Configuration
This section is where you edit the Snipe-IT configuration file to reflect your own settings, such as your database credentials, mail server, preferred language, timezone, and so on. Some of the settings are optional, some are required.
Don't be intimidated by the length of this page. The configuration options are pretty straightforward, we just like to explain what each of them do. 😀
Your Environmental Config File
IMPORTANT!
Snipe-IT caches these variables for you to speed things up. If you make subsequent changes to this file, make sure you run
php artisan config:clear
to clear the compiled version to see your changes.
All system configuration variables are stored in a single .env
file in your project's root. To get started, copy over the .env.example
file to a new .env
file:
cp .env.example .env
NOTE:
Make sure there are no trailing spaces after the values you add in your
.env
file, as that can sometimes cause unexpected results, and any values that contain special characters like#
,$,
etc should be enclosed in quotes.
(Click here for information on renaming files that begin with a dot in Windows.)
When you first get started, your .env
file looks like this:
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=null
APP_TIMEZONE='UTC'
APP_LOCALE='en-US'
MAX_RESULTS=500
# --------------------------------------------
# REQUIRED: UPLOADED FILE STORAGE SETTINGS
# --------------------------------------------
PRIVATE_FILESYSTEM_DISK=local
PUBLIC_FILESYSTEM_DISK=local_public
# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci
# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_IS_PAAS=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null
DB_SSL_VERIFY_SERVER=null
# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
[email protected]
MAIL_FROM_NAME='Snipe-IT'
[email protected]
MAIL_REPLYTO_NAME='Snipe-IT'
MAIL_AUTO_EMBED_METHOD='attachment'
MAIL_TLS_VERIFY_PEER=true
# MAIL_ENCRYPTION is no longer supported. SymfonyMailer will use tls if it's
# advertised, and won't if it's not. If you want to use your mail server's IP but it's failing
# because of certificate errors, set MAIL_TLS_VERIFY_PEER-true
# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd
# --------------------------------------------
# OPTIONAL: BACKUP SETTINGS
# --------------------------------------------
MAIL_BACKUP_NOTIFICATION_DRIVER=null
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
BACKUP_ENV=true
ALLOW_BACKUP_DELETE=false
ALLOW_DATA_PURGE=false
# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_DRIVER=file
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=15
BS_TABLE_STORAGE=cookieStorage
BS_TABLE_DEEPLINK=true
# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
ALLOW_IFRAMING=false
REFERRER_POLICY=same-origin
ENABLE_CSP=false
ADDITIONAL_CSP_URLS=null
CORS_ALLOWED_ORIGINS=null
ENABLE_HSTS=false
# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
QUEUE_DRIVER=sync
CACHE_PREFIX=snipeit
# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT=null
# --------------------------------------------
# OPTIONAL: MEMCACHED SETTINGS
# --------------------------------------------
MEMCACHED_HOST=null
MEMCACHED_PORT=null
# --------------------------------------------
# OPTIONAL: PUBLIC S3 Settings
# --------------------------------------------
PUBLIC_AWS_SECRET_ACCESS_KEY=null
PUBLIC_AWS_ACCESS_KEY_ID=null
PUBLIC_AWS_DEFAULT_REGION=null
PUBLIC_AWS_BUCKET=null
PUBLIC_AWS_URL=null
PUBLIC_AWS_BUCKET_ROOT=null
# --------------------------------------------
# OPTIONAL: PRIVATE S3 Settings
# --------------------------------------------
PRIVATE_AWS_ACCESS_KEY_ID=null
PRIVATE_AWS_SECRET_ACCESS_KEY=null
