Skip to content

Instantly share code, notes, and snippets.

@NightyKnight

NightyKnight/Install SnipeIT from Scratch

Created October 2, 2019 16:51
Show Gist options
  • Save NightyKnight/8aeb9bb87c447e469d2b67b3d9b7a58b to your computer and use it in GitHub Desktop.
Save NightyKnight/8aeb9bb87c447e469d2b67b3d9b7a58b to your computer and use it in GitHub Desktop.
Download ZIP
Install Snipe-IT from scratch on a CentOS 7 machine behind a corporate proxy server
Raw
Install SnipeIT from Scratch
Install SnipeIT From Scratch on CentOS 7
1) Setup Proxy
proxy setup:
/etc/yum.conf
proxy=http://proxy.dev:8080/
/etc/profile
#proxy
MY_PROXY_URL="http://proxy.dev:8080/"
HTTP_PROXY=$MY_PROXY_URL
HTTPS_PROXY=$MY_PROXY_URL
FTP_PROXY=$MY_PROXY_URL
http_proxy=$MY_PROXY_URL
https_proxy=$MY_PROXY_URL
ftp_proxy=$MY_PROXY_URL
export HTTP_PROXY HTTPS_PROXY FTP_PROXY http_proxy https_proxy ftp_proxy
a) Reboot server to apply proxy settings
2)Install SnipeIT and deps from script
a)Download the install script
wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh
chmod 744 install.sh
b) Comment out the last line to download snipeit.sh without installing
vi install.sh
i) Run to fetch install script
./install.sh
c) Edit line 169 to the following adding stream context for proxy
vi snipeit.sh
run_as_app_user curl https://getcomposer.org/installer -o composer-setup.php
d) Uncomment last line and comment the wget and chmod lines to avoid overwriting snipeit.sh
vi install.sh
e) Move cronjob to snipeitapp user's crontab to fix log permissions issue when updating.
crontab -u root -e
#Copy and Delete the line from the root crontab
* * * * * /usr/bin/php /var/www/snipeit/artisan schedule:run >> /dev/null 2>&1
crontab -u snipeitapp -e
#Copy and save the below
* * * * * /usr/bin/php /var/www/snipeit/artisan schedule:run >> /dev/null 2>&1
3) Update SnipeIT
cd /var/www/snipeit
su -c "php upgrade.php" snipeitapp
4) Enable HTTPS
a) Get Certificate from your Certificate Authority
b) Copy Certificate and key to File System
cp snipeit.crt /etc/pki/tls/certs/
cp snipeit.key /etc/pki/tls/private/
c) Install mod_ssl Apache Module
yum install -y mod_ssl
d) Update Snipe-IT Web Server Configs
cd /etc/httpd/conf.d/
i)Edit snipeit.conf
vi snipeit.conf
<VirtualHost *:80>
ServerName snipeit.dev
DocumentRoot /var/www/snipeit/public
Redirect Permanent / https://snipeit.dev
</VirtualHost>
<VirtualHost *:443>
ServerName snipeit.dev:443
DocumentRoot /var/www/snipeit/public
<Directory /var/www/snipeit/public>
Options Indexes followSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/snipeit.crt
SSLCertificateKeyFile /etc/pki/tls/private/snipeit.key
</VirtualHost>
ii) Secure ssl.conf
a)Comment out SSLProtocol and SSLCipherSuite lines and add to bottom of file
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
#SSLUseStapling on
#SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
iii) Secure Apache and PHP
Add to httpd.conf
vi /etc/httpd/conf/httpd.conf
#Server Security Options
ServerSignature Off
ServerTokens Prod
vi /etc/php.ini
expose_php = Off
e) Open Firewall for Port 443
firewall-cmd --add-service=https
firewall-cmd --runtime-to-permanent
f) Check the configuration file for sytax errors
apachectl configtest
If output is "Syntax OK", continue. Otherwise, check the syntax of your files and try again
5) Migrate Production Data
a) Login to production SnipeIT and go to Admin -> Backups -> Generate Backups
b) Either download the backup locally or connect from the new machine via SFTP
i) SFTP Method - Assuming a starting directory of root's home /root or ~/ when logged in as root
sftp [email protected]
cd /var/www/snipeit/storage/app/backups
get lastest_backup.zip
exit
c) Unpack archive into new folder
mkdir ~/snipeit-prod/
cd ~/snipeit-prod/
unzip ../lastest_backup.zip
d) Stop Application before importing database
systemctl stop httpd
e) Drop Test Database created during install script
mysql -u root -p
drop database snipeit;
create database snipeit;
exit;
f) Import Database Backup
mysql -u root -p snipeit < ~/snipeit-prod/snipeit_data.sql
g) Import Snipe-IT Data
cd /var/www/snipeit
cp .env .env.fresh
cp ~/snipeit-prod/.env .env.import
i) diff the current .env file with the one from the old systemctl
diff -yw .env .env.import
ii) Copy the APP_KEY Value from the diff output from the .env.import file and replace in the new .env
Also update the APP_URL field to https://snipeit.dev
vi .env
iii) Copy the OAuth keys
i) Backup Fresh keys
mv storage/oauth-private.key storage/oauth-private.key.bak
mv storage/oauth-public.key storage/oauth-public.key.bak
ii) Import Prod keys
cp ~/snipeit-prod/var/www/snipe-it/storage/*.key /var/www/snipeit/storage/
iv) Copy Public Uploads and Private Uploads (Skip if empty)
cp ~/snipeit-prod/var/www/snipe-it/storage/private_uploads /var/www/snipeit/storage/
cp ~/snipeit-prod/var/www/snipe-it/public/uploads /var/www/snipeit/public/
v) Run the migration scripts
cd /var/www/snipeit
sudo -u snipeitapp php artisan migrate
sudo -u snipeitapp php artisan config:clear
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment