Snipe it asset management system installation and use

calendar 2023-03-15 · 7 min read · IT Linux  ·
Share on: linkedin copy

Recently, the company needed an IT asset management system, and chose Snipe it among the three open source systems (snipe it, glpi, ralph). Might try it later.

The system looks like this:

snipe demo

1. Local docker installation test

For a quick experience, it is more convenient to build a test environment with docker (don’t be afraid of trouble, the host command line installation is also possible)

  • 1.1 Download Mirror
1docker pull snipe/snipe-it
  • 1.2 Find a directory and create an environment variable file
1touch my_env_file

The company can apply to test mysql, so there is no containerized mysql (you need to use containerized mysql, please refer to Snipe docker)

Examples are as follows:

 1➜ cat my_env_file
 2# Mysql Parameters
 3MYSQL_PORT_3306_TCP_ADDR=127.0.0.1 #host of the database
 4MYSQL_PORT_3306_TCP_PORT=3306 #Database port
 5
 6MYSQL_DATABASE=xxxx #database name
 7MYSQL_USER=xxxx #database user name
 8MYSQL_PASSWORD=xxxx #database password
 9
10# Mailbox settings, temporarily ignore comments
11# Email Parameters
12# - the hostname/IP address of your mailserver
13#MAIL_PORT_587_TCP_ADDR=smtp.whatever.com
14#the port for the mailserver (probably 587, could be another)
15#MAIL_PORT_587_TCP_PORT=587
16# the default from address, and from name for emails
17#MAIL_ENV_FROM_ADDR=youremail@yourdomain.com
18#MAIL_ENV_FROM_NAME=Your Full Email Name
19# - pick 'tls' for SMTP-over-SSL, 'tcp' for unencrypted
20#MAIL_ENV_ENCRYPTION=tcp
21# SMTP username and password
22#MAIL_ENV_USERNAME=your_email_username
23#MAIL_ENV_PASSWORD=your_email_password
24
25# Snipe-IT Settings
26APP_ENV=production
27APP_DEBUG=false
28APP_KEY=<<Fill in Later!>> #Here is generated in the follow-up, don’t panic, don’t fill in first
29APP_URL=http://192.169.1.33 #System access address, ip or domain name, fill in the local ip for testing, which is convenient for testing
30APP_TIMEZONE=Asia/Shanghai #Time zone, it can be adjusted later
31APP_LOCALE=en #Language, it can be adjusted later
32
33# Docker-specific variables
34PHP_UPLOAD_LIMIT=100 #upload file size limit
  • 1.3 Generate APP_KEY
1docker run --rm snipe/snipe-it

The output after running the above command is:

1Please re-run this container with an environment variable $APP_KEY
2An example APP_KEY you could use is:
3base64:D5oGA+zhFSVA3VwuoZoQ21RAcwBtJv/RGiqOcZ7BUvI=

base64:D5oGA+zhFSVA3VwuoZoQ21RAcwBtJv/RGiqOcZ7BUvI= This string is to fill in the value of the environment variable APP_KEY, each person generates differently in their own environment, and the format is the same.

  • 1.4 Run and start (note that you must first fill in the APP_KEY value in the previous step, save it and start it again)
1➜ docker run -p 80:80 --env-file=my_env_file snipe/snipe-it
2➜ docker ps
3CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
455b39ab3e1ac snipe/snipe-it "/startup.sh" 8 hours ago Up 8 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 443/tcp jovial_carver

It can be seen from the above that it has been running normally, and the service port is 80

  • 1.5 The browser accesses the address of APP_URL (set in the environment variable in the previous step: http://192.169.1.33) to initialize the system

This step is relatively simple. The step bar will be displayed on the webpage, and you can follow the steps as needed. I won’t go into details here. Refer to Official Documents

After completion, the test environment is set up, log in to the system, and enjoy Maxthon!

2. Production environment host deployment

Why does the production environment become a host deployment without docker? Because Snipe it will allow users to upload pictures, files, etc., which exist locally. In fact, Snipe it provides options to store services such as Amazon S3 ([official document](https://snipe-it.readme.io /docs/configuration#optional-amazon-s3-settings)), but our company’s private cloud does not have such a thing, the container deployment solution is not suitable, and the scheduled backup of host deployment is also okay.

