Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Snipe-IT Asset Management Software in a FreeNAS jail

Snipe-IT Asset Management Software in a FreeNAS jail

In this Resource I'd like to share how to set-up Snipe-IT in a FreeNAS jail.

Snipe-IT is a Free Open Source Asset Management Software, is web-based and utilizes Apache, mysql/mariadb and php - a standard FAMP-Stack.
Before I run down the steps, make sure to read the documentation thoroughly: https://snipe-it.readme.io/docs/introduction most steps needed are described there in detail.
However, because the doc is not entirely clear when it comes to FreeBSD, I'll provide all steps needed for a deployment in a jail.
In short, it consists of: creating an empty MySQL/MariaDB database, customize the snipe-it configuration file, install the dependencies via composer, and then configure the web server to your needs.

Theoretically you can use the core feature without a Full Qualified Domain Name, simply access the web interface via the jail IP.
Though, I'm not sure how well that works and I did not test it. The setup described below is now in production with multiple users and works very well.

Let's start:

1. Jail-Creation and pkgs

For most of this credit goes to tiagom62 from Github who rewrote the install script to get it working with freebsd. However, I pulled my hair out trying to get that script running in a jail hence I did all the necessary steps manually.

Code:
echo '{"pkgs":["nano","git","unzip","apache24","mariadb104-server","mariadb104-client","php74","mod_php74","php74-bcmath","php74-composer","php74-ctype","php74-curl","php74-dom","php74-fileinfo","php74-filter","php74-gd","php74-iconv","php74-intl","php74-json","php74-ldap","php74-mbstring","php74-mysqli","php74-openssl","php74-pdo","php74-pdo_mysql","php74-pdo_sqlite","php74-pecl-imagick-im7","php74-phar","php74-session","php74-simplexml","php74-sqlite3","php74-tokenizer","php74-xml","php74-xmlwriter","php74-zip","php74-zlib","php74-posix", "ca_root_nss"]}' > /tmp/pkg.json


Code:
iocage create -n "snipeit" -p /tmp/pkg.json -r 11.3-RELEASE ip4_addr="vnet0|192.168.***.***/24" defaultrouter="192.168.***.***" vnet="on" allow_raw_sockets="1" boot="on"

change *** to your network appliance

Code:
rm /tmp/pkg.json



2. Set-up FAMP-Stack

#go into jail
iocage console snipeit

#activate php
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

#run apache on startup
sysrc apache24_enable="yes"
sysrc mysql_enable="yes"
service apache24 start

#Enable mod_rewrite
Code:
sed -i .bak "s;#LoadModule rewrite_module libexec/apache24/mod_rewrite.so;LoadModule rewrite_module libexec/apache24/mod_rewrite.so;" /usr/local/etc/apache24/httpd.conf


#Enable php in apache
nano /usr/local/etc/apache24/Includes/php.conf
Input this:
Code:
<IfModule dir_module>
        DirectoryIndex index.php index.html
            <FilesMatch "\.php$">
                SetHandler application/x-httpd-php
            </FilesMatch>
            <FilesMatch "\.phps$">
                SetHandler application/x-httpd-php-source
            </FilesMatch>
</IfModule>


save and exit nano. (Ctrl + O, Ctrl + X)

#Creating the new virtual host in Apache.
nano /usr/local/etc/apache24/Includes/snipeit.conf

Code:
<VirtualHost *:80>
              <Directory /usr/local/www/apache24/data/snipeit/public>
                  Allow From All
                  AllowOverride All
                  Options +Indexes
              </Directory>
  
              DocumentRoot /usr/local/www/apache24/data/snipeit/public
              ServerName ***yourFQDN***
            </VirtualHost>


save and exit

Replace ***yourFQDN*** with the domain via you want to access your snipe-IT webGUI, i.e. assets.mydomain.com
Asteriks must be removed, do not put "http" or "www" or slashes in your FQDN. Snipe-IT wants to sit behind a subdomain, if you must use a subdirectory like
https://yourserver.com/snipe-it you can read up on that here https://snipe-it.readme.io/docs/subdirectories

#test your apache config
apachectl restart

#Starting MariaDB
service mysql-server start

#Securing MariaDB
/usr/local/bin/mysql_secure_installation

Answer questions 1 and 2 with no, the rest with yes.

#Creating MariaDB Database/User
mysql -u root -p --execute="CREATE DATABASE snipeit;GRANT ALL PRIVILEGES ON snipeit.* TO snipeit@localhost IDENTIFIED BY 'YOURDBPASSWORD';"
Replace YOURDBPASSWORD with a strong password for your mysql-database, make sure to store it somewhere safe. Keep the apostrophese.
Enter your DB password when asked.


3. Install snipe-it

#Cloning Snipe-IT from github to the web directory
git clone https://github.com/snipe/snipe-it /usr/local/www/apache24/data/snipeit

#Configuring .env file.
cp /usr/local/www/apache24/data/snipeit/.env.example /usr/local/www/apache24/data/snipeit/.env
nano /usr/local/www/apache24/data/snipeit/.env
copy the following into the .env file and save and exit

Code:
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=
APP_URL=http://***YOURFQDN***
APP_TIMEZONE='US/Pacific'
APP_LOCALE=en
MAX_RESULTS=500

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=YOURDBPASSWORD
DB_PREFIX=null
DB_DUMP_PATH='/usr/local/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_IS_PAAS=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mail.com
MAIL_PORT=465
MAIL_USERNAME=webmaster
MAIL_PASSWORD=loginpasswordofyourmailservice
MAIL_ENCRYPTION=ssl
MAIL_FROM_ADDR=webmaster@mydomain.coim
MAIL_FROM_NAME='Snipe-IT'
MAIL_REPLYTO_ADDR=webmaster@mydomain.coim
MAIL_REPLYTO_NAME='Snipe-IT'
MAIL_BACKUP_NOTIFICATION_ADDRESS=admin@mydomain.coim

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=imagick

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
APP_TRUSTED_PROXIES=192.168.1.0/24,10.0.0.1
ALLOW_IFRAMING=false
REFERRER_POLICY=same-origin
ENABLE_CSP=false
CORS_ALLOWED_ORIGINS=null

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
CACHE_PREFIX=snipeit

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT=null

# --------------------------------------------
# OPTIONAL: MEMCACHED SETTINGS
# --------------------------------------------
MEMCACHED_HOST=null
MEMCACHED_PORT=null

# --------------------------------------------
# OPTIONAL: AWS S3 SETTINGS
# --------------------------------------------
AWS_SECRET=null
AWS_KEY=null
AWS_REGION=null
AWS_BUCKET=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOG_MAX_FILES=10
APP_LOCKED=false
FILESYSTEM_DISK=local
APP_CIPHER=AES-256-CBC
GOOGLE_MAPS_API=
BACKUP_ENV=true
LDAP_MEM_LIM=500M
LDAP_TIME_LIM=600


Things you need to change to your specific setup are:

APP_TIMEZONE = PHP-supported timezone
DB_PASSWORD=mysql password you have chosen
MAIL SERVER SETTINGS= smtp mailservice, more in the snipe-it documenation
APP_TRUSTED_PROXIES=if snipeit runs behind a reverse proxy, the ip adress of the reverse proxy host goes here,
192.168.xxx.xxx or 192.168.xxx.xxx/24 both are possible

#Installing and running composer
cd /usr/local/www/apache24/data/snipeit
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source

#Setting permissions
chmod -R 755 /usr/local/www/apache24/data/snipeit/storage
chmod -R 755 /usr/local/www/apache24/data/snipeit/storage/private_uploads
chmod -R 755 /usr/local/www/apache24/data/snipeit/public/uploads
chown -R www:www /usr/local/www/apache24/data/snipeit


#Generating the application key
php artisan key:generate --force

IMPORTANT: write down/copy the generated key somewhere safe

#Artisan Migrate
php artisan migrate --force

#Creating scheduler cron
crontab -e
press i, copy line below and paste into crontab

* * * * * /usr/bin/php /usr/local/www/apache24/data/snipeit/artisan schedule:run >> /dev/null 2>&1

press ESC and type :wq! and hit enter.

#restart apache
apachectl restart

Navigate to your servers ip-adress or FQDN. You should now see the snipe-it pre-flight configuration website (http://yourFQDN/setup).
Work your way through the pre-flight setup guide, set-up user and password, if you encounter errors, consult the documentation and ultimatley you should land on the dashboard of Snipe-IT.


dashboard_snipeit.png


That's it!

-----------------------

Upgrading Snipe-IT

A few words about upgrading to a newer version of snipeit.
The snipeit git brings it own updater with it, so running that is enough - for now:

cd /usr/local/www/apache24/data/snipeit
su -m www -c "php upgrade.php"


In the future there could be issues with composer. Because composer is installed via pkg and not copied from repo by php, like it is suggested in the documentation,
it would be wise to run composer before using the upgrade.php to let it update to the latest packages, so that the update script later just checks for updates and skips the php composer installation.

composer update

I've had yet the chance to test out this approach because there was only a minor update since writing this script. I will test it out when v5 is coming, which should be later this summer.
Author
mistermanko
Views
215
First release
Last update
Rating
0.00 star(s) 0 ratings

Latest updates

  1. notes on upgrading

    Added some notes on upgrading Snipe-IT to the bottom of this resource.
  2. added posix

    Had to add php-posix extension to the pkg pre-install, otherwise the php upgrade of snipe-IT...
  3. The guide is now finished

    Let me know if it work for you!
Top