Testing SnipeIT on Fedora



  • To install Snipe-IT on a fresh Fedora 28 minimal install:

    1. Install Fedora Server 28 minimal from NetISO.
    2. Okay to install the typical packages:
      dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
    3. Download and run the Snipe-IT install script:
      wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
      chmod 744 install.sh
      ./install.sh
    4. By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
      chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
      chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
    5. By default, you won't be able to send mail with SELinux, allow it to:
      setsebool -P httpd_can_network_connect 1
      setsebool -P httpd_can_sendmail 1
    6. Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
      reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
      mysql -u root -p
      ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;

    Now go back to the Pre-flight page, and it should continue on as normal.



  • What permissions should the .env file be set to?

    As when I've done the manual git clone method the preflight keeps telling me to make sure it's protected from the outside world



  • @hobbit666 said in Testing SnipeIT on Fedora:

    What permissions should the .env file be set to?

    As when I've done the manual git clone method the preflight keeps telling me to make sure it's protected from the outside world

    640 should be fine.

    Are you able to browse to the .env file on your web browser? You should get a 404 when trying to.



  • @obsolesce it seemed to do that no matter what I set the permissions to



  • @obsolesce Gives me a oops something went wrong so guess it's alright.



  • @obsolesce Are you using MariaDB or MySQL? Also what versions.

    I'm getting SQL Syntax errors on the pre-flight but looking on line i can see a post about version 10.2 causing issues.



  • Even the install script seem to be giving me jip as well.
    SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''' at line 1 (SQL: ALTER TABLE assets CHANGE _snipeit_mac_address _snipeit_mac_address_1 VARCHAR(191) DEFAULT ''NULL'')



  • @hobbit666 said in Testing SnipeIT on Fedora:

    @obsolesce Are you using MariaDB or MySQL? Also what versions.

    I'm getting SQL Syntax errors on the pre-flight but looking on line i can see a post about version 10.2 causing issues.

    Even the install script seem to be giving me jip as well.

    SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''' at line 1 (SQL: ALTER TABLE assets CHANGE _snipeit_mac_address _snipeit_mac_address_1 VARCHAR(191) DEFAULT ''NULL'')

    Oops should have looks up a bit can see @Obsolesce has already posted about this 🙂



  • @hobbit666 said in Testing SnipeIT on Fedora:

    @obsolesce Are you using MariaDB or MySQL? Also what versions.

    I'm getting SQL Syntax errors on the pre-flight but looking on line i can see a post about version 10.2 causing issues.

    MariaDB, latest repo version... 10.2.

    Look at #6 here:

    @obsolesce said in Testing SnipeIT on Fedora:

    To install Snipe-IT on a fresh Fedora 28 minimal install:

    1. Install Fedora Server 28 minimal from NetISO.
    2. Okay to install the typical packages:
      dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
    3. Download and run the Snipe-IT install script:
      wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
      chmod 744 install.sh
      ./install.sh
    4. By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
      chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
      chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
    5. By default, you won't be able to send mail with SELinux, allow it to:
      setsebool -P httpd_can_network_connect 1
      setsebool -P httpd_can_sendmail 1
    6. Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
      reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
      mysql -u root -p
      ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;

    Now go back to the Pre-flight page, and it should continue on as normal.



  • @obsolesce Yeah did your Alter table and i'm up and running and also imported my data from the old version.

    Now to get it to work from behind a NGINX proxy



  • Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.

    Guess its down to how i've exported and imported the database.



  • @hobbit666 said in Testing SnipeIT on Fedora:

    Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.

    Guess its down to how i've exported and imported the database.

    Yeah probably due to that. I can add/edit fine using the instructions I provided.


  • Service Provider

    @hobbit666 said in Testing SnipeIT on Fedora:

    Now got issues adding machines, or doing anything add/edit wise. While in debug can see it all relating to the SQL stuff.

    Guess its down to how i've exported and imported the database.

    If oyu were not on the same version things will be bad.
    because they update the database between versions for bugs or enhancemnts, etc.



  • @obsolesce @JaredBusch
    Yeah doing a clean install then will use the Export to CSV and re-import method so i can map the columns.



  • @obsolesce said in Testing SnipeIT on Fedora:

    To install Snipe-IT on a fresh Fedora 28 minimal install:

    1. Install Fedora Server 28 minimal from NetISO.
    2. Okay to install the typical packages:
      dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
    3. Download and run the Snipe-IT install script:
      wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
      chmod 744 install.sh
      ./install.sh
    4. By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
      chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
      chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
    5. By default, you won't be able to send mail with SELinux, allow it to:
      setsebool -P httpd_can_network_connect 1
      setsebool -P httpd_can_sendmail 1
    6. Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
      reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
      mysql -u root -p
      ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;

    Now go back to the Pre-flight page, and it should continue on as normal.

    Backups via the SnipeIT Admin web interface won't work unless php-zip is installed:
    dnf install php-zip



  • New SnipeIT server all working with http://<Serverip>

    But when i try and access through my proxy
    https://nginx.domain.com i'm still getting:-

    0_1532008512184_876d3105-e7c2-48ce-a855-dca6a1a31bd3-image.png

    Do i need to configure the snipe server to be on https ??



  • @hobbit666 said in Testing SnipeIT on Fedora:

    New SnipeIT server all working with http://<Serverip>

    But when i try and access through my proxy
    https://nginx.domain.com i'm still getting:-

    0_1532008512184_876d3105-e7c2-48ce-a855-dca6a1a31bd3-image.png

    Do i need to configure the snipe server to be on https ??

    What do you have set for APP_URL= and APP_TRUSTED_PROXIES= in the .env file



  • 
    #Created By Snipe-it Installer
    # --------------------------------------------
    # REQUIRED: BASIC APP SETTINGS
    # --------------------------------------------
    APP_ENV=production
    APP_DEBUG=false
    APP_KEY=base64:7En+7lHJRZb8/u0+dZrLcavOtWApCMoqisLwPZViKeQ=
    APP_URL=https://WYN-SNIP01.DOMAIN.COM
    APP_TIMEZONE=
    APP_LOCALE=en
    BACKUP_ENV=false
    
    # --------------------------------------------
    # REQUIRED: DATABASE SETTINGS
    # --------------------------------------------
    DB_CONNECTION=mysql
    DB_HOST=localhost
    DB_DATABASE=snipeit
    DB_USERNAME=snipeit
    DB_PASSWORD=Passw0rd
    DB_PREFIX=null
    DB_DUMP_PATH='/usr/bin'
    DB_CHARSET=utf8mb4
    DB_COLLATION=utf8mb4_unicode_ci
    
    # --------------------------------------------
    # OPTIONAL: SSL DATABASE SETTINGS
    # --------------------------------------------
    DB_SSL=false
    DB_SSL_KEY_PATH=null
    DB_SSL_CERT_PATH=null
    DB_SSL_CA_PATH=null
    DB_SSL_CIPHER=null
    
    # --------------------------------------------
    # REQUIRED: OUTGOING MAIL SERVER SETTINGS
    # --------------------------------------------
    MAIL_DRIVER=smtp
    MAIL_HOST=email-smtp.us-west-2.amazonaws.com
    MAIL_PORT=587
    MAIL_USERNAME=YOURUSERNAME
    MAIL_PASSWORD=YOURPASSWORD
    MAIL_ENCRYPTION=null
    [email protected]
    MAIL_FROM_NAME='Snipe-IT'
    [email protected]
    MAIL_REPLYTO_NAME='Snipe-IT'
    
    # --------------------------------------------
    # REQUIRED: IMAGE LIBRARY
    # This should be gd or imagick
    # --------------------------------------------
    IMAGE_LIB=gd
    
    # --------------------------------------------
    # OPTIONAL: SESSION SETTINGS
    # --------------------------------------------
    SESSION_LIFETIME=12000
    EXPIRE_ON_CLOSE=false
    ENCRYPT=false
    COOKIE_NAME=snipeit_session
    COOKIE_DOMAIN=null
    SECURE_COOKIES=false
    
    # --------------------------------------------
    # OPTIONAL: SECURITY HEADER SETTINGS
    # --------------------------------------------
    REFERRER_POLICY=same-origin
    ENABLE_CSP=false
    
    # --------------------------------------------
    # OPTIONAL: CACHE SETTINGS
    # --------------------------------------------
    CACHE_DRIVER=file
    SESSION_DRIVER=file
    QUEUE_DRIVER=sync
    
    # --------------------------------------------
    # OPTIONAL: REDIS SETTINGS
    # --------------------------------------------
    REDIS_HOST=null
    REDIS_PASSWORD=null
    REDIS_PORT-null
    
    # --------------------------------------------
    # OPTIONAL: AWS S3 SETTINGS
    # --------------------------------------------
    AWS_SECRET=null
    AWS_KEY=null
    AWS_REGION=null
    AWS_BUCKET=null
    
    # --------------------------------------------
    # OPTIONAL: LOGIN THROTTLING
    # --------------------------------------------
    LOGIN_MAX_ATTEMPTS=5
    LOGIN_LOCKOUT_DURATION=60
    
    # --------------------------------------------
    # OPTIONAL: MISC
    # --------------------------------------------
    APP_LOG=single
    APP_LOG_MAX_FILES=10
    APP_LOCKED=false
    FILESYSTEM_DISK=local
    APP_TRUSTED_PROXIES=172.20.0.130
    ALLOW_IFRAMING=false
    APP_CIPHER=AES-256-CBC
    GOOGLE_MAPS_API=
    BACKUP_ENV=true
    

    172.20.0.130 is the IP of my NGINX server

    *Also tried the APP_URL with both http and https


  • Service Provider

    @hobbit666 This is my .env

    [[email protected] ~]$ sudo cat /var/www/html/snipeit/.env
    [sudo] password for jbusch: 
    #Created By Snipe-it Installer
    # --------------------------------------------
    # REQUIRED: BASIC APP SETTINGS
    # --------------------------------------------
    APP_ENV=production
    APP_DEBUG=false
    APP_KEY=base64:c21lZyBvZmYNCg==
    APP_URL=https://assets.domain.com
    APP_TIMEZONE=America/Chicago
    APP_LOCALE=en
    
    # --------------------------------------------
    # REQUIRED: DATABASE SETTINGS
    # --------------------------------------------
    DB_CONNECTION=mysql
    DB_HOST=localhost
    DB_DATABASE=snipeit
    DB_USERNAME=snipeit
    DB_PASSWORD=smeg_off
    DB_PREFIX=null
    DB_DUMP_PATH='/usr/bin'
    DB_CHARSET=utf8mb4
    DB_COLLATION=utf8mb4_unicode_ci
    
    # --------------------------------------------
    # OPTIONAL: SSL DATABASE SETTINGS
    # --------------------------------------------
    DB_SSL=false
    DB_SSL_KEY_PATH=null
    DB_SSL_CERT_PATH=null
    DB_SSL_CA_PATH=null
    DB_SSL_CIPHER=null
    
    # --------------------------------------------
    # REQUIRED: OUTGOING MAIL SERVER SETTINGS
    # --------------------------------------------
    MAIL_DRIVER=smtp
    MAIL_HOST=10.202.1.14
    MAIL_PORT=25
    MAIL_USERNAME=
    MAIL_PASSWORD=
    MAIL_ENCRYPTION=
    [email protected]
    MAIL_FROM_NAME='Administrator'
    [email protected]
    MAIL_REPLYTO_NAME='Administrator'
    
    # --------------------------------------------
    # REQUIRED: IMAGE LIBRARY
    # This should be gd or imagick
    # --------------------------------------------
    IMAGE_LIB=gd
    
    # --------------------------------------------
    # OPTIONAL: SESSION SETTINGS
    # --------------------------------------------
    SESSION_LIFETIME=12000
    EXPIRE_ON_CLOSE=false
    ENCRYPT=false
    COOKIE_NAME=snipeit_session
    COOKIE_DOMAIN=null
    SECURE_COOKIES=false
    
    # --------------------------------------------
    # OPTIONAL: SECURITY HEADER SETTINGS
    # --------------------------------------------
    REFERRER_POLICY=same-origin
    ENABLE_CSP=false
    
    # --------------------------------------------
    # OPTIONAL: CACHE SETTINGS
    # --------------------------------------------
    CACHE_DRIVER=filec21lZyBvZmYNCg==
    SESSION_DRIVER=file
    QUEUE_DRIVER=sync
    
    # --------------------------------------------
    # OPTIONAL: REDIS SETTINGS
    # --------------------------------------------
    REDIS_HOST=null
    REDIS_PASSWORD=null
    REDIS_PORT-null
    
    # --------------------------------------------
    # OPTIONAL: AWS S3 SETTINGS
    # --------------------------------------------
    AWS_SECRET=null
    AWS_KEY=null
    AWS_REGION=null
    AWS_BUCKET=null
    
    # --------------------------------------------
    # OPTIONAL: LOGIN THROTTLING
    # --------------------------------------------
    LOGIN_MAX_ATTEMPTS=5
    LOGIN_LOCKOUT_DURATION=60
    
    # --------------------------------------------
    # OPTIONAL: MISC
    # --------------------------------------------
    APP_LOG=single
    APP_LOG_MAX_FILES=10
    APP_LOCKED=false
    FILESYSTEM_DISK=local
    APP_TRUSTED_PROXIES=10.202.1.16
    ALLOW_IFRAMING=false
    APP_CIPHER=AES-256-CBC
    

  • Service Provider

    Here is my Nginx reverse proxy conf file.

    [[email protected] ~]$ sudo cat /etc/nginx/conf.d/assets.domain.com.conf 
    [sudo] password for jbusch: 
    server {
        client_max_body_size 40M;
        listen 443;
        server_name assets.domain.com;
        ssl          on;
        ssl_certificate /etc/letsencrypt/live/assets.domain.com-0001/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/assets.domain.com-0001/privkey.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
    #    ssl_dhparam /etc/ssl/certs/dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass https://10.202.0.43;
            proxy_redirect off;
    
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    
        }
    }
    
    server {
        client_max_body_size 40M;
        listen 80;
        server_name assets.domain.com;
        rewrite        ^ https://$server_name$request_uri? permanent;
    }
    [[email protected] ~]$ 
    


  • Something still not right but home time and day off tomorrow 😃
    So will pick up Monday.

    Quick question apart from changing the APP_URL and APP_TRUSTED_PROXIES, have you done anything else on the Snipe server to make it "work" under https? Like .htaccess or Virtual Host files?



  • Hi Guys

    Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

    Thanks



  • @gtech said in Testing SnipeIT on Fedora:

    Hi Guys

    Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

    Thanks
    Click on Create New and then user.
    0_1532028020424_ce0b3c5f-c9c1-4a9b-a700-998d42ae8a93-image.png



  • @gtech said in Testing SnipeIT on Fedora:

    Hi Guys

    Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

    Thanks

    I sync'd it to AD.



  • My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."



  • @gtech said in Testing SnipeIT on Fedora:

    My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

    That's not very informative. What's the log say?



  • @gtech said in Testing SnipeIT on Fedora:

    My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

    Open .env and change APP_DEBUG=false to true. So you can see more information than "Whoops, looks like something went wrong."



  • SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into users....



  • @gtech said in Testing SnipeIT on Fedora:

    SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into users....

    Create an issue on snipe-it's GitHub. You can also pop in to their gutter.im/snipe-it and see if they can assist you



  • @jaredbusch Thanks
    Must of been a setting i was missing in my NGINX conf file. Made it too look more like yours and i'm working 🙂