Snipe IT

From Linux Infrastructure Advisory
Setup Details
App Server: snipe
Network	  : 172.16.141.0/24
IP Address : 172.16.141.98
Subnet Mask: 255.255.255.0
Gateway: 172.16.141.1
DNS: 8.8.8.8
sudo user: kedar

Container: db1
Network: 172.16.141.0/24
IP Address : 172.16.141.102
Subnet Mask: 255.255.255.0
Gateway: 172.16.141.1
DNS: 8.8.8.8
sudo user: kedar

Before you proceed

The domain used here is networked.com. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Snipe IT configured for this domain in this 'howto' is not reachable on public IP. If you try networked.com and find any material that may be suitable / unsuitable to you, we are not the owners of the same and we are not responsible for the content.

Introduction

  • Installation of Snipe IT with FQDN as: https://assets.networked.net
  • Apache2 web server will be used and the root folder will be: /var/www/html/snipe/
  • Mariadb server will be used as a database server
  • The site will be hosted on port number: 443
  • Self signed SSL certificates will be used.
  • Host entry to ensure this website is reachable is done in the user PC, in absence of a DNS

Pre-requisites installation

  • Log into the appserver / webserver (ssh kedar@172.16.141.98) and run the below commands
sudo apt install php8.3 php8.3-mysql php8.3-curl php8.3-xml php8.3-bcmath php8.3-zip php8.3-ldap php8.3-mbstring php8.3-oauth git libapache2-mod-php8.3 php8.3-cli apache2 php8.3-gd rsync nano openssl
sudo a2enmod ssl rewrite

Database Creation

  • Database will be created in a mariadb server which is setup in another container. Latest mariadb server has been installed and run the below commands after an ssh into the mariadb server.
sudo mysql -u root -p
CREATE DATABASE snipe;
GRANT ALL PRIVILEGES ON snipe.* TO "snipe"@"%" IDENTIFIED BY "123456";
FLUSH PRIVILEGES;
quit;
  • Password used should be strong enough. The password shown above is only for demo purposes.

Create self signed certificates

  • Log into the appserver / webserver and run the below commands
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/snipe.key -out /etc/ssl/certs/snipe.crt
  • You can use a commercial self signed certificate if you have one or can also use free Lets Encrypt certificate
  • Using Lets Encrypt certificates is out of scope of this howto

Create Directory and Download

  • Create a Directory
kedar@snipe:~$ cd /var/www/html/
kedar@snipe:/var/www/html$ sudo mkdir snipe
  • Download in the correct directory
kedar@snipe:/var/www/html$ cd snipe
kedar@snipe:/var/www/html/snipe$ sudo git clone https://github.com/snipe/snipe-it /var/www/html/snipe/
  • Using git to download makes sense, as updating Snipe IT with newer versions only requires 'git pull' from the snipe directory
  • Other options to download are available, but not recommended as a lot of manual work will be required for updating the Snipe IT instance.

Configure Snipe IT

  • Make a copy of the .env.example file (/var/www/html/snipe/) and call it .env - This file is the configuration file where all the information about the Snipe IT installation will be stored.
  • Make following changes in the .env file
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=https://assets.networked.net  
APP_TIMEZONE='Asia/Kolkata'
APP_LOCALE=en
MAX_RESULTS=500

 --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=172.16.141.102
DB_PORT=3306
DB_DATABASE=snipe
DB_USERNAME=snipe
DB_PASSWORD=123456
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci
DB_SANITIZE_BY_DEFAULT=false

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=fakeid@gmail.com
MAIL_PASSWORD=jfhgklhjklg
MAIL_FROM_ADDR=fakeid@gmail.com
MAIL_FROM_NAME='Kedar Snipe-IT'
MAIL_REPLYTO_ADDR=fakeid@gmail.com
MAIL_REPLYTO_NAME='Kedar Snipe-IT'
MAIL_AUTO_EMBED_METHOD='attachment'
MAIL_TLS_VERIFY_PEER=true
  • The 'MAIL-PASSWORD' directive will have application password, as gmail will not allow normal password to be used. Create an app password for the email so that Snipe IT can use this email account, for sending out email notifications to all users when an asset is allocated

Install Dependencies

  • The root folder needs to have the owner as the local user (not root) which in this case is kedar. Hence set the permissions on the snipe folder first before installing the dependencies
sudo chown - R kedar:kedar /var/www/html/snipe/
  • Now run the following commands in the given sequence to install all the dependencies. This takes time depending on the internet speed.
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
  • Once the above commands are successful, change the permission to www-data:www-data
sudo chown - R www-data:www-data /var/www/html/snipe/
  • To force Snipe IT to use SSL, uncomment below two lines in the file -> /var/www/html/snipe/public/.htaccess.
# Uncomment these two lines to force SSL redirect in Apache
     RewriteCond %{HTTPS} off
     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Configure Apache webserver

  • Create virtual host for the website in /etc/apache2/sites-available/
cd /etc/apache2/sites-available
sudo a2dissite 000-default.conf
sudo a2dissite default-ssl.conf
sudo nano snipe.conf
  • Add the below configuration in the snipe.conf file
<VirtualHost *:443>
                ServerName      assets.networked.net
                ServerAlias     assets
                ServerAdmin     fakeid@gmail.com
                DocumentRoot    /var/www/html/snipe/public/

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/snipe.crt
                SSLCertificateKeyFile /etc/ssl/private/snipe.key
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
                <Directory /var/www/html/snipe/public/>
                        AllowOverride All
                </Directory>
        </VirtualHost>
  • Enable the site and Restart apache service
sudo a2ensite snipe.conf
sudo a2enmod rewrite ssl
sudo sysemctl restart apache2

Pre-Flight Test

  • Using a browser navigate to https://assets.networked.net
  • Click on create database Tables
  • Click on Next and create user
  • Finally Login using the user created

Conclusion

  • We have a working Snipe IT instance hosted on an apache web server.

References