The following mainly introduces the deployment method of php + php-fpm + nginx:

  • 2.1 Download code

Once logged in to your production host, download the code for Snipe it

1git clone https://github.com/snipe/snipe-it
  • 2.2 Running the installation script

The source code warehouse has its own installation script, which can be executed directly after downloading. The automated script will install mariadb, apache2, php, etc. according to the system type. For details, you can search for the PACKAGES keyword. For convenience, it mainly installs php and the corresponding plug-ins. After the installation is complete, mariadb and apache2 are not required. You can choose to disable or delete by yourself, this tutorial will use nginx + php-fpm

1cd snipe-it
2wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
3chmod 744 install.sh
4./install.sh
  • 2.3 Install php-fpm, nginx Remember to disable httpd (that is, apache2) before installation, otherwise nginx cannot be started, and the port is occupied and conflicts.
1systemctl disable httpd
2systemctl stop httpd
3yum install php-fpm nginx
  • 2.4 Prepare environment variable file
1cp.env.example.env

Change the configuration information in .env as needed, refer to the configuration of the test environment

official template

  1# --------------------------------------------
  2# REQUIRED: BASIC APP SETTINGS
  3# --------------------------------------------
  4APP_ENV=production
  5APP_DEBUG=false
  6APP_KEY=ChangeMe
  7APP_URL=null
  8APP_TIMEZONE='UTC'
  9APP_LOCALE=en
 10MAX_RESULTS=500
 11
 12# --------------------------------------------
 13# REQUIRED: UPLOADED FILE STORAGE SETTINGS
 14# --------------------------------------------
 15PRIVATE_FILESYSTEM_DISK=local
 16PUBLIC_FILESYSTEM_DISK=local_public
 17
 18#PRIVATE_FILESYSTEM_DISK=s3_private
 19#PUBLIC_FILESYSTEM_DISK=s3_public
 20
 21
 22# --------------------------------------------
 23# REQUIRED: DATABASE SETTINGS
 24# --------------------------------------------
 25DB_CONNECTION=mysql
 26DB_HOST=127.0.0.1
 27DB_DATABASE=null
 28DB_USERNAME=null
 29DB_PASSWORD=null
 30DB_PREFIX=null
 31DB_DUMP_PATH='/usr/bin'
 32DB_CHARSET=utf8mb4
 33DB_COLLATION=utf8mb4_unicode_ci
 34
 35# --------------------------------------------
 36# OPTIONAL: SSL DATABASE SETTINGS
 37# --------------------------------------------
 38DB_SSL=false
 39DB_SSL_IS_PAAS=false
 40DB_SSL_KEY_PATH=null
 41DB_SSL_CERT_PATH=null
 42DB_SSL_CA_PATH=null
 43DB_SSL_CIPHER=null
 44
 45# --------------------------------------------
 46# REQUIRED: OUTGOING MAIL SERVER SETTINGS
 47# --------------------------------------------
 48MAIL_DRIVER=smtp
 49MAIL_HOST=email-smtp.us-west-2.amazonaws.com
 50MAIL_PORT=587
 51MAIL_USERNAME=YOURUSERNAME
 52MAIL_PASSWORD=YOURPASSWORD
 53MAIL_ENCRYPTION=null
 54MAIL_FROM_ADDR=you@example.com
 55MAIL_FROM_NAME='Snipe-IT'
 56MAIL_REPLYTO_ADDR=you@example.com
 57MAIL_REPLYTO_NAME='Snipe-IT'
 58MAIL_AUTO_EMBED_METHOD='attachment'
 59
 60# --------------------------------------------
 61# REQUIRED: IMAGE LIBRARY
 62# This should be gd or imagick
 63# --------------------------------------------
 64IMAGE_LIB=gd
 65
 66
 67# --------------------------------------------
 68# OPTIONAL: BACKUP SETTINGS
 69# --------------------------------------------
 70MAIL_BACKUP_NOTIFICATION_DRIVER=null
 71MAIL_BACKUP_NOTIFICATION_ADDRESS=null
 72BACKUP_ENV=true
 73ALLOW_BACKUP_DELETE=false
 74ALLOW_DATA_PURGE=false
 75
 76# --------------------------------------------
 77# OPTIONAL: SESSION SETTINGS
 78# --------------------------------------------
 79SESSION_DRIVER=file
 80SESSION_LIFETIME=12000
 81EXPIRE_ON_CLOSE=false
 82ENCRYPT=false
 83COOKIE_NAME=snipeit_session
 84COOKIE_DOMAIN=null
 85SECURE_COOKIES=false
 86API_TOKEN_EXPIRATION_YEARS=15
 87
 88# --------------------------------------------
 89# OPTIONAL: SECURITY HEADER SETTINGS
 90# --------------------------------------------
 91APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
 92ALLOW_IFRAMING=false
 93REFERRER_POLICY=same-origin
 94ENABLE_CSP=false
 95CORS_ALLOWED_ORIGINS=null
 96ENABLE_HSTS=false
 97
 98# --------------------------------------------
 99# OPTIONAL: CACHE SETTINGS
100# --------------------------------------------
101CACHE_DRIVER=file
102QUEUE_DRIVER=sync
103CACHE_PREFIX=snipeit
104
105# --------------------------------------------
106# OPTIONAL: REDIS SETTINGS
107# --------------------------------------------
108REDIS_HOST=null
109REDIS_PASSWORD=null
110REDIS_PORT=null
111
112# --------------------------------------------
113# OPTIONAL: MEMCACHED SETTINGS
114# --------------------------------------------
115MEMCACHED_HOST=null
116MEMCACHED_PORT=null
117
118# --------------------------------------------
119# OPTIONAL: PUBLIC S3 Settings
120# --------------------------------------------
121PUBLIC_AWS_SECRET_ACCESS_KEY=null
122PUBLIC_AWS_ACCESS_KEY_ID=null
123PUBLIC_AWS_DEFAULT_REGION=null
124PUBLIC_AWS_BUCKET=null
125PUBLIC_AWS_URL=null
126PUBLIC_AWS_BUCKET_ROOT=null
127
128# --------------------------------------------
129# OPTIONAL: PRIVATE S3 Settings
130# --------------------------------------------
131PRIVATE_AWS_ACCESS_KEY_ID=null
132PRIVATE_AWS_SECRET_ACCESS_KEY=null
133PRIVATE_AWS_DEFAULT_REGION=null
134PRIVATE_AWS_BUCKET=null
135PRIVATE_AWS_URL=null
136PRIVATE_AWS_BUCKET_ROOT=null
137
138# --------------------------------------------
139# OPTIONAL: AWS Settings
140# --------------------------------------------
141AWS_ACCESS_KEY_ID=null
142AWS_SECRET_ACCESS_KEY=null
143AWS_DEFAULT_REGION=null
144
145# --------------------------------------------
146# OPTIONAL: LOGIN THROTTLING
147# --------------------------------------------
148LOGIN_MAX_ATTEMPTS=5
149LOGIN_LOCKOUT_DURATION=60
150
151# --------------------------------------------
152# OPTIONAL: FORGOTTEN PASSWORD SETTINGS
153# --------------------------------------------
154RESET_PASSWORD_LINK_EXPIRES=15
155PASSWORD_CONFIRM_TIMEOUT=10800
156PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50
157
158# --------------------------------------------
159# OPTIONAL: MISC
160# --------------------------------------------
161APP_LOG=single
162APP_LOG_MAX_FILES=10
163APP_LOG_LEVEL=warning
164APP_LOCKED=false
165APP_CIPHER=AES-256-CBC
166APP_FORCE_TLS=false
167APP_ALLOW_INSECURE_HOSTS=false
168GOOGLE_MAPS_API=
169LDAP_MEM_LIM=500M
170LDAP_TIME_LIM=600
171IMPORT_TIME_LIMIT=600
172IMPORT_MEMORY_LIMIT=500M
173REPORT_TIME_LIMIT=12000
174REQUIRE_SAML=false
175API_THROTTLE_PER_MINUTE=120

Personal example: Sensitive information has been replaced with xxx

Personal example: Sensitive information has been replaced with xxx

 1[root@snipe-it]# egrep -v '^#|^$' .env | head -n 25
 2APP_ENV=production
 3APP_DEBUG=false
 4APP_KEY=xxx
 5APP_URL=http://xxx
 6APP_TIMEZONE='Asia/Shanghai'
 7APP_LOCALE=en
 8MAX_RESULTS=500
 9
10PRIVATE_FILESYSTEM_DISK=local
11PUBLIC_FILESYSTEM_DISK=local_public
12
13
14
15DB_CONNECTION=mysql
16DB_HOST=xxx
17DB_PORT=xxx
18DB_DATABASE=xxx
19DB_USERNAME=xx
20DB_PASSWORD=xxx
21DB_PREFIX=null
22DB_DUMP_PATH='/usr/bin'
23DB_CHARSET=utf8mb4
24DB_COLLATION=utf8mb4_unicode_ci
25
26DB_SSL=false
  • 2.5 Install php package dependencies
1curl -sS https://getcomposer.org/installer | php
2php composer.phar install --no-dev --prefer-source
  • 2.6 Generate APP_KEY
1php artisan key:generate
  • 2.7 Nginx and PHP-FPM configuration

nginx configuration reference

 1[root@conf.d]# cat snipe-it.conf
 2server {
 3     listen 80;
 4     server_name localhost;
 5
 6     root /data/snipe-it/public;
 7     index index.php index.html index.htm;
 8
 9     location / {
10         try_files $uri $uri/ /index.php $is_args $args;
11     }
12
13     location ~ \.php$ {
14         try_files $uri $uri/ =404;
15         fastcgi_pass unix:/var/run/php7-fpm-www.sock;
16         fastcgi_index index.php;
17         fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name;
18         include fastcgi_params;
19     }
20}

php-fpm configuration reference

 1[root@php-fpm.d]# egrep -v '^;|^$' www.conf
 2[www]
 3user = nginx
 4group = nginx
 5listen = /var/run/php7-fpm-www.sock
 6listen.owner = nginx
 7listen.group = nginx
 8listen.mode = 0660
 9listen.allowed_clients = 127.0.0.1
10pm = dynamic
11pm.max_children = 50
12pm.start_servers = 5
13pm.min_spare_servers = 5
14pm.max_spare_servers = 35
15slowlog = /var/log/php-fpm/www-slow.log
16php_admin_value[error_log] = /var/log/php-fpm/www-error.log
17php_admin_flag[log_errors] = on
18php_value[session.save_handler] = files
19php_value[session.save_path] = /var/lib/php/session
20php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache

Note that here php-fpm and nginx are run by the user nginx. If they are inconsistent, you will encounter permission problems. Then change the code directory to nginx. Of course, you can also change it to the user you want to run, remember to correspond The configuration file should also be modified together.

Change directory permissions and start related services

1chown -R nginx:nginx /data/snipe-it
2systemctl start php-fpm
3systemctl start nginx

If necessary, you can put a test.php file in the source code directory to test whether the relevant environment configuration is normal.

1echo -e '<?php\nphpinfo();\n?>' > test.php
  • 2.8 Final test verification

Visit http://xxx.xxx.xxx/test.php to confirm that the phpinfo information is displayed normally.

php info

If there is an error, check the error logs of nginx and php-fpm, and solve the problem according to the error report.

Then visit http://xxx.xxx.xxx/ and set up and log in to use the system according to the guidelines.

Novices who don't have much contact, you can refer to official demo for the first time

Lastmod: Monday, August 28, 2023

Copyright statement:

  • All content that is not sourced is original., please do not reprint without authorization (because the typesetting is often disordered after reprinting, the content is uncontrollable, and cannot be continuously updated, etc.);
  • For non-profit purposes, to deduce any content of this blog, please give the relevant webpage address of this site in the form of 'source of original text' or 'reference link' (for the convenience of readers).

See Also:

Translations: