Testing SnipeIT on Fedora
-
@hobbit666 said in Testing SnipeIT on Fedora:
New SnipeIT server all working with http://<Serverip>
But when i try and access through my proxy
https://nginx.domain.com i'm still getting:-Do i need to configure the snipe server to be on https ??
What do you have set for
APP_URL=
andAPP_TRUSTED_PROXIES=
in the.env
file -
#Created By Snipe-it Installer # -------------------------------------------- # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production APP_DEBUG=false APP_KEY=base64:7En+7lHJRZb8/u0+dZrLcavOtWApCMoqisLwPZViKeQ= APP_URL=https://host.DOMAIN.COM APP_TIMEZONE= APP_LOCALE=en BACKUP_ENV=false # -------------------------------------------- # REQUIRED: DATABASE SETTINGS # -------------------------------------------- DB_CONNECTION=mysql DB_HOST=localhost DB_DATABASE=snipeit DB_USERNAME=snipeit DB_PASSWORD=Passw0rd DB_PREFIX=null DB_DUMP_PATH='/usr/bin' DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- DB_SSL=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_DRIVER=smtp MAIL_HOST=email-smtp.us-west-2.amazonaws.com MAIL_PORT=587 MAIL_USERNAME=YOURUSERNAME MAIL_PASSWORD=YOURPASSWORD MAIL_ENCRYPTION=null [email protected] MAIL_FROM_NAME='Snipe-IT' [email protected] MAIL_REPLYTO_NAME='Snipe-IT' # -------------------------------------------- # REQUIRED: IMAGE LIBRARY # This should be gd or imagick # -------------------------------------------- IMAGE_LIB=gd # -------------------------------------------- # OPTIONAL: SESSION SETTINGS # -------------------------------------------- SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null SECURE_COOKIES=false # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- REFERRER_POLICY=same-origin ENABLE_CSP=false # -------------------------------------------- # OPTIONAL: CACHE SETTINGS # -------------------------------------------- CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync # -------------------------------------------- # OPTIONAL: REDIS SETTINGS # -------------------------------------------- REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT-null # -------------------------------------------- # OPTIONAL: AWS S3 SETTINGS # -------------------------------------------- AWS_SECRET=null AWS_KEY=null AWS_REGION=null AWS_BUCKET=null # -------------------------------------------- # OPTIONAL: LOGIN THROTTLING # -------------------------------------------- LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 # -------------------------------------------- # OPTIONAL: MISC # -------------------------------------------- APP_LOG=single APP_LOG_MAX_FILES=10 APP_LOCKED=false FILESYSTEM_DISK=local APP_TRUSTED_PROXIES=172.20.0.130 ALLOW_IFRAMING=false APP_CIPHER=AES-256-CBC GOOGLE_MAPS_API= BACKUP_ENV=true
172.20.0.130 is the IP of my NGINX server
*Also tried the APP_URL with both http and https
-
@hobbit666 This is my
.env
[jbusch@assets ~]$ sudo cat /var/www/html/snipeit/.env [sudo] password for jbusch: #Created By Snipe-it Installer # -------------------------------------------- # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production APP_DEBUG=false APP_KEY=base64:c21lZyBvZmYNCg== APP_URL=https://assets.domain.com APP_TIMEZONE=America/Chicago APP_LOCALE=en # -------------------------------------------- # REQUIRED: DATABASE SETTINGS # -------------------------------------------- DB_CONNECTION=mysql DB_HOST=localhost DB_DATABASE=snipeit DB_USERNAME=snipeit DB_PASSWORD=smeg_off DB_PREFIX=null DB_DUMP_PATH='/usr/bin' DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- DB_SSL=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_DRIVER=smtp MAIL_HOST=10.202.1.14 MAIL_PORT=25 MAIL_USERNAME= MAIL_PASSWORD= MAIL_ENCRYPTION= [email protected] MAIL_FROM_NAME='Administrator' [email protected] MAIL_REPLYTO_NAME='Administrator' # -------------------------------------------- # REQUIRED: IMAGE LIBRARY # This should be gd or imagick # -------------------------------------------- IMAGE_LIB=gd # -------------------------------------------- # OPTIONAL: SESSION SETTINGS # -------------------------------------------- SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null SECURE_COOKIES=false # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- REFERRER_POLICY=same-origin ENABLE_CSP=false # -------------------------------------------- # OPTIONAL: CACHE SETTINGS # -------------------------------------------- CACHE_DRIVER=filec21lZyBvZmYNCg== SESSION_DRIVER=file QUEUE_DRIVER=sync # -------------------------------------------- # OPTIONAL: REDIS SETTINGS # -------------------------------------------- REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT-null # -------------------------------------------- # OPTIONAL: AWS S3 SETTINGS # -------------------------------------------- AWS_SECRET=null AWS_KEY=null AWS_REGION=null AWS_BUCKET=null # -------------------------------------------- # OPTIONAL: LOGIN THROTTLING # -------------------------------------------- LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 # -------------------------------------------- # OPTIONAL: MISC # -------------------------------------------- APP_LOG=single APP_LOG_MAX_FILES=10 APP_LOCKED=false FILESYSTEM_DISK=local APP_TRUSTED_PROXIES=10.202.1.16 ALLOW_IFRAMING=false APP_CIPHER=AES-256-CBC
-
Here is my Nginx reverse proxy conf file.
[jbusch@proxy ~]$ sudo cat /etc/nginx/conf.d/assets.domain.com.conf [sudo] password for jbusch: server { client_max_body_size 40M; listen 443; server_name assets.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/assets.domain.com-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/assets.domain.com-0001/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://10.202.0.43; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name assets.domain.com; rewrite ^ https://$server_name$request_uri? permanent; } [jbusch@proxy ~]$
-
Something still not right but home time and day off tomorrow
So will pick up Monday.Quick question apart from changing the APP_URL and APP_TRUSTED_PROXIES, have you done anything else on the Snipe server to make it "work" under https? Like .htaccess or Virtual Host files?
-
Hi Guys
Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.
Thanks
-
@gtech said in Testing SnipeIT on Fedora:
Hi Guys
Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.
Thanks
Click onCreate New
and then user.
-
@gtech said in Testing SnipeIT on Fedora:
Hi Guys
Great info. I Installed SnipeIT on Centos 7 min, get it up however I can't add new users. Please advise.
Thanks
I sync'd it to AD.
-
My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."
-
@gtech said in Testing SnipeIT on Fedora:
My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."
That's not very informative. What's the log say?
-
@gtech said in Testing SnipeIT on Fedora:
My bad, left out some details. when I full out the create user info form, submit it I get "Whoops, looks like something went wrong."
Open
.env
and change APP_DEBUG=false to true. So you can see more information than "Whoops, looks like something went wrong." -
SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into
users
.... -
@gtech said in Testing SnipeIT on Fedora:
SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'activated' cannot be null (SQL: insert into
users
....Create an issue on snipe-it's GitHub. You can also pop in to their gutter.im/snipe-it and see if they can assist you
-
@jaredbusch Thanks
Must of been a setting i was missing in my NGINX conf file. Made it too look more like yours and i'm working