Testing SnipeIT on Fedora

JaredBusch

@hobbit666 said in Testing SnipeIT on Fedora:

Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.

Guess its down to how i've exported and imported the database.

If oyu were not on the same version things will be bad.
because they update the database between versions for bugs or enhancemnts, etc.

hobbit666

@obsolesce @JaredBusch
Yeah doing a clean install then will use the Export to CSV and re-import method so i can map the columns.

Obsolesce

@obsolesce said in Testing SnipeIT on Fedora:

To install Snipe-IT on a fresh Fedora 28 minimal install:

1. Install Fedora Server 28 minimal from NetISO.
2. Okay to install the typical packages:
   dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
3. Download and run the Snipe-IT install script:
   wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
chmod 744 install.sh
./install.sh
4. By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
   chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
5. By default, you won't be able to send mail with SELinux, allow it to:
   setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_sendmail 1
6. Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
   reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
   mysql -u root -p
ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;

Now go back to the Pre-flight page, and it should continue on as normal.

Backups via the SnipeIT Admin web interface won't work unless php-zip is installed:
dnf install php-zip

hobbit666

New SnipeIT server all working with http://<Serverip>

But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-

Do i need to configure the snipe server to be on https ??

black3dynamite

@hobbit666 said in Testing SnipeIT on Fedora:

New SnipeIT server all working with http://<Serverip>

But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-

Do i need to configure the snipe server to be on https ??

What do you have set for APP_URL= and APP_TRUSTED_PROXIES= in the .env file

hobbit666

#Created By Snipe-it Installer
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=base64:7En+7lHJRZb8/u0+dZrLcavOtWApCMoqisLwPZViKeQ=
APP_URL=https://host.DOMAIN.COM
APP_TIMEZONE=
APP_LOCALE=en
BACKUP_ENV=false

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=Passw0rd
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
MAIL_ENCRYPTION=null
[email protected]
MAIL_FROM_NAME='Snipe-IT'
[email protected]
MAIL_REPLYTO_NAME='Snipe-IT'

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
REFERRER_POLICY=same-origin
ENABLE_CSP=false

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT-null

# --------------------------------------------
# OPTIONAL: AWS S3 SETTINGS
# --------------------------------------------
AWS_SECRET=null
AWS_KEY=null
AWS_REGION=null
AWS_BUCKET=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOG_MAX_FILES=10
APP_LOCKED=false
FILESYSTEM_DISK=local
APP_TRUSTED_PROXIES=172.20.0.130
ALLOW_IFRAMING=false
APP_CIPHER=AES-256-CBC
GOOGLE_MAPS_API=
BACKUP_ENV=true

172.20.0.130 is the IP of my NGINX server

*Also tried the APP_URL with both http and https

JaredBusch

@hobbit666 This is my .env

[jbusch@assets ~]$ sudo cat /var/www/html/snipeit/.env
[sudo] password for jbusch: 
#Created By Snipe-it Installer
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=base64:c21lZyBvZmYNCg==
APP_URL=https://assets.domain.com
APP_TIMEZONE=America/Chicago
APP_LOCALE=en

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=smeg_off
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=10.202.1.14
MAIL_PORT=25
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
[email protected]
MAIL_FROM_NAME='Administrator'
[email protected]
MAIL_REPLYTO_NAME='Administrator'

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
REFERRER_POLICY=same-origin
ENABLE_CSP=false

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=filec21lZyBvZmYNCg==
SESSION_DRIVER=file
QUEUE_DRIVER=sync

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT-null

# --------------------------------------------
# OPTIONAL: AWS S3 SETTINGS
# --------------------------------------------
AWS_SECRET=null
AWS_KEY=null
AWS_REGION=null
AWS_BUCKET=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOG_MAX_FILES=10
APP_LOCKED=false
FILESYSTEM_DISK=local
APP_TRUSTED_PROXIES=10.202.1.16
ALLOW_IFRAMING=false
APP_CIPHER=AES-256-CBC

JaredBusch

Here is my Nginx reverse proxy conf file.

[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/assets.domain.com.conf 
[sudo] password for jbusch: 
server {
    client_max_body_size 40M;
    listen 443;
    server_name assets.domain.com;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/assets.domain.com-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/assets.domain.com-0001/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
#    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://10.202.0.43;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }
}

server {
    client_max_body_size 40M;
    listen 80;
    server_name assets.domain.com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}
[jbusch@proxy ~]$ 

hobbit666

Something still not right but home time and day off tomorrow
So will pick up Monday.

Quick question apart from changing the APP_URL and APP_TRUSTED_PROXIES, have you done anything else on the Snipe server to make it "work" under https? Like .htaccess or Virtual Host files?

gtech

Hi Guys

Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

Thanks

black3dynamite

@gtech said in Testing SnipeIT on Fedora:

Hi Guys

Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

Thanks
Click on Create New and then user.

Obsolesce

@gtech said in Testing SnipeIT on Fedora:

Hi Guys

Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

Thanks

I sync'd it to AD.

gtech

My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

Obsolesce

@gtech said in Testing SnipeIT on Fedora:

My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

That's not very informative. What's the log say?

black3dynamite

@gtech said in Testing SnipeIT on Fedora:

My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

Open .env and change APP_DEBUG=false to true. So you can see more information than "Whoops, looks like something went wrong."

gtech

SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into users....

DustinB3403

@gtech said in Testing SnipeIT on Fedora:

SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into users....

Create an issue on snipe-it's GitHub. You can also pop in to their gutter.im/snipe-it and see if they can assist you

hobbit666

@jaredbusch Thanks
Must of been a setting i was missing in my NGINX conf file. Made it too look more like yours and i'm working