Testing SnipeIT on Fedora

Obsolesce

@obsolesce said in Testing SnipeIT on Fedora:

To install Snipe-IT on a fresh Fedora 28 minimal install:

1. Install Fedora Server 28 minimal from NetISO.
2. Okay to install the typical packages:
   dnf install -y wget cockpit cockpit-storaged net-tools dnf-automatic
3. Download and run the Snipe-IT install script:
   wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
chmod 744 install.sh
./install.sh
4. By default, the laravel log has bad permissions and needs to be fixed for Pre-Flight to work:
   chmod 0755 /var/www/html/snipeit/storage/logs/laravel.log
chown apache:apache /var/www/html/snipeit/storage/logs/Laravel.log
5. By default, you won't be able to send mail with SELinux, allow it to:
   setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_sendmail 1
6. Pre-flight will now show and pass. Click the next button, it will fail. Then run this command to fix the DB issue:
   reference: https://github.com/snipe/snipe-it/issues/5242#issue-307531010
   mysql -u root -p
ALTER TABLE snipeit.assets CHANGE `_snipeit_mac_address` `_snipeit_mac_address_1` varchar(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL NULL ;

Now go back to the Pre-flight page, and it should continue on as normal.

Backups via the SnipeIT Admin web interface won't work unless php-zip is installed:
dnf install php-zip

hobbit666

New SnipeIT server all working with http://<Serverip>

But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-

Do i need to configure the snipe server to be on https ??

black3dynamite

@hobbit666 said in Testing SnipeIT on Fedora:

New SnipeIT server all working with http://<Serverip>

But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-

Do i need to configure the snipe server to be on https ??

What do you have set for APP_URL= and APP_TRUSTED_PROXIES= in the .env file

hobbit666

#Created By Snipe-it Installer
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=base64:7En+7lHJRZb8/u0+dZrLcavOtWApCMoqisLwPZViKeQ=
APP_URL=https://host.DOMAIN.COM
APP_TIMEZONE=
APP_LOCALE=en
BACKUP_ENV=false

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=Passw0rd
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
MAIL_ENCRYPTION=null
[email protected]
MAIL_FROM_NAME='Snipe-IT'
[email protected]
MAIL_REPLYTO_NAME='Snipe-IT'

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
REFERRER_POLICY=same-origin
ENABLE_CSP=false

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT-null

# --------------------------------------------
# OPTIONAL: AWS S3 SETTINGS
# --------------------------------------------
AWS_SECRET=null
AWS_KEY=null
AWS_REGION=null
AWS_BUCKET=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOG_MAX_FILES=10
APP_LOCKED=false
FILESYSTEM_DISK=local
APP_TRUSTED_PROXIES=172.20.0.130
ALLOW_IFRAMING=false
APP_CIPHER=AES-256-CBC
GOOGLE_MAPS_API=
BACKUP_ENV=true

172.20.0.130 is the IP of my NGINX server

*Also tried the APP_URL with both http and https

JaredBusch

@hobbit666 This is my .env

[jbusch@assets ~]$ sudo cat /var/www/html/snipeit/.env
[sudo] password for jbusch: 
#Created By Snipe-it Installer
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=base64:c21lZyBvZmYNCg==
APP_URL=https://assets.domain.com
APP_TIMEZONE=America/Chicago
APP_LOCALE=en

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=smeg_off
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=10.202.1.14
MAIL_PORT=25
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
[email protected]
MAIL_FROM_NAME='Administrator'
[email protected]
MAIL_REPLYTO_NAME='Administrator'

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
REFERRER_POLICY=same-origin
ENABLE_CSP=false

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=filec21lZyBvZmYNCg==
SESSION_DRIVER=file
QUEUE_DRIVER=sync

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT-null

# --------------------------------------------
# OPTIONAL: AWS S3 SETTINGS
# --------------------------------------------
AWS_SECRET=null
AWS_KEY=null
AWS_REGION=null
AWS_BUCKET=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOG_MAX_FILES=10
APP_LOCKED=false
FILESYSTEM_DISK=local
APP_TRUSTED_PROXIES=10.202.1.16
ALLOW_IFRAMING=false
APP_CIPHER=AES-256-CBC

JaredBusch

Here is my Nginx reverse proxy conf file.

[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/assets.domain.com.conf 
[sudo] password for jbusch: 
server {
    client_max_body_size 40M;
    listen 443;
    server_name assets.domain.com;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/assets.domain.com-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/assets.domain.com-0001/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
#    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://10.202.0.43;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }
}

server {
    client_max_body_size 40M;
    listen 80;
    server_name assets.domain.com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}
[jbusch@proxy ~]$ 

hobbit666

Something still not right but home time and day off tomorrow
So will pick up Monday.

Quick question apart from changing the APP_URL and APP_TRUSTED_PROXIES, have you done anything else on the Snipe server to make it "work" under https? Like .htaccess or Virtual Host files?

gtech

Hi Guys

Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

Thanks

black3dynamite

@gtech said in Testing SnipeIT on Fedora:

Hi Guys

Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

Thanks
Click on Create New and then user.

Obsolesce

@gtech said in Testing SnipeIT on Fedora:

Hi Guys

Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.

Thanks

I sync'd it to AD.

gtech

My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

Obsolesce

@gtech said in Testing SnipeIT on Fedora:

My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

That's not very informative. What's the log say?

black3dynamite

@gtech said in Testing SnipeIT on Fedora:

My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."

Open .env and change APP_DEBUG=false to true. So you can see more information than "Whoops, looks like something went wrong."

gtech

SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into users....

DustinB3403

@gtech said in Testing SnipeIT on Fedora:

SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into users....

Create an issue on snipe-it's GitHub. You can also pop in to their gutter.im/snipe-it and see if they can assist you

hobbit666

@jaredbusch Thanks
Must of been a setting i was missing in my NGINX conf file. Made it too look more like yours and i'm working