1.) Install CentOS 7×64 minimal on 20GB drive
2.) Setup static IP and FQDN that you own so you can install security certificates (e.g. assets.domainname.com).
3.) Enable NTP and set timezone.
4.) Create parition scheme, 1GB /boot, 2xRAM swap, rest / on standard paritions.
5.) Software selection = minimal
6.) Set root and optionally user account passwords
7.) Reboot and perform a yum update
https://wiki.centos.org/HowTos/php7
yum -y install centos-release-scl.noarch yum -y install epel-release yum -y install rh-php71 rh-php71-php rh-php71-php-fpm rh-php71-php-bcmath rh-php71-php-mbstring rh-php71-php-mcrypt rh-php71-php-gd rh-php71-php-ldap rh-php71-php-mysqlnd mariadb-server httpd vim wget unzip git systemctl enable rh-php71-php-fpm.service systemctl start rh-php71-php-fpm.service
Add PHP7 to the system $PATH
echo 'pathmunge /opt/rh/rh-php71/root/usr/bin' > /etc/profile.d/rh-php71.sh chmod +x /etc/profile.d/rh-php71.sh
Reload your profile (yes, there is a space between the . and /etc)
. /etc/profile
Install Composer
cd ~ curl -sS https://getcomposer.org/installer | php mv composer.phar /usr/bin/composer
9.) Enable and start HTTPD, add firewall rules:
systemctl enable httpd ; systemctl start httpd firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https --permanent firewall-cmd --reload
10.) Delete /etc/httpd/conf.d/welcome.conf
rm /etc/httpd/conf.d/welcome.conf
Create a root password and record it and accept all other defaults.
systemctl enable mariadb systemctl start mariadb mysql_secure_installation
15.) Create database for Snipe-IT Login to the database server, when prompted use the password you created during mysql_secure_installation
mysql -u root -p
Run the following commands to create the database, user, set permissions and apply (note: use a new unique password here)
CREATE DATABASE snipeit_db; CREATE USER 'snipeit_dbuser'@'localhost' IDENTIFIED BY 'StrongPassword'; GRANT ALL PRIVILEGES ON snipeit_db.* TO 'snipeit_dbuser'@'localhost'; FLUSH PRIVILEGES; EXIT;
https://www.vultr.com/docs/how-to-install-snipe-it-on-centos-7
cd /var/www/ git clone https://github.com/snipe/snipe-it snipe-it
17.) Modify the environmental variables
cd /var/www/snipe-it cp .env.example .env vim .env
Set the following variables according to your install
APP_URL=http://snipe-it.domainname.com #Provide your domain name or IP address here APP_TIMEZONE='US/Pacific' #Change it according to your country DB_DATABASE=snipeit_db #Provide the database name you created earlier DB_USERNAME=snipeit_dbuser #Provide database user's username DB_PASSWORD=superSecretPW #Provide the DB user's password MAIL_DRIVER=smtp MAIL_HOST=mail.domain.name MAIL_PORT=587 MAIL_USERNAME=snipeit_notifications@maildomain.com MAIL_PASSWORD=someXcellentPW MAIL_ENCRYPTION=TLS MAIL_FROM_ADDR=snipeit_notifications@aildomain.com MAIL_FROM_NAME='Your Asset Management System' MAIL_REPLYTO_ADDR=noreply@maildomain.com MAIL_REPLYTO_NAME='noreply@maildomain.com'
11.) Create a php file to check php-fpm (Note: this is to check that php-fpm is activated and is use, we'll delete it later)
vim /var/www/snipe-it/public/index-fpm-test.php
Add the content:
<?php phpinfo() ?>
useradd snipe passwd snipe usermod -a -G apache snipe chown -R snipe:apache /var/www/snipe-it chmod -R 775 /var/www/snipe-it/storage chmod -R 775 /var/www/snipe-it/public/uploads chmod 640 /var/www/snipe-it/.env chcon -R -h -t httpd_sys_rw_content_t /var/www/snipe-it/storage/ chcon -R -h -t httpd_sys_rw_content_t /var/www/snipe-it/public/ setsebool -P httpd_can_connect_ldap on setsebool -P httpd_can_network_connect on setsebool -P httpd_can_sendmail on
Change to user snipe to run composer install then exit
su snipe cd /var/www/snipe-it composer install --no-dev --prefer-source exit
Set permissions on downloaded vendor files
chown -R snipe:apache /var/www/snipe-it/vendor
Generate app key
php artisan key:generate --force
Populate SQL database
php artisan migrate --force
20.) Create a virtual host for Snipe-IT
vim /etc/httpd/conf.d/snipe-it.domainname.com.conf
Add the following
<VirtualHost *:80>
ServerName snipe-it.domainname.com
DocumentRoot /var/www/snipe-it/public
<Directory /var/www/snipe-it/public>
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Order allow,deny
allow from all
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
</VirtualHost>
Restart Apache
systemctl restart httpd
13.) browse to ip.add.r.ess/index-fpm-test.php to verify php version and php-fpm is active
14.) Delete /var/www/snipe-it/public/index-fpm-test.php
rm /var/www/snipe-it/public/index-fpm-test.php
First be sure you're host OS is using the DNS of your AD domain controllers if you want to use the DNS name of the server.
https://github.com/ladybirdweb/faveo-helpdesk/wiki/Install-Let’s-Encrypt-SSL-on-CentOS-7-Running-Apache-Web-Server
Install dependent modules
yum install epel-release mod_ssl
Install the Let’s Encrypt client
yum install python-certbot-apache
Setup the certificate
certbot --apache -d example.com
Setup crontab to auto-renew the certificate
crontab -e
And enter something like
0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log
then add -SSLv3 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 to SSLProtocol
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
then add !RC4:!3DES to SSLCipherSuite
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!3DES
then disable http in firewalld
firewall-cmd --remove-service=http --permanent firewall-cmd --reload
yum install mod_ssl mkdir /root/certs/ && cd /root/certs/ openssl req -new -newkey rsa:4096 -days 1095 -nodes -keyout domain.name.com.key -out domain.name.com.csr
when asked for common name put full domain name you are trying to secure
Go to namecheap.com and get a positiveSSL certificate for 2 years, upload the contents of the CSR file for the request.
download and unzip the file in /root
then merge the bundle and crt files
cat domain.name_com.ca-bundle >> domain.name_com.crt
copy the domain.name_com.crt to /etc/pki/tls/certs copy the domain.name.com.key to /etc/pki/tls/private
Set proper permissions for files
chmod 600 /etc/pki/tls/certs/domain.name_com.crt chmod 600 /etc/pki/tls/private/domain.name.com.key restorecon -RvF /etc/pki/tls/certs restorecon -RvF /etc/pki/tls/private
Configure ssl.conf
vim /etc/httpd/conf.d/ssl.conf
find SSLCertificateFile and replace what comes after with
/etc/pki/tls/certs/domain.name_com.crt
find SSLCertificateKeyFile and replace what comes after with
/etc/pki/tls/private/domain.name.com.key
then add -SSLv3 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 to SSLProtocol
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
then add !RC4:!3DES to SSLCipherSuite
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!3DES
vim /etc/httpd/conf.d/snipe-it.domainname.com.conf
Change the following
<VirtualHost *:80> <code> to <code> <VirtualHost *:443>
and add under Virtual Host line (replacing xxx.cert and xxx.key with your files of course!)
SSLEngine on SSLCertificateFile /etc/pki/tls/certs/xxx.crt SSLCertificateKeyFile /etc/pki/tls/private/xxx.key
Restart Apache
systemctl restart httpd
Test the website at https://...
then disable http in firewalld
firewall-cmd --remove-service=http --permanent firewall-cmd --reload