Testing SnipeIT on Fedora
-
To install Snipe-IT on a fresh Fedora 28 minimal install:
- Install Fedora Server 28 minimal from NetISO.
- Okay to install the typical packages:
dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
- Download and run the Snipe-IT install script:
wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
chmod 744 install.sh
./install.sh
- By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
- By default, you won't be able to send mail with SELinux, allow it to:
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_sendmail 1
- Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
mysql -u root -p
ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;
Now go back to the Pre-flight page, and it should continue on as normal.
-
What permissions should the .env file be set to?
As when I've done the manual git clone method the preflight keeps telling me to make sure it's protected from the outside world
-
@hobbit666 said in Testing SnipeIT on Fedora:
What permissions should the .env file be set to?
As when I've done the manual git clone method the preflight keeps telling me to make sure it's protected from the outside world
640 should be fine.
Are you able to browse to the .env file on your web browser? You should get a 404 when trying to.
-
@obsolesce it seemed to do that no matter what I set the permissions to
-
@obsolesce Gives me a oops something went wrong so guess it's alright.
-
@obsolesce Are you using MariaDB or MySQL? Also what versions.
I'm getting SQL Syntax errors on the pre-flight but looking on line i can see a post about version 10.2 causing issues.
-
Even the install script seem to be giving me jip as well.
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''' at line 1 (SQL: ALTER TABLE assets CHANGE _snipeit_mac_address _snipeit_mac_address_1 VARCHAR(191) DEFAULT ''NULL'')
-
@hobbit666 said in Testing SnipeIT on Fedora:
@obsolesce Are you using MariaDB or MySQL? Also what versions.
I'm getting SQL Syntax errors on the pre-flight but looking on line i can see a post about version 10.2 causing issues.
Even the install script seem to be giving me jip as well.
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''' at line 1 (SQL: ALTER TABLE assets CHANGE _snipeit_mac_address _snipeit_mac_address_1 VARCHAR(191) DEFAULT ''NULL'')
Oops should have looks up a bit can see @Obsolesce has already posted about this
-
@hobbit666 said in Testing SnipeIT on Fedora:
@obsolesce Are you using MariaDB or MySQL? Also what versions.
I'm getting SQL Syntax errors on the pre-flight but looking on line i can see a post about version 10.2 causing issues.
MariaDB, latest repo version... 10.2.
Look at #6 here:
@obsolesce said in Testing SnipeIT on Fedora:
To install Snipe-IT on a fresh Fedora 28 minimal install:
- Install Fedora Server 28 minimal from NetISO.
- Okay to install the typical packages:
dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
- Download and run the Snipe-IT install script:
wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
chmod 744 install.sh
./install.sh
- By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
- By default, you won't be able to send mail with SELinux, allow it to:
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_sendmail 1
- Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
mysql -u root -p
ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;
Now go back to the Pre-flight page, and it should continue on as normal.
-
@obsolesce Yeah did your Alter table and i'm up and running and also imported my data from the old version.
Now to get it to work from behind a NGINX proxy
-
Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.
Guess its down to how i've exported and imported the database.
-
@hobbit666 said in Testing SnipeIT on Fedora:
Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.
Guess its down to how i've exported and imported the database.
Yeah probably due to that. I can add/edit fine using the instructions I provided.
-
@hobbit666 said in Testing SnipeIT on Fedora:
Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.
Guess its down to how i've exported and imported the database.
If oyu were not on the same version things will be bad.
because they update the database between versions for bugs or enhancemnts, etc. -
@obsolesce @JaredBusch
Yeah doing a clean install then will use the Export to CSV and re-import method so i can map the columns. -
@obsolesce said in Testing SnipeIT on Fedora:
To install Snipe-IT on a fresh Fedora 28 minimal install:
- Install Fedora Server 28 minimal from NetISO.
- Okay to install the typical packages:
dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
- Download and run the Snipe-IT install script:
wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
chmod 744 install.sh
./install.sh
- By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
- By default, you won't be able to send mail with SELinux, allow it to:
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_sendmail 1
- Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
mysql -u root -p
ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;
Now go back to the Pre-flight page, and it should continue on as normal.
Backups via the SnipeIT Admin web interface won't work unless php-zip is installed:
dnf install php-zip
-
New SnipeIT server all working with http://<Serverip>
But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-Do i need to configure the snipe server to be on https ??
-
@hobbit666 said in Testing SnipeIT on Fedora:
New SnipeIT server all working with http://<Serverip>
But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-Do i need to configure the snipe server to be on https ??
What do you have set for
APP_URL=
andAPP_TRUSTED_PROXIES=
in the.env
file -
#Created By Snipe-it Installer # -------------------------------------------- # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production APP_DEBUG=false APP_KEY=base64:7En+7lHJRZb8/u0+dZrLcavOtWApCMoqisLwPZViKeQ= APP_URL=https://host.DOMAIN.COM APP_TIMEZONE= APP_LOCALE=en BACKUP_ENV=false # -------------------------------------------- # REQUIRED: DATABASE SETTINGS # -------------------------------------------- DB_CONNECTION=mysql DB_HOST=localhost DB_DATABASE=snipeit DB_USERNAME=snipeit DB_PASSWORD=Passw0rd DB_PREFIX=null DB_DUMP_PATH='/usr/bin' DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- DB_SSL=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_DRIVER=smtp MAIL_HOST=email-smtp.us-west-2.amazonaws.com MAIL_PORT=587 MAIL_USERNAME=YOURUSERNAME MAIL_PASSWORD=YOURPASSWORD MAIL_ENCRYPTION=null [email protected] MAIL_FROM_NAME='Snipe-IT' [email protected] MAIL_REPLYTO_NAME='Snipe-IT' # -------------------------------------------- # REQUIRED: IMAGE LIBRARY # This should be gd or imagick # -------------------------------------------- IMAGE_LIB=gd # -------------------------------------------- # OPTIONAL: SESSION SETTINGS # -------------------------------------------- SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null SECURE_COOKIES=false # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- REFERRER_POLICY=same-origin ENABLE_CSP=false # -------------------------------------------- # OPTIONAL: CACHE SETTINGS # -------------------------------------------- CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync # -------------------------------------------- # OPTIONAL: REDIS SETTINGS # -------------------------------------------- REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT-null # -------------------------------------------- # OPTIONAL: AWS S3 SETTINGS # -------------------------------------------- AWS_SECRET=null AWS_KEY=null AWS_REGION=null AWS_BUCKET=null # -------------------------------------------- # OPTIONAL: LOGIN THROTTLING # -------------------------------------------- LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 # -------------------------------------------- # OPTIONAL: MISC # -------------------------------------------- APP_LOG=single APP_LOG_MAX_FILES=10 APP_LOCKED=false FILESYSTEM_DISK=local APP_TRUSTED_PROXIES=172.20.0.130 ALLOW_IFRAMING=false APP_CIPHER=AES-256-CBC GOOGLE_MAPS_API= BACKUP_ENV=true
172.20.0.130 is the IP of my NGINX server
*Also tried the APP_URL with both http and https
-
@hobbit666 This is my
.env
[jbusch@assets ~]$ sudo cat /var/www/html/snipeit/.env [sudo] password for jbusch: #Created By Snipe-it Installer # -------------------------------------------- # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production APP_DEBUG=false APP_KEY=base64:c21lZyBvZmYNCg== APP_URL=https://assets.domain.com APP_TIMEZONE=America/Chicago APP_LOCALE=en # -------------------------------------------- # REQUIRED: DATABASE SETTINGS # -------------------------------------------- DB_CONNECTION=mysql DB_HOST=localhost DB_DATABASE=snipeit DB_USERNAME=snipeit DB_PASSWORD=smeg_off DB_PREFIX=null DB_DUMP_PATH='/usr/bin' DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- DB_SSL=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_DRIVER=smtp MAIL_HOST=10.202.1.14 MAIL_PORT=25 MAIL_USERNAME= MAIL_PASSWORD= MAIL_ENCRYPTION= [email protected] MAIL_FROM_NAME='Administrator' [email protected] MAIL_REPLYTO_NAME='Administrator' # -------------------------------------------- # REQUIRED: IMAGE LIBRARY # This should be gd or imagick # -------------------------------------------- IMAGE_LIB=gd # -------------------------------------------- # OPTIONAL: SESSION SETTINGS # -------------------------------------------- SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null SECURE_COOKIES=false # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- REFERRER_POLICY=same-origin ENABLE_CSP=false # -------------------------------------------- # OPTIONAL: CACHE SETTINGS # -------------------------------------------- CACHE_DRIVER=filec21lZyBvZmYNCg== SESSION_DRIVER=file QUEUE_DRIVER=sync # -------------------------------------------- # OPTIONAL: REDIS SETTINGS # -------------------------------------------- REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT-null # -------------------------------------------- # OPTIONAL: AWS S3 SETTINGS # -------------------------------------------- AWS_SECRET=null AWS_KEY=null AWS_REGION=null AWS_BUCKET=null # -------------------------------------------- # OPTIONAL: LOGIN THROTTLING # -------------------------------------------- LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 # -------------------------------------------- # OPTIONAL: MISC # -------------------------------------------- APP_LOG=single APP_LOG_MAX_FILES=10 APP_LOCKED=false FILESYSTEM_DISK=local APP_TRUSTED_PROXIES=10.202.1.16 ALLOW_IFRAMING=false APP_CIPHER=AES-256-CBC
-
Here is my Nginx reverse proxy conf file.
[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/assets.domain.com.conf [sudo] password for jbusch: server { client_max_body_size 40M; listen 443; server_name assets.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/assets.domain.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/assets.domain.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://10.202.0.43; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name assets.domain.com; rewrite ^ https://$server_name$request_uri? permanent; } [jbusch@proxy ~]$