Snipe-IT Asset Management Software in a FreeNAS jail

This resource was originally created by user: mistermanko on the TrueNAS Community Forums Archive. Please DM this account or comment in this thread to claim it.

In this Resource I’d like to share how to set-up Snipe-IT in a FreeNAS jail.

Snipe-IT is a Free Open Source Asset Management Software, is web-based and utilizes Apache, mysql/mariadb and php - a standard FAMP-Stack.
Before I run down the steps, make sure to read the documentation thoroughly: Introduction most steps needed are described there in detail.
However, because the doc is not entirely clear when it comes to FreeBSD, I’ll provide all steps needed for a deployment in a jail.
In short, it consists of: creating an empty MySQL/MariaDB database, customize the snipe-it configuration file, install the dependencies via composer, and then configure the web server to your needs.

Theoretically you can use the core feature without a Full Qualified Domain Name, simply access the web interface via the jail IP.
Though, I’m not sure how well that works and I did not test it. The setup described below is now in production with multiple users and works very well.

Let’s start:

  1. Jail-Creation and pkgs

For most of this credit goes to tiagom62 from Github who rewrote the install script to get it working with freebsd. However, I pulled my hair out trying to get that script running in a jail hence I did all the necessary steps manually.


echo ‘{“pkgs”:[“nano”,“git”,“unzip”,“apache24”,“mariadb104-server”,“mariadb104-client”,“php74”,“mod_php74”,“php74-bcmath”,“php74-composer”,“php74-ctype”,“php74-curl”,“php74-dom”,“php74-fileinfo”,“php74-filter”,“php74-gd”,“php74-iconv”,“php74-intl”,“php74-json”,“php74-ldap”,“php74-mbstring”,“php74-mysqli”,“php74-openssl”,“php74-pdo”,“php74-pdo_mysql”,“php74-pdo_sqlite”,“php74-pecl-imagick-im7”,“php74-phar”,“php74-session”,“php74-simplexml”,“php74-sqlite3”,“php74-tokenizer”,“php74-xml”,“php74-xmlwriter”,“php74-zip”,“php74-zlib”,“php74-posix”, “ca_root_nss”]}’ > /tmp/pkg.json


iocage create -n “snipeit” -p /tmp/pkg.json -r 11.3-RELEASE ip4_addr=“vnet0|192.168../24” defaultrouter=“192.168..” vnet=“on” allow_raw_sockets=“1” boot=“on”

change *** to your network appliance


rm /tmp/pkg.json

  1. Set-up FAMP-Stack

#go into jail
iocage console snipeit

#activate php
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

#run apache on startup
sysrc apache24_enable="yes"
sysrc mysql_enable="yes"
service apache24 start

#Enable mod_rewrite


sed -i .bak “s;#LoadModule rewrite_module libexec/apache24/;LoadModule rewrite_module libexec/apache24/;” /usr/local/etc/apache24/httpd.conf

#Enable php in apache
nano /usr/local/etc/apache24/Includes/php.conf
Input this:


DirectoryIndex index.php index.html <FilesMatch “.php$”> SetHandler application/x-httpd-php <FilesMatch “.phps$”> SetHandler application/x-httpd-php-source

save and exit nano. (Ctrl + O, Ctrl + X)

#Creating the new virtual host in Apache.
nano /usr/local/etc/apache24/Includes/snipeit.conf


<VirtualHost *:80> <Directory /usr/local/www/apache24/data/snipeit/public> Allow From All AllowOverride All Options +Indexes DocumentRoot /usr/local/www/apache24/data/snipeit/public ServerName yourFQDN

save and exit

Replace yourFQDN with the domain via you want to access your snipe-IT webGUI, i.e.
Asteriks must be removed, do not put “http” or “www” or slashes in your FQDN. Snipe-IT wants to sit behind a subdomain, if you must use a subdirectory like you can read up on that here

#test your apache config
apachectl restart

#Starting MariaDB
service mysql-server start

#Securing MariaDB

Answer questions 1 and 2 with no, the rest with yes.

#Creating MariaDB Database/User
mysql -u root -p --execute="CREATE DATABASE snipeit;GRANT ALL PRIVILEGES ON snipeit.* TO snipeit@localhost IDENTIFIED BY 'YOURDBPASSWORD';"
Replace YOURDBPASSWORD with a strong password for your mysql-database, make sure to store it somewhere safe. Keep the apostrophese.
Enter your DB password when asked.

  1. Install snipe-it

#Cloning Snipe-IT from github to the web directory
git clone /usr/local/www/apache24/data/snipeit

#Configuring .env file.
cp /usr/local/www/apache24/data/snipeit/.env.example /usr/local/www/apache24/data/snipeit/.env
nano /usr/local/www/apache24/data/snipeit/.env
copy the following into the .env file and save and exit


-------------------------------------------- # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production APP_DEBUG=false APP_KEY= APP_URL=http://YOURFQDN APP_TIMEZONE=‘US/Pacific’ APP_LOCALE=en MAX_RESULTS=500 # -------------------------------------------- # REQUIRED: DATABASE SETTINGS # -------------------------------------------- DB_CONNECTION=mysql DB_HOST=localhost DB_DATABASE=snipeit DB_USERNAME=snipeit DB_PASSWORD=YOURDBPASSWORD DB_PREFIX=null DB_DUMP_PATH=‘/usr/local/bin’ DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- DB_SSL=false DB_SSL_IS_PAAS=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_DRIVER=smtp MAIL_PORT=465 MAIL_USERNAME=webmaster MAIL_PASSWORD=loginpasswordofyourmailservice MAIL_ENCRYPTION=ssl MAIL_FROM_ADDR=webmaster@mydomain.coim MAIL_FROM_NAME=‘Snipe-IT’ MAIL_REPLYTO_ADDR=webmaster@mydomain.coim MAIL_REPLYTO_NAME=‘Snipe-IT’ MAIL_BACKUP_NOTIFICATION_ADDRESS=admin@mydomain.coim # -------------------------------------------- # REQUIRED: IMAGE LIBRARY # This should be gd or imagick # -------------------------------------------- IMAGE_LIB=imagick # -------------------------------------------- # OPTIONAL: SESSION SETTINGS # -------------------------------------------- SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null SECURE_COOKIES=false # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- APP_TRUSTED_PROXIES=, ALLOW_IFRAMING=false REFERRER_POLICY=same-origin ENABLE_CSP=false CORS_ALLOWED_ORIGINS=null # -------------------------------------------- # OPTIONAL: CACHE SETTINGS # -------------------------------------------- CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync CACHE_PREFIX=snipeit # -------------------------------------------- # OPTIONAL: REDIS SETTINGS # -------------------------------------------- REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT=null # -------------------------------------------- # OPTIONAL: MEMCACHED SETTINGS # -------------------------------------------- MEMCACHED_HOST=null MEMCACHED_PORT=null # -------------------------------------------- # OPTIONAL: AWS S3 SETTINGS # -------------------------------------------- AWS_SECRET=null AWS_KEY=null AWS_REGION=null AWS_BUCKET=null # -------------------------------------------- # OPTIONAL: LOGIN THROTTLING # -------------------------------------------- LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 # -------------------------------------------- # OPTIONAL: MISC # -------------------------------------------- APP_LOG=single APP_LOG_MAX_FILES=10 APP_LOCKED=false FILESYSTEM_DISK=local APP_CIPHER=AES-256-CBC GOOGLE_MAPS_API= BACKUP_ENV=true LDAP_MEM_LIM=500M LDAP_TIME_LIM=600

Things you need to change to your specific setup are:

APP_TIMEZONE = PHP-supported timezone
DB_PASSWORD=mysql password you have chosen
MAIL SERVER SETTINGS= smtp mailservice, more in the snipe-it documenation
APP_TRUSTED_PROXIES=if snipeit runs behind a reverse proxy, the ip adress of the reverse proxy host goes here, or both are possible

#Installing and running composer
cd /usr/local/www/apache24/data/snipeit
curl -sS | php
php composer.phar install --no-dev --prefer-source

#Setting permissions
chmod -R 755 /usr/local/www/apache24/data/snipeit/storage chmod -R 755 /usr/local/www/apache24/data/snipeit/storage/private_uploads chmod -R 755 /usr/local/www/apache24/data/snipeit/public/uploads chown -R www:www /usr/local/www/apache24/data/snipeit

#Generating the application key
php artisan key:generate --force

IMPORTANT: write down/copy the generated key somewhere safe

#Artisan Migrate
php artisan migrate --force

#Creating scheduler cron
crontab -e
press i, copy line below and paste into crontab

* * * * * /usr/bin/php /usr/local/www/apache24/data/snipeit/artisan schedule:run >> /dev/null 2>&1

press ESC and type :wq! and hit enter.

#restart apache
apachectl restart

Navigate to your servers ip-adress or FQDN. You should now see the snipe-it pre-flight configuration website (http://yourFQDN/setup).
Work your way through the pre-flight setup guide, set-up user and password, if you encounter errors, consult the documentation and ultimatley you should land on the dashboard of Snipe-IT.

That’s it!

Upgrading Snipe-IT

A few words about upgrading to a newer version of snipeit.
The snipeit git brings it own updater with it, so running that is enough - for now:

cd /usr/local/www/apache24/data/snipeit su -m www -c "php upgrade.php"

In the future there could be issues with composer. Because composer is installed via pkg and not copied from repo by php, like it is suggested in the documentation,
it would be wise to run composer before using the upgrade.php to let it update to the latest packages, so that the update script later just checks for updates and skips the php composer installation.

composer update

I’ve had yet the chance to test out this approach because there was only a minor update since writing this script. I will test it out when v5 is coming, which should be later this summer.