Snipe it資產管理系統安裝使用
最近公司需要一個IT資產管理系統,在三個開源的系統(snipe it、glpi、ralph)中選擇了Snipe it,ralph偏向機房管理,glpi看起來也行,但是暫時不需要那麼多額外的功能,後續可能會試用下。
系統長這樣:
1. 本地docker安裝測試
爲了快速體驗,搭建測試環境還是docker方便點(不怕麻煩,主機命令行安裝也可以的)
- 1.1 下載鏡像
1docker pull snipe/snipe-it
- 1.2 找個目錄,創建環境變量文件
1touch my_env_file
公司可以申請測試mysql,就沒有使用容器化的mysql(需要使用容器化的mysql,請參考Snipe docker)
示例如下:
1➜ cat my_env_file
2# Mysql Parameters
3MYSQL_PORT_3306_TCP_ADDR=127.0.0.1 #數據庫的host
4MYSQL_PORT_3306_TCP_PORT=3306 #數據庫的port
5
6MYSQL_DATABASE=xxxx #數據庫名
7MYSQL_USER=xxxx #數據庫用戶名
8MYSQL_PASSWORD=xxxx #數據庫密碼
9
10# 郵箱設置,暫時註釋忽略
11# Email Parameters
12# - the hostname/IP address of your mailserver
13#MAIL_PORT_587_TCP_ADDR=smtp.whatever.com
14#the port for the mailserver (probably 587, could be another)
15#MAIL_PORT_587_TCP_PORT=587
16# the default from address, and from name for emails
17#MAIL_ENV_FROM_ADDR=youremail@yourdomain.com
18#MAIL_ENV_FROM_NAME=Your Full Email Name
19# - pick 'tls' for SMTP-over-SSL, 'tcp' for unencrypted
20#MAIL_ENV_ENCRYPTION=tcp
21# SMTP username and password
22#MAIL_ENV_USERNAME=your_email_username
23#MAIL_ENV_PASSWORD=your_email_password
24
25# Snipe-IT Settings
26APP_ENV=production
27APP_DEBUG=false
28APP_KEY=<<Fill in Later!>> #這裏是後續不走生成的,不慌,先不填
29APP_URL=http://192.169.1.33 #系統訪問地址,ip或者域名,測試填本機ip,方便測試
30APP_TIMEZONE=Asia/Shanghai #時區,後續都可以調整的
31APP_LOCALE=en #語言,後續也可以調整
32
33# Docker-specific variables
34PHP_UPLOAD_LIMIT=100 #上傳文件大小限制
- 1.3 生成APP_KEY
1docker run --rm snipe/snipe-it
運行上面的命令後會輸出:
1Please re-run this container with an environment variable $APP_KEY
2An example APP_KEY you could use is:
3base64:D5oGA+zhFSVA3VwuoZoQ21RAcwBtJv/RGiqOcZ7BUvI=
base64:D5oGA+zhFSVA3VwuoZoQ21RAcwBtJv/RGiqOcZ7BUvI= 這一串就是要填入環境變量APP_KEY的值,每個人在自己的環境生成的不一樣的,格式一樣就行。
- 1.4 運行啓動(注意要先填上上一步的
APP_KEY值,保存後再啓動)
1➜ docker run -p 80:80 --env-file=my_env_file snipe/snipe-it
2➜ docker ps
3CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
455b39ab3e1ac snipe/snipe-it "/startup.sh" 8 hours ago Up 8 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 443/tcp jovial_carver
上面可以看出已經運行正常,服務端口爲80
- 1.5 瀏覽器訪問APP_URL的地址(上一步環境變量中設置的:http://192.169.1.33),進行系統初始化設置
這一步比較簡單,網頁上面會顯示步驟條,跟着一路按需操作就可以了,這裏不贅述,參考官方文檔
完成後,測試環境搭建完畢,登入系統,盡情傲遊即可!
2. 生產環境主機部署
生產環境爲什麼又變成主機部署不用docker了呢?因爲Snipe it會允許用戶上傳圖片、文件什麼的,這是存在本地的,其實Snipe it提供存儲到 Amazon S3等服務的選項(官方文檔),但是我們公司私有云沒有這種東西,容器部署的方案就不合適了,主機部署定時備份也還行。
下面主要介紹 php + php-fpm + nginx 部署方式:
- 2.1 下載代碼
登錄到你的生產主機後,下載Snipe it的代碼
1git clone https://github.com/snipe/snipe-it
- 2.2 運行安裝腳本
源碼倉庫裏面自帶裝腳本,下載下來後直接執行。該自動化腳本會根據系統類型安裝 mariadb、apache2、php等,具體可查搜索查看PACKAGES關鍵字,爲了方便,主要是讓它安裝php和對應的插件,等安裝完成後,不需要mariadb、apache2的可以自行選擇禁用或者刪除,本教程會選用 nginx + php-fpm
1cd snipe-it
2wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
3chmod 744 install.sh
4./install.sh
- 2.3 安裝php-fpm、nginx 安裝之前記得先禁用httpd(即apache2),不然nginx無法啓動,端口被佔用衝突。
1systemctl disable httpd
2systemctl stop httpd
3yum install php-fpm nginx
- 2.4 準備環境變量文件
1cp .env.example .env
按照需要更改.env裏面的配置信息,參考測試環境的配置
官方模版
1# --------------------------------------------
2# REQUIRED: BASIC APP SETTINGS
3# --------------------------------------------
4APP_ENV=production
5APP_DEBUG=false
6APP_KEY=ChangeMe
7APP_URL=null
8APP_TIMEZONE='UTC'
9APP_LOCALE=en
10MAX_RESULTS=500
11
12# --------------------------------------------
13# REQUIRED: UPLOADED FILE STORAGE SETTINGS
14# --------------------------------------------
15PRIVATE_FILESYSTEM_DISK=local
16PUBLIC_FILESYSTEM_DISK=local_public
17
18#PRIVATE_FILESYSTEM_DISK=s3_private
19#PUBLIC_FILESYSTEM_DISK=s3_public
20
21
22# --------------------------------------------
23# REQUIRED: DATABASE SETTINGS
24# --------------------------------------------
25DB_CONNECTION=mysql
26DB_HOST=127.0.0.1
27DB_DATABASE=null
28DB_USERNAME=null
29DB_PASSWORD=null
30DB_PREFIX=null
31DB_DUMP_PATH='/usr/bin'
32DB_CHARSET=utf8mb4
33DB_COLLATION=utf8mb4_unicode_ci
34
35# --------------------------------------------
36# OPTIONAL: SSL DATABASE SETTINGS
37# --------------------------------------------
38DB_SSL=false
39DB_SSL_IS_PAAS=false
40DB_SSL_KEY_PATH=null
41DB_SSL_CERT_PATH=null
42DB_SSL_CA_PATH=null
43DB_SSL_CIPHER=null
44
45# --------------------------------------------
46# REQUIRED: OUTGOING MAIL SERVER SETTINGS
47# --------------------------------------------
48MAIL_DRIVER=smtp
49MAIL_HOST=email-smtp.us-west-2.amazonaws.com
50MAIL_PORT=587
51MAIL_USERNAME=YOURUSERNAME
52MAIL_PASSWORD=YOURPASSWORD
53MAIL_ENCRYPTION=null
54MAIL_FROM_ADDR=you@example.com
55MAIL_FROM_NAME='Snipe-IT'
56MAIL_REPLYTO_ADDR=you@example.com
57MAIL_REPLYTO_NAME='Snipe-IT'
58MAIL_AUTO_EMBED_METHOD='attachment'
59
60# --------------------------------------------
61# REQUIRED: IMAGE LIBRARY
62# This should be gd or imagick
63# --------------------------------------------
64IMAGE_LIB=gd
65
66
67# --------------------------------------------
68# OPTIONAL: BACKUP SETTINGS
69# --------------------------------------------
70MAIL_BACKUP_NOTIFICATION_DRIVER=null
71MAIL_BACKUP_NOTIFICATION_ADDRESS=null
72BACKUP_ENV=true
73ALLOW_BACKUP_DELETE=false
74ALLOW_DATA_PURGE=false
75
76# --------------------------------------------
77# OPTIONAL: SESSION SETTINGS
78# --------------------------------------------
79SESSION_DRIVER=file
80SESSION_LIFETIME=12000
81EXPIRE_ON_CLOSE=false
82ENCRYPT=false
83COOKIE_NAME=snipeit_session
84COOKIE_DOMAIN=null
85SECURE_COOKIES=false
86API_TOKEN_EXPIRATION_YEARS=15
87
88# --------------------------------------------
89# OPTIONAL: SECURITY HEADER SETTINGS
90# --------------------------------------------
91APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
92ALLOW_IFRAMING=false
93REFERRER_POLICY=same-origin
94ENABLE_CSP=false
95CORS_ALLOWED_ORIGINS=null
96ENABLE_HSTS=false
97
98# --------------------------------------------
99# OPTIONAL: CACHE SETTINGS
100# --------------------------------------------
101CACHE_DRIVER=file
102QUEUE_DRIVER=sync
103CACHE_PREFIX=snipeit
104
105# --------------------------------------------
106# OPTIONAL: REDIS SETTINGS
107# --------------------------------------------
108REDIS_HOST=null
109REDIS_PASSWORD=null
110REDIS_PORT=null
111
112# --------------------------------------------
113# OPTIONAL: MEMCACHED SETTINGS
114# --------------------------------------------
115MEMCACHED_HOST=null
116MEMCACHED_PORT=null
117
118# --------------------------------------------
119# OPTIONAL: PUBLIC S3 Settings
120# --------------------------------------------
121PUBLIC_AWS_SECRET_ACCESS_KEY=null
122PUBLIC_AWS_ACCESS_KEY_ID=null
123PUBLIC_AWS_DEFAULT_REGION=null
124PUBLIC_AWS_BUCKET=null
125PUBLIC_AWS_URL=null
126PUBLIC_AWS_BUCKET_ROOT=null
127
128# --------------------------------------------
129# OPTIONAL: PRIVATE S3 Settings
130# --------------------------------------------
131PRIVATE_AWS_ACCESS_KEY_ID=null
132PRIVATE_AWS_SECRET_ACCESS_KEY=null
133PRIVATE_AWS_DEFAULT_REGION=null
134PRIVATE_AWS_BUCKET=null
135PRIVATE_AWS_URL=null
136PRIVATE_AWS_BUCKET_ROOT=null
137
138# --------------------------------------------
139# OPTIONAL: AWS Settings
140# --------------------------------------------
141AWS_ACCESS_KEY_ID=null
142AWS_SECRET_ACCESS_KEY=null
143AWS_DEFAULT_REGION=null
144
145# --------------------------------------------
146# OPTIONAL: LOGIN THROTTLING
147# --------------------------------------------
148LOGIN_MAX_ATTEMPTS=5
149LOGIN_LOCKOUT_DURATION=60
150
151# --------------------------------------------
152# OPTIONAL: FORGOTTEN PASSWORD SETTINGS
153# --------------------------------------------
154RESET_PASSWORD_LINK_EXPIRES=15
155PASSWORD_CONFIRM_TIMEOUT=10800
156PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50
157
158# --------------------------------------------
159# OPTIONAL: MISC
160# --------------------------------------------
161APP_LOG=single
162APP_LOG_MAX_FILES=10
163APP_LOG_LEVEL=warning
164APP_LOCKED=false
165APP_CIPHER=AES-256-CBC
166APP_FORCE_TLS=false
167APP_ALLOW_INSECURE_HOSTS=false
168GOOGLE_MAPS_API=
169LDAP_MEM_LIM=500M
170LDAP_TIME_LIM=600
171IMPORT_TIME_LIMIT=600
172IMPORT_MEMORY_LIMIT=500M
173REPORT_TIME_LIMIT=12000
174REQUIRE_SAML=false
175API_THROTTLE_PER_MINUTE=120
個人示例:敏感信息已用xxx替換
1[root@snipe-it]# egrep -v '^#|^$' .env | head -n 25
2APP_ENV=production
3APP_DEBUG=false
4APP_KEY= xxx
5APP_URL=http://xxx
6APP_TIMEZONE='Asia/Shanghai'
7APP_LOCALE=en
8MAX_RESULTS=500
9
10PRIVATE_FILESYSTEM_DISK=local
11PUBLIC_FILESYSTEM_DISK=local_public
12
13
14
15DB_CONNECTION=mysql
16DB_HOST=xxx
17DB_PORT=xxx
18DB_DATABASE=xxx
19DB_USERNAME=xx
20DB_PASSWORD=xxx
21DB_PREFIX=null
22DB_DUMP_PATH='/usr/bin'
23DB_CHARSET=utf8mb4
24DB_COLLATION=utf8mb4_unicode_ci
25
26DB_SSL=false
- 2.5 安裝php包依賴
1curl -sS https://getcomposer.org/installer | php
2php composer.phar install --no-dev --prefer-source
- 2.6 生成APP_KEY
1php artisan key:generate
- 2.7 Nginx 和 PHP-FPM 配置
nginx 配置參考
1[root@conf.d]# cat snipe-it.conf
2server {
3 listen 80;
4 server_name localhost;
5
6 root /data/snipe-it/public;
7 index index.php index.html index.htm;
8
9 location / {
10 try_files $uri $uri/ /index.php$is_args$args;
11 }
12
13 location ~ \.php$ {
14 try_files $uri $uri/ =404;
15 fastcgi_pass unix:/var/run/php7-fpm-www.sock;
16 fastcgi_index index.php;
17 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
18 include fastcgi_params;
19 }
20}
php-fpm 配置參考
1[root@php-fpm.d]# egrep -v '^;|^$' www.conf
2[www]
3user = nginx
4group = nginx
5listen = /var/run/php7-fpm-www.sock
6listen.owner = nginx
7listen.group = nginx
8listen.mode = 0660
9listen.allowed_clients = 127.0.0.1
10pm = dynamic
11pm.max_children = 50
12pm.start_servers = 5
13pm.min_spare_servers = 5
14pm.max_spare_servers = 35
15slowlog = /var/log/php-fpm/www-slow.log
16php_admin_value[error_log] = /var/log/php-fpm/www-error.log
17php_admin_flag[log_errors] = on
18php_value[session.save_handler] = files
19php_value[session.save_path] = /var/lib/php/session
20php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
注意,這裏php-fpm、nginx都是用nginx這個用戶運行,不一致會遇到權限問題,接着把代碼目錄也改爲nginx, 當然你你也可以改成自己想要的用戶運行,記得對應的配置文件也要一併修改。
更改目錄權限和啓動相關服務
1chown -R nginx:nginx /data/snipe-it
2systemctl start php-fpm
3systemctl start nginx
如有需要可往源碼目錄放一個test.php文件,用於測試相關環境配置是否正常。
1echo -e '<?php\nphpinfo();\n?>' > test.php
- 2.8 最後測試驗證
訪問http://xxx.xxx.xxx/test.php 確認正常顯示phpinfo信息。
如果有錯誤,請查看nginx和php-fpm的錯誤日誌,根據報錯解決問題。
再訪問http://xxx.xxx.xxx/ 根據指引設置登錄使用系統。
沒有怎麼接觸的新手,初次使用可以參考官方demo
最後修改於: Monday, August 28, 2023
版權申明:
- 未標註來源的內容皆為原創,未經授權請勿轉載(因轉載後排版往往錯亂、內容不可控、無法持續更新等);
- 非營利為目的,演繹本博客任何內容,請以'原文出處'或者'參考鏈接'等方式給出本站相關網頁地址(方便讀者)。