intl","php74-json","php74-ldap","php74-mbstring","php74-mysqli","php74-openssl","php74-pdo","php74-pdo_mysql","php74-pdo_sqlite","php74-pecl-imagick-im7","php74-phar","php74-session","php74-simplexml","php74-sqlite3","php74-tokenizer","php74-xml","php74-xmlwriter","php74-zip","php74-zlib","php74-posix", "ca_root_nss"]}' > /tmp/pkg.jsonCode:
iocage create -n "snipeit" -p /tmp/pkg.json -r 11.3-RELEASE ip4_addr="vnet0|192.168.***.***/24" defaultrouter="192.168.***.***" vnet="on" allow_raw_sockets="1" boot="on"
change *** to your network appliance
Code:
rm /tmp/pkg.json
2. Set-up FAMP-Stack
#go into jail
iocage console snipeit#activate php
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini#run apache on startup
sysrc apache24_enable="yes"sysrc mysql_enable="yes"service apache24 start#Enable mod_rewrite
Code:
sed -i .bak "s;#LoadModule rewrite_module libexec/apache24/mod_rewrite.so;LoadModule rewrite_module libexec/apache24/mod_rewrite.so;" /usr/local/etc/apache24/httpd.conf
#Enable php in apache
nano /usr/local/etc/apache24/Includes/php.confInput this:
Code:
<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
save and exit nano. (Ctrl + O, Ctrl + X)
#Creating the new virtual host in Apache.
nano /usr/local/etc/apache24/Includes/snipeit.conf Code:
<VirtualHost *:80>
<Directory /usr/local/www/apache24/data/snipeit/public>
Allow From All
AllowOverride All
Options +Indexes
</Directory>
DocumentRoot /usr/local/www/apache24/data/snipeit/public
ServerName ***yourFQDN***
</VirtualHost>
save and exit
Replace ***yourFQDN*** with the domain via you want to access your snipe-IT webGUI, i.e. assets.mydomain.com
Asteriks must be removed, do not put "http" or "www" or slashes in your FQDN. Snipe-IT wants to sit behind a subdomain, if you must use a subdirectory like https://yourserver.com/snipe-it you can read up on that here https://snipe-it.readme.io/docs/subdirectories
#test your apache config
apachectl restart#Starting MariaDB
service mysql-server start#Securing MariaDB
/usr/local/bin/mysql_secure_installationAnswer questions 1 and 2 with no, the rest with yes.
#Creating MariaDB Database/User
mysql -u root -p --execute="CREATE DATABASE snipeit;GRANT ALL PRIVILEGES ON snipeit.* TO snipeit@localhost IDENTIFIED BY 'YOURDBPASSWORD';"Replace YOURDBPASSWORD with a strong password for your mysql-database, make sure to store it somewhere safe. Keep the apostrophese.
Enter your DB password when asked.
3. Install snipe-it
#Cloning Snipe-IT from github to the web directory
git clone https://github.com/snipe/snipe-it /usr/local/www/apache24/data/snipeit#Configuring .env file.
cp /usr/local/www/apache24/data/snipeit/.env.example /usr/local/www/apache24/data/snipeit/.envnano /usr/local/www/apache24/data/snipeit/.envcopy the following into the .env file and save and exit
Code:
# -------------------------------------------- # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production APP_DEBUG=false APP_KEY= APP_URL=http://***YOURFQDN*** APP_TIMEZONE='US/Pacific' APP_LOCALE=en MAX_RESULTS=500 # -------------------------------------------- # REQUIRED: DATABASE SETTINGS # -------------------------------------------- DB_CONNECTION=mysql DB_HOST=localhost DB_DATABASE=snipeit DB_USERNAME=snipeit DB_PASSWORD=YOURDBPASSWORD DB_PREFIX=null DB_DUMP_PATH='/usr/local/bin' DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- DB_SSL=false DB_SSL_IS_PAAS=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_DRIVER=smtp MAIL_HOST=smtp.mail.com MAIL_PORT=465 MAIL_USERNAME=webmaster MAIL_PASSWORD=loginpasswordofyourmailservice MAIL_ENCRYPTION=ssl MAIL_FROM_ADDR=webmaster@mydomain.coim MAIL_FROM_NAME='Snipe-IT' MAIL_REPLYTO_ADDR=webmaster@mydomain.coim MAIL_REPLYTO_NAME='Snipe-IT' MAIL_BACKUP_NOTIFICATION_ADDRESS=admin@mydomain.coim # -------------------------------------------- # REQUIRED: IMAGE LIBRARY # This should be gd or imagick # -------------------------------------------- IMAGE_LIB=imagick # -------------------------------------------- # OPTIONAL: SESSION SETTINGS # -------------------------------------------- SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null SECURE_COOKIES=false # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- APP_TRUSTED_PROXIES=192.168.1.0/24,10.0.0.1 ALLOW_IFRAMING=false REFERRER_POLICY=same-origin ENABLE_CSP=false CORS_ALLOWED_ORIGINS=null # -------------------------------------------- # OPTIONAL: CACHE SETTINGS # -------------------------------------------- CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync CACHE_PREFIX=snipeit # -------------------------------------------- # OPTIONAL: REDIS SETTINGS # -------------------------------------------- REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT=null # -------------------------------------------- # OPTIONAL: MEMCACHED SETTINGS # -------------------------------------------- MEMCACHED_HOST=null MEMCACHED_PORT=null # -------------------------------------------- # OPTIONAL: AWS S3 SETTINGS # -------------------------------------------- AWS_SECRET=null AWS_KEY=null AWS_REGION=null AWS_BUCKET=null # -------------------------------------------- # OPTIONAL: LOGIN THROTTLING # -------------------------------------------- LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 # -------------------------------------------- # OPTIONAL: MISC # -------------------------------------------- APP_LOG=single APP_LOG_MAX_FILES=10 APP_LOCKED=false FILESYSTEM_DISK=local APP_CIPHER=AES-256-CBC GOOGLE_MAPS_API= BACKUP_ENV=true LDAP_MEM_LIM=500M LDAP_TIME_LIM=600
Things you need to change to your specific setup are:
APP_TIMEZONE = PHP-supported timezone
DB_PASSWORD=mysql password you have chosen
MAIL SERVER SETTINGS= smtp mailservice, more in the snipe-it documenation
APP_TRUSTED_PROXIES=if snipeit runs behind a reverse proxy, the ip adress of the reverse proxy host goes here,
192.168.xxx.xxx or 192.168.xxx.xxx/24 both are possible
#Installing and running composer
cd /usr/local/www/apache24/data/snipeitcurl -sS https://getcomposer.org/installer | phpphp composer.phar install --no-dev --prefer-source#Setting permissions
chmod -R 755 /usr/local/www/apache24/data/snipeit/storage
chmod -R 755 /usr/local/www/apache24/data/snipeit/storage/private_uploads
chmod -R 755 /usr/local/www/apache24/data/snipeit/public/uploads
chown -R www:www /usr/local/www/apache24/data/snipeit#Generating the application key
php artisan key:generate --forceIMPORTANT: write down/copy the generated key somewhere safe
#Artisan Migrate
php artisan migrate --force#Creating scheduler cron
crontab -epress i, copy line below and paste into crontab
* * * * * /usr/bin/php /usr/local/www/apache24/data/snipeit/artisan schedule:run >> /dev/null 2>&1press ESC and type :wq! and hit enter.
#restart apache
apachectl restartNavigate to your servers ip-adress or FQDN. You should now see the snipe-it pre-flight configuration website (http://yourFQDN/setup).
Work your way through the pre-flight setup guide, set-up user and password, if you encounter errors, consult the documentation and ultimatley you should land on the dashboard of Snipe-IT.
That's it!
-----------------------
Upgrading Snipe-IT
A few words about upgrading to a newer version of snipeit.
The snipeit git brings it own updater with it, so running that is enough - for now:
cd /usr/local/www/apache24/data/snipeit
su -m www -c "php upgrade.php"In the future there could be issues with composer. Because composer is installed via pkg and not copied from repo by php, like it is suggested in the documentation,
it would be wise to run composer before using the upgrade.php to let it update to the latest packages, so that the update script later just checks for updates and skips the php composer installation.
composer updateI've had yet the chance to test out this approach because there was only a minor update since writing this script. I will test it out when v5 is coming, which should be later this summer.