PRIVATE_AWS_DEFAULT_REGION=null
PRIVATE_AWS_BUCKET=null
PRIVATE_AWS_URL=null
PRIVATE_AWS_BUCKET_ROOT=null
# --------------------------------------------
# OPTIONAL: AWS Settings
# --------------------------------------------
AWS_ACCESS_KEY_ID=null
AWS_SECRET_ACCESS_KEY=null
AWS_DEFAULT_REGION=null
# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60
LOGIN_AUTOCOMPLETE=false
# --------------------------------------------
# OPTIONAL: FORGOTTEN PASSWORD SETTINGS
# --------------------------------------------
RESET_PASSWORD_LINK_EXPIRES=15
PASSWORD_CONFIRM_TIMEOUT=10800
PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50
# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
LOG_CHANNEL=single
LOG_MAX_DAYS=10
APP_LOCKED=false
APP_CIPHER=AES-256-CBC
APP_FORCE_TLS=false
APP_ALLOW_INSECURE_HOSTS=false
GOOGLE_MAPS_API=
LDAP_MEM_LIM=500M
LDAP_TIME_LIM=600
IMPORT_TIME_LIMIT=600
IMPORT_MEMORY_LIMIT=500M
REPORT_TIME_LIMIT=12000
REQUIRE_SAML=false
API_THROTTLE_PER_MINUTE=120
CSV_ESCAPE_FORMULAS=true
LIVEWIRE_URL_PREFIX=null
# --------------------------------------------
# OPTIONAL: HASHING
# --------------------------------------------
HASHING_DRIVER='bcrypt'
BCRYPT_ROUNDS=10
ARGON_MEMORY=1024
ARGON_THREADS=2
ARGON_TIME=2
# --------------------------------------------
# OPTIONAL: SCIM
# --------------------------------------------
SCIM_TRACE=false
SCIM_STANDARDS_COMPLIANCE=false
We'll spend some time breaking down these options so you're clear on what should go where.
REQUIRED: Basic App Settings
The first part of your .env
file covers basic application settings.
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=http://ChangeMe
APP_TIMEZONE='America/Los_Angeles'
APP_LOCALE=en
MAX_RESULTS=500
Setting | Notes |
---|---|
APP_ENV | This should always be set to production unless you are a developer who is editing code within snipe-IT. |
APP_DEBUG | Setting this to true will turn on debugging in your Snipe-IT installation. This can be very useful for debugging, but should NEVER be left to true in a production environment. |
APP_KEY | This is a randomly generated key that your system will use to store encrypted data. It's best not to change this manually, but to run php artisan key:generate to create a new key that is the right length. (You'll complete this step after you Install Dependencies - See Step 5 in the installation overview.)Make sure you keep a backup of this value somewhere safe (password manager, etc). |
APP_URL | This is the url to your application, beginning with http:// or https:// (if you're running Snipe-IT over SSL). This should not have a trailing slash, should not be left as null , and you should not have public in the URL.Images and javascript will not load correctly if this is not set to EXACTLY the URL you access your Snipe-IT app from. |
APP_FORCE_TLS | Set to true to force https protocol during setup. |
APP_TIMEZONE | Set this to be the timezone you wish your Snipe-IT installation to use. This should use a PHP-supported timezone, and should be enclosed in single quotes. |
APP_LOCALE | Set this to reflect the abbreviation for the language you'd like to use for Snipe-IT. The default language is US English (en-US ), however we have additional language translations available, thanks to a great community of people helping us translate Snipe-IT |
MAX_RESULTS | Maximum number of results returned in paginated results. Default is 500. |
IMPORTANT:
Make sure you keep a backup of your
APP_KEY
somewhere safe.
Setting a Language
If you wish to use one of the other available languages, simply replace the default value of locale
from en-US
to one of the values listed below.
Language | Value |
---|---|
English (US) | en-US |
English (UK) | en-GB |
Afrikaans | af-ZA |
Arabic | ar-SA |
Bulgarian | bg-BG |
Catalan | ca-ES |
Chinese Simplified | zh-CN |
Chinese Traditional | zh-TW |
Croatian | hr-HR |
Czech | cs-CZ |
Danish | da-DK |
Dutch | nl-NL |
Estonian | et-EE |
Filipino | fil-PH |
Finnish | fi-FI |
French | fr-FR |
German | de-DE |
German (Informal) | de-if |
Greek | el-GR |
Hebrew | he-IL |
Hungarian | hu-HU |
Indonesian | id-ID |
English, Indonesia | en-ID |
Irish | ga-IE |
Italian | it-IT |
Japanese | ja-JP |
Korean | ko-KR |
Latvian | lv-LV |
Lithuanian | lt-LT |
Malay | ms-MY |
Maori | mi-NZ |
Mongolian | mn-MN |
Norwegian | no-NO |
Persian | fa-IR |
Polish | pl-PL |
Portuguese | pt-PT |
Portuguese, Brazilian | pt-BR |
Romanian | ro-RO |
Russian | ru-RU |
Spanish | es-ES |
Spanish, Colombia | es-CO |
Swedish | sv-SE |
Tamil | ta-IN |
Turkish | tr-TR |
Ukrainian | uk-UA |
Vietnamese | vi-VN |
Zulu | zu-ZA |
If you're interested in additional languages, or would like to help us translate some of the incomplete existing languages, please see the Translations page. Check out the Snipe-IT CrowdIn translation project here to see current translation progress and all available languages.
REQUIRED: Database Settings
The next section in the .env
asks you about your database settings:
# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/local/bin'
IMPORTANT:
You must create the database yourself if you did a manual installation (meaning you didn't use install.sh, or docker). Snipe-IT does not create the database or database users for you. Click here to learn more about creating a database and database user.
Setting | Notes |
---|---|
DB_CONNECTION | Leave this as mysql . Snipe-IT currently only supports MySQL/MariaDB. |
DB_HOST | The host for your database. On most installations, you can leave this as localhost . |
DB_DATABASE | The name of your Snipe-IT database. |
DB_USERNAME | The MySQL username you set up to access the database. |
DB_PASSWORD | Your database password for the user you specified above. |
DB_PREFIX | Only required if you wish to use a prefix for your database tables. (Most installations can leave this set to null .) |
DB_DUMP_PATH | Path to the directory that contains mysqldump on your machine. This should point to the directory, not the binary itself. This is often something like '/usr/bin' on linux systems.Windows users should use something like: 'C:\\PROGRA~1\\MARIAD~1.0\\bin' or 'C:\\PROGRA~1\\MARIAD~1.1\\bin' , depending your version (note the double-slashes).If you're not sure what the path is to mysqldump, linux users can run which mysqldump and Windows users can use cmd /c for %A in ("C:\Program Files\MariaDB 10.1\bin") do @echo %~sA via command line to reveal the path information. |
DB_SOCKET | Path to the unix socket if you are connecting via socket instead. This field is optional and should only be used if you are connecting via socket. |
DB_PORT | (Optional) If you wish to use a non-standard database port, specify it here. |
REQUIRED: Outgoing Mail Settings
Outgoing mail settings are required in order for your Snipe-IT installation to send email. If you do not configure your mail settings, users will not be able to request a password reset if they get locked out, your email alerts for expiring licenses and assets (etc) will not work, and you cannot use asset acceptance/EULA requirements on your system.
# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
[email protected]
MAIL_FROM_NAME=Snipe-IT
[email protected]
MAIL_REPLYTO_NAME=Snipe-IT
MAIL_AUTO_EMBED=true
MAIL_AUTO_EMBED_METHOD=base64
MAIL_TLS_VERIFY_PEER=false
When you've completed the configuration setup and get to the Pre-Flight & Setup page, you will be able to test yout mail settings.
Setting | Notes |
---|---|
MAIL_MAILER | Specify the driver you would like to use. On most installations, you can leave this as smtp . Other options include mail to use the system's PHP mail function, or sendmail if you wish to use your server's sendmail. If you do not wish to send any email from the system, you can set this to log . |
MAIL_HOST | Specify the hostname for your outgoing mail server. Keep in mind that this server must be accessible from the server you're running Snipe-IT on. |
MAIL_PORT | Set the port number that your mail server expects to send from. Some common port numbers are: - 25 for unencrypted connections- 587 for encrypted connections |
MAIL_USERNAME | Set the username of the authenticated user you'll be sending email as. |
MAIL_PASSWORD | Set the password for the authenticated user you'll be sending as. |
MAIL_FROM_ADDR | Specify an email address that is used globally for all e-mails that are sent by your application. |
MAIL_FROM_NAME | Specify the name that should show up in the recipient's inbox when they receive email from your Snipe-IT instance. |
MAIL_REPLYTO_ADDR | Specify the address that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_ADDR , but it is required. |
MAIL_REPLYTO_NAME | Specify the name that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_NAME , but it is required. |
MAIL_AUTO_EMBED | Whether or not to embed images in emails (via CID or base64) versus linking to them. This can be helpful when your Snipe-IT installation is behind a private network, as employees not currently logged into that network would show broken images. |
MAIL_AUTO_EMBED_METHOD | Method that should be used for attaching inline images. Options are attachment (for CID) or base64 . |
MAIL_TLS_VERIFY_PEER | Snipe-IT mail will use TLS if the server offers it, so if you're using a self-signed certificate or want to refer to your mailserver by a name that isn't in the certificate (like the IP address, set this to 0 or false.. |
If you are having an issue with mail sending, you can try setting MAIL_TLS_VERIFY_PEER=false
in your .env
file.
GoDaddy Email
If you're using GoDaddy for hosting, you will need to set your mail server to use relay-hosting.secureserver.net
on port 25
, with username
and password
left as null values. See the GoDaddy relay server documentation for more specifics.
Using Gmail
If you're using Gmail to send your emails, you'll want to use the settings below (in addition to filling out the from address and name in the config file):
driver | smtp |
host | smtp.gmail.com |
port | 587 |
username | your_gmail_username |
password | your_gmail_password |
Additionally, you may need to tweak a few settings in your Gmail account to handle Google's security that can kick in if Google doesn't recognize the system you're trying to access it through.
- Sign into the Gmail account in a browser
- Check if you have enabled the two-factor authentication. If it is enabled, disable it or use a special app password.
- Go here and enable access for "less secure" apps:
- Then go here and click Continue.
- If you're still getting errors, try this solution on StackOverflow.
(More info on sending email through Laravel and Gmail is available here, and more info on why Google makes you jump through these hoops is available here.)
If you're still having problems
If you don’t have easy access to a mail server (or you can't get your settings to work for some reason), we suggest signing up for Mandrill.
REQUIRED: Image Library Settings
GD Library or Imagemagick are required to generate barcodes for Snipe-IT, and to resize uploaded images associated with assets, asset models, etc. Specify which one you have available on your server.
# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd
OPTIONAL: Backup Settings
# --------------------------------------------
# OPTIONAL: BACKUP SETTINGS
# --------------------------------------------
MAIL_BACKUP_NOTIFICATION_DRIVER=null
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
BACKUP_ENV=true
ALLOW_BACKUP_DELETE=false
ALLOW_DATA_PURGE=false
Setting | Notes |
---|---|
MAIL_BACKUP_NOTIFICATION_DRIVER | This should usually be set to mail or null |
MAIL_BACKUP_NOTIFICATION_ADDRESS | Optional email address to send backup notifications to. |
BACKUP_ENV | Whether to backup your .env file |
ALLOW_BACKUP_DELETE | Enables the option to delete backups in the UI. These backups will normally rotate out, so there isn't usually a need to enable this. Defaults to false . |
ALLOW_DATA_PURGE | Enabled the option to purge deleted data in the UI. Defaults to false . |
OPTIONAL: Session Settings
These settings can usually be left as their defaults, however we'll walk through what each of the options do.
# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_DRIVER=file
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=15
BS_TABLE_STORAGE=cookieStorage
BS_TABLE_DEEPLINK=true
Setting | Notes |
---|---|
SESSION_DRIVER | The driver you wish to use for session handling. Supported: cookie , database , apc ,memcached , redis . Default is file . |
SESSION_LIFETIME | Specify the time in minutes that the session should remain valid. |
EXPIRE_ON_CLOSE | Specify whether or not the logged in session should be expired when the user closes their browser window. |
ENCRYPT | Specify whether you wish to use encrypted cookies for your Snipe-IT sessions. |
COOKIE_NAME | Unless you're running multiple instances of Snipe-IT, you should be able to leave this as the default. If you are running multiple Snipe-IT installs, you should probably set this to a unique name for each one so that your browser doesn't get sessions confused. |
COOKIE_DOMAIN | Specify what domain name Snipe-IT should honor cookies from. This provides enhanced security, and should be set to whatever the domain name is of your Snipe-IT installation if you choose to use it. If you are having problems logging into your Snipe-IT instance, check and make sure this setting is correct. |
SECURE_COOKIES | By setting this option to true , session cookies will only be sent back to the server if the browser has a HTTPS connection. This will keep the cookie from being sent to you if it can not be done securely. If you are not running your Snipe-IT over SSL, you should leave this as false . |
API_TOKEN_EXPIRATION_YEARS | This sets how long the API tokens should be valid for. The default is 40 years if no value is given, however if you're running 32-bit PHP, you should manually set this to something lower like 15 years, otherwise you may get a 401 Unauthorized error on API requests. |
BS_TABLE_STORAGE | This allows you to configure whether you want to use local storage or cookies to remember which columns you have shown/hidden in the list views. Options are cookieStorage or localStorage , and the default setting is cookieStorage . If you run into an issue where the browser returns a "cookie size too large" error, switching this to localStorage can help. |
BS_TABLE_DEEPLINK | This enables "deep linking" to search results on listings pages. Disable this by setting it to false in the event it is interfering with your workflow. |
IMPORTANT:
If you are NOT running Snipe-IT over SSL and you enable
SECURE_COOKIES
, your users will not be able to login to the site. Only use this option if you are running Snipe-IT over SSL.
Optional: Cache Settings
# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
QUEUE_DRIVER=sync
CACHE_PREFIX=snipeit
Setting | Default Value | Notes |
---|---|---|
CACHE_DRIVER | file | The driver you wish to use for caching. This is usually file . Supported drivers: apc , database , memcached , redis , dynamodb , null . |
QUEUE_DRIVER | sync | This is not currently used by Snipe-IT and can be left as-is |
CACHE_PREFIX | When utilizing a RAM based store such as APC or Memcached, there might be other applications utilizing the same cache. So, we'll specify a value to get prefixed to all our keys so we can avoid collisions. |
Optional: Login Throttling
Snipe-IT utilizes brute force prevention to prevent attackers from attempting to brute-force logins to your installation. There is no way to disable brute force prevention, but you can configure the maximum allowed attempts and the duration a user is locked out when they exceed that number.
Setting | Default Value | Notes |
---|---|---|
LOGIN_MAX_ATTEMPTS | 5 | The maximum number of failed attempts allowed before the user is throttled. |
LOGIN_LOCKOUT_DURATION | 60 | The duration (in seconds) that the user should be blocked from attempting to authenticate again. |
Optional: Amazon S3 Settings
These should be used if you wish to store your file uploads on Amazon S3. All of the fields below are required if you want to use this option.
# --------------------------------------------
# OPTIONAL: PUBLIC S3 Settings
# --------------------------------------------
PUBLIC_AWS_SECRET_ACCESS_KEY=null
PUBLIC_AWS_ACCESS_KEY_ID=null
PUBLIC_AWS_DEFAULT_REGION=null
PUBLIC_AWS_BUCKET=null
PUBLIC_AWS_URL=null
PUBLIC_AWS_BUCKET_ROOT=null
# --------------------------------------------
# OPTIONAL: PRIVATE S3 Settings
# --------------------------------------------
PRIVATE_AWS_ACCESS_KEY_ID=null
PRIVATE_AWS_SECRET_ACCESS_KEY=null
PRIVATE_AWS_DEFAULT_REGION=null
PRIVATE_AWS_BUCKET=null
PRIVATE_AWS_URL=null
PRIVATE_AWS_BUCKET_ROOT=null
Optional: AWS SES Settings
If you want to use Amazon's Simple Email Service instead of regular SMTP, you can fill out the settings below in your .env
instead of the settings in the mail section.
# --------------------------------------------
# OPTIONAL: AWS SES Settings
# --------------------------------------------
AWS_ACCESS_KEY_ID=null
AWS_SECRET_ACCESS_KEY=null
AWS_DEFAULT_REGION=null
Optional: Misc
Setting | Default Value | Notes |
---|---|---|
LOG | single | Whether to use a single log file, or multiple date-based log files for your app error logs. Set to daily for logs broken down into daily files. |
APP_LOG_MAX_FILES | 10 | Max number of daily app log files to retain. |
LOG_LEVEL | warning | Level of logging that should be sent to the storage/logs/laravel.log file. |
FILESYSTEM_DISK | local | Snipe-IT only supports local disks at this time, so this setting should be left as is. |
APP_TRUSTED_PROXIES | 192.168.1.1,10.0.0.1 | Enter your host IP address if you use a reverse proxy. |
ALLOW_IFRAMING | false | Set this to true if you need to run Snipe-IT within an iframe. This is an uncommon scenario, so you can leave this out or set it to false in most cases. |
APP_ALLOW_INSECURE_HOSTS | false | Set this to this to true ONLY if you if you can’t make your APP_URL match the actual URL of your application, and your hosting environment is secure and not accessible to the outside world. (This can be useful in some situations where proxies are used.) |
APP_CIPHER | AES-256-CBC | You should not change this unless you know what you're doing. |
GOOGLE_MAPS_API | Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages. For more information on setting this up, see our common issues. | |
BACKUP_ENV | true | Set this to true if you wish to backup your .env file in your Admin > Backups process. Set it to false to disable backing up .env files. |
LDAP_MEM_LIM | 500M | Memory limit for LDAP execution |
LDAP_TIME_LIM | 600 | Time limit for LDAP execution |
ENABLE_HSTS | false | HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. The HSTS Policy is communicated by the server to the user agent via an HTTPS response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion. Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site. |
REQUIRE_SAML | false | Force SAML logins only and disable local login |
ENABLE_CSP | false | This will enable the CSP headers for additional security. |
ADDITIONAL_CSP_URLS | false | If you're using an outside server to host your images for the image or avatar fields, you'll need to add the URL where they are hosted to this config variable or else the Content Security Policy will prevent them from loading. |
LIVEWIRE_URL_PREFIX | false | Make sure to set this value if you are running Snipe-IT in a subdirectory, to allow certain javascript files to load properly, example: LIVEWIRE_URL_PREFIX=/snipeit |
CSV_ESCAPE_FORMULAS | false | Determines whether to escape CSVs values on exporting custom reports. |
REQUIRED: Set Directory Permissions
You’ll need to make sure that the storage
directory and its subdirectories, as well as the uploads
directory within public
are writable by your web server, since caches, log files, and uploaded files get written there.
The easiest way to handle permissions is to have your non-privileged user that owns your snipe-it project root set as belonging to the same group that the web server runs as.
useradd -g apache snipeit
The above creates a new linux user snipeit
and adds them to the apache
group. This is just an example though, and if you have experience running web servers, you probably already know how to manage this.
For more info on linux users and groups, