Configuration

This section is where you edit the Snipe-IT configuration file to reflect your own settings, such as your database credentials, mail server, preferred language, timezone, and so on. Some of the settings are optional, some are required.

Don't be intimidated by the length of this page. The configuration options are pretty straightforward, we just like to explain what each of them do. :grinning:

Your Environmental Config File

🚧

IMPORTANT!

Snipe-IT caches these variables for you to speed things up. If you make subsequent changes to this file, make sure you run php artisan config:clear to clear the compiled version to see your changes.

All system configuration variables are stored in a single .env file in your project's root. To get started, copy over the .env.example file to a new .env file:

cp .env.example .env

(Click here for information on renaming files that begin with a dot in Windows.)

When you first get started, your .env file looks like this:

# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=null
APP_TIMEZONE='UTC'
APP_LOCALE=en
MAX_RESULTS=500

# --------------------------------------------
# REQUIRED: UPLOADED FILE STORAGE SETTINGS
# --------------------------------------------
PRIVATE_FILESYSTEM_DISK=local
PUBLIC_FILESYSTEM_DISK=local_public

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_IS_PAAS=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
MAIL_ENCRYPTION=null
[email protected]
MAIL_FROM_NAME='Snipe-IT'
[email protected]
MAIL_REPLYTO_NAME='Snipe-IT'
[email protected]

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=60
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=40

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
ALLOW_IFRAMING=false
REFERRER_POLICY=same-origin
ENABLE_CSP=false
CORS_ALLOWED_ORIGINS=null
ENABLE_HSTS=false

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
CACHE_PREFIX=snipeit

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT=null

# --------------------------------------------
# OPTIONAL: MEMCACHED SETTINGS
# --------------------------------------------
MEMCACHED_HOST=null
MEMCACHED_PORT=null

# --------------------------------------------
# OPTIONAL: PUBLIC S3 Settings
# --------------------------------------------
PUBLIC_AWS_SECRET_ACCESS_KEY=null
PUBLIC_AWS_ACCESS_KEY_ID=null
PUBLIC_AWS_DEFAULT_REGION=null
PUBLIC_AWS_BUCKET=null
PUBLIC_AWS_URL=null
PUBLIC_AWS_BUCKET_ROOT=null

# --------------------------------------------
# OPTIONAL: PRIVATE S3 Settings
# --------------------------------------------
PRIVATE_AWS_ACCESS_KEY_ID=null
PRIVATE_AWS_SECRET_ACCESS_KEY=null
PRIVATE_AWS_DEFAULT_REGION=null
PRIVATE_AWS_BUCKET=null
PRIVATE_AWS_URL=null
PRIVATE_AWS_BUCKET_ROOT=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOG_MAX_FILES=10
APP_LOCKED=false
APP_CIPHER=AES-256-CBC
GOOGLE_MAPS_API=null
BACKUP_ENV=true
LDAP_MEM_LIM=500M
LDAP_TIME_LIM=600

We'll spend some time breaking down these options so you're clear on what should go where.

🚧

NOTE:

Make sure there are no trailing spaces after the values you add in your .env file, as that can sometimes cause unexpected results.

REQUIRED: Basic App Settings

The first part of your .env file covers basic application settings.

# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=null
APP_TIMEZONE='America/Los_Angeles'
APP_LOCALE=en

Setting

Notes

APP_ENV

This should always be set to production unless you are a developer who is editing code within snipe-IT.

APP_DEBUG

Setting this to true will turn on debugging in your Snipe-IT installation. This can be very useful for debugging, but should NEVER be left to true in a production environment.

APP_KEY

This is a randomly generated key that your system will use to store encrypted data. It's best not to change this manually, but to run php artisan key:generate to create a new key that is the right length. (You'll complete this step after you Install Dependencies - See Step 5 in the installation overview.)

Make sure you keep a backup of this value somewhere safe (password manager, etc).

APP_URL

This is the url to your application, beginning with http:// or https:// (if you're running Snipe-IT over SSL). This should not have a trailing slash, should not be left as null, and you should not have public in the URL.

Images and javascript will not load correctly if this is not set to EXACTLY the URL you access your Snipe-IT app from.

APP_TIMEZONE

Set this to be the timezone you wish your Snipe-IT installation to use. This should use a PHP-supported timezone, and should be enclosed in single quotes.

APP_LOCALE

Set this to reflect the two-letter or 5-letter abbreviation for the language you'd like to use for Snipe-IT. The default language is US English (en), however we have additional language translations available, thanks to a great community of people helping us translate Snipe-IT

❗️

IMPORTANT:

Make sure you keep a backup of your APP_KEY somewhere safe.

Setting a Language

If you wish to use one of the other available languages, simply replace the default value of locale from en to one of the values listed below.

Language

Value

English (US)

en

English (UK)

en-GB

Afrikaans

af

Arabic

ar

Bulgarian

bg

Chinese Simplified

zh-CN

Chinese Traditional

zh-TW

Croatian

hr

Czech

cs

Danish

da

Dutch

nl

Estonian

et

Finnish

fi

French

fr

German

de

Greek

el

Hebrew

he

Hungarian

hu

Indonesian

id

English, Indonesia

en-ID

Irish

ga-IE

Italian

it

Japanese

ja

Korean

ko

Latvian

lv

Lithuanian

lt

Malay

ms

Maori

mi

Mongolian

mn

Norwegian

no

Persian

fa

Polish

pl

Portuguese

pt-PT

Portuguese, Brazilian

pt-BR

Romanian

ro

Russian

ru

Spanish

es-ES

Spanish, Colombia

es-CO

Swedish

sv-SE

Tamil

ta

Turkish

tr

Vietnamese

vi

Zulu

zu

If you're interested in additional languages, or would like to help us translate some of the incomplete existing languages, please see the Translations page. Check out the Snipe-IT CrowdIn translation project here to see current translation progress and all available languages.

REQUIRED: Database Settings

The next section in the .env asks you about your database settings:

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/local/bin'

❗️

IMPORTANT:

You must create the database yourself if you did a manual installation (meaning you didn't use install.sh, or docker). Snipe-IT does not create the database or database users for you. Click here to learn more about creating a database and database user.

Setting

Notes

DB_CONNECTION

Leave this as mysql. Snipe-IT currently only supports MySQL/MariaDB.

DB_HOST

The host for your database. On most installations, you can leave this as localhost.

DB_DATABASE

The name of your Snipe-IT database.

DB_USERNAME

The MySQL username you set up to access the database.

DB_PASSWORD

Your database password for the user you specified above.

DB_PREFIX

Only required if you wish to use a prefix for your database tables. (Most installations can leave this set to null.)

DB_DUMP_PATH

Path to the directory that contains mysqldump on your machine. This should point to the directory, not the binary itself.

This is often something like '/usr/bin' on linux systems.

Windows users should use something like: 'C:\\PROGRA~1\\MARIAD~1.0\\bin' or 'C:\\PROGRA~1\\MARIAD~1.1\\bin', depending your version (note the double-slashes).

If you're not sure what the path is to mysqldump, linux users can run which mysqldump and Windows users can use cmd /c for %A in ("C:\Program Files\MariaDB 10.1\bin") do @echo %~sA via command line to reveal the path information.

DB_SOCKET

Path to the unix socket if you are connecting via socket instead. This field is optional and should only be used if you are connecting via socket.

DB_PORT

(Optional) If you wish to use a non-standard database port, specify it here.

REQUIRED: Outgoing Mail Settings

Outgoing mail settings are required in order for your Snipe-IT installation to send email. If you do not configure your mail settings, users will not be able to request a password reset if they get locked out, your email alerts for expiring licenses and assets (etc) will not work, and you cannot use asset acceptance/EULA requirements on your system.

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
MAIL_ENCRYPTION=null
[email protected]
MAIL_FROM_NAME=Snipe-IT
[email protected]
MAIL_REPLYTO_NAME=Snipe-IT
MAIL_AUTO_EMBED=true
MAIL_AUTO_EMBED_METHOD=base64

When you've completed the configuration setup and get to the Pre-Flight & Setup page, you will be able to test yout mail settings.

Setting

Notes

MAIL_DRIVER

Specify the driver you would like to use. On most installations, you can leave this as smtp. Other options include mail to use the system's PHP mail function, or sendmail if you wish to use your server's sendmail. If you do not wish to send any email from the system, you can set this to log.

MAIL_HOST

Specify the hostname for your outgoing mail server. Keep in mind that this server must be accessible from the server you're running Snipe-IT on.

MAIL_PORT

Set the port number that your mail server expects to send from. Some common port numbers are:

  • 25 for unencrypted connections
  • 587 for encrypted connections

MAIL_USERNAME

Set the username of the authenticated user you'll be sending email as.

MAIL_PASSWORD

Set the password for the authenticated user you'll be sending as.

MAIL_ENCRYPTION

Here you may specify the encryption protocol that should be used when the application sends e-mail messages. A sensible default using the transport layer security protocol should provide great security, however if your server doesn't support TLS or any other encryption (shame!), you can use null.

MAIL_FROM_ADDR

Specify an email address that is used globally for all e-mails that are sent by your application.

MAIL_FROM_NAME

Specify the name that should show up in the recipient's inbox when they receive email from your Snipe-IT instance.

MAIL_REPLYTO_ADDR

Specify the address that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_ADDR, but it is required.

MAIL_REPLYTO_NAME

Specify the name that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_NAME , but it is required.

MAIL_AUTO_EMBED

Whether or not to embed images in emails (via CID or base64) versus linking to them. This can be helpful when your Snipe-IT installation is behind a private network, as employees not currently logged into that network would show broken images.

MAIL_AUTO_EMBED_METHOD

Method that should be used for attaching inline images. Options are attachment (for CID) or base64.

GoDaddy Email

If you're using GoDaddy for hosting, you will need to set your mail server to use relay-hosting.secureserver.net on port 25, with username and password left as null values. See the GoDaddy relay server documentation for more specifics.

Using Gmail

If you're using Gmail to send your emails, you'll want to use the settings below (in addition to filling out the from address and name in the config file):

driver

smtp

host

smtp.gmail.com

port

587

encryption

tls

username

your_gmail_username

password

your_gmail_password

Additionally, you may need to tweak a few settings in your Gmail account to handle Google's security that can kick in if Google doesn't recognize the system you're trying to access it through.

  • Sign into the Gmail account in a browser
  • Go here and enable access for "less secure" apps:
  • Then go here and click Continue.
  • If you're still getting errors, try this solution on StackOverflow.

(More info on sending email through Laravel and Gmail is available here, and more info on why Google makes you jump through these hoops is available here.)

If you're still having problems

If you don’t have easy access to a mail server (or you can't get your settings to work for some reason), we suggest signing up for Mandrill.

REQUIRED: Image Library Settings

GD Library or Imagemagick are required to generate barcodes for Snipe-IT, and to resize uploaded images associated with assets, asset models, etc. Specify which one you have available on your server.

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

OPTIONAL: Session Settings

These settings can usually be left as their defaults, however we'll walk through what each of the options do.

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=30
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=40

Setting

Notes

SESSION_LIFETIME

Specify the time in minutes that the session should remain valid.

EXPIRE_ON_CLOSE

Specify whether or not the logged in session should be expired when the user closes their browser window.

ENCRYPT

Specify whether you wish to use encrypted cookies for your Snipe-IT sessions.

COOKIE_NAME

Unless you're running multiple instances of Snipe-IT, you should be able to leave this as the default. If you are running multiple Snipe-IT installs, you should probably set this to a unique name for each one so that your browser doesn't get sessions confused.

COOKIE_DOMAIN

Specify what domain name Snipe-IT should honor cookies from. This provides enhanced security, and should be set to whatever the domain name is of your Snipe-IT installation if you choose to use it. If you are having problems logging into your Snipe-IT instance, check and make sure this setting is correct.

SECURE_COOKIES

By setting this option to true, session cookies will only be sent back to the server if the browser has a HTTPS connection. This will keep the cookie from being sent to you if it can not be done securely. If you are not running your Snipe-IT over SSL, you should leave this as false.

API_TOKEN_EXPIRATION_YEARS

This sets how long the API tokens should be valid for. The default is 40 years if no value is given, however if you're running 32-bit PHP, you should manually set this to something lower like 15 years, otherwise you may get a 401 Unauthorized error on API requests.

❗️

IMPORTANT:

If you are NOT running Snipe-IT over SSL and you enable SECURE_COOKIES, your users will not be able to login to the site. Only use this option if you are running Snipe-IT over SSL.

Optional: Login Throttling

Snipe-IT utilizes brute force prevention to prevent attackers from attempting to brute-force logins to your installation. There is no way to disable brute force detection, but you can configure the maximum allowed attempts and the duration a user is locked out when they exceed that number.

Setting

Default Value

Notes

LOGIN_MAX_ATTEMPTS

5

The maximum number of failed attempts allowed before the user is throttled.

LOGIN_LOCKOUT_DURATION

60

The duration (in seconds) that the user should be blocked from attempting to authenticate again.

Optional: Amazon S3 Settings

These should be used if you wish to store your file uploads on Amazon S3. All of the fields below are required if you want to use this option.

# --------------------------------------------
# OPTIONAL: PUBLIC S3 Settings
# --------------------------------------------
PUBLIC_AWS_SECRET_ACCESS_KEY=null
PUBLIC_AWS_ACCESS_KEY_ID=null
PUBLIC_AWS_DEFAULT_REGION=null
PUBLIC_AWS_BUCKET=null
PUBLIC_AWS_URL=null
PUBLIC_AWS_BUCKET_ROOT=null

# --------------------------------------------
# OPTIONAL: PRIVATE S3 Settings
# --------------------------------------------
PRIVATE_AWS_ACCESS_KEY_ID=null
PRIVATE_AWS_SECRET_ACCESS_KEY=null
PRIVATE_AWS_DEFAULT_REGION=null
PRIVATE_AWS_BUCKET=null
PRIVATE_AWS_URL=null
PRIVATE_AWS_BUCKET_ROOT=null

Optional: Misc

Setting

Default Value

Notes

LOG

single

Whether to use a single log file, or multiple date-based log files for your app error logs. Set to daily for logs broken down into daily files.

APP_LOG_MAX_FILES

10

Max number of daily app log files to retain.

FILESYSTEM_DISK

local

Snipe-IT only supports local disks at this time, so this setting should be left isn is.

APP_TRUSTED_PROXIES

192.168.1.1,10.0.0.1

Enter your host IP address if you use a reverse proxy.

ALLOW_IFRAMING

false

Set this to true if you need to run Snipe-IT within an iframe. This is an uncommon scenario, so you can leave this out or set it to false in most cases.

APP_CIPHER

AES-256-CBC

You should not change this unless you know what you're doing.

GOOGLE_MAPS_API

Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages. For more information on setting this up, see our common issues.

BACKUP_ENV

true

Set this to true if you wish to backup your .env file in your Admin > Backups process. Set it to false to disable backing up .env files.

LDAP_MEM_LIM

500M

Memory limit for LDAP execution

LDAP_TIME_LIM

600

Time limit for LDAP execution

ENABLE_HSTS

false

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone.

The HSTS Policy is communicated by the server to the user agent via an HTTPS response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site.

REQUIRED: Set Directory Permissions

You’ll need to make sure that the storage directory and its subdirectories, as well as the uploads directory within public are writable by your web server, since caches, log files, and uploaded files get written there.

The easiest way to handle permissions is to have your non-privileged user that owns your snipe-it project root set as belonging to the same group that the web server runs as.

useradd -g apache snipeit

The above creates a new linux user snipeit and adds them to the apache group. This is just an example though, and if you have experience running web servers, you probably already know how to manage this.

For more info on linux users and groups, click here.

You should use the minimum permissions available for writing, based on how you’ve got your web server configured.

chown -R snipeit storage public/uploads

Next, you'll want to ensure that this user has write permissions to those directories.

On Linux/OS X, you would do something like this:

chmod -R 755 storage
chmod -R 755 public/uploads

For help fixing permissions on IIS, see the Windows/IIS Installation Guide.

If you still run into a permissions error, you may need to increase the permissions to 775, or twiddle your user/group permissions on your server so that the web server (Apache, IIS, etc) can write to those directories.

❗️

IMPORTANT:

Make sure the Snipe-IT project directory is not owned by root. Your webserver should be running as your webserver’s user (often apache, nobody, or www-data). But never, ever root. Ever.

OPTIONAL: Set Your .htaccess to Redirect to SSL

If you are running Snipe-IT over HTTPS and wish to automatically redirect the user to the HTTPS version if they accidentally go to the HTTP version, uncomment the following lines from the public/.htaccess file:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

❗️

IMPORTANT:

If you are NOT running Snipe-IT over SSL and you enable this feature, your users will not be able to access the site. Only use this option if you are running Snipe-IT over SSL.


Did this page help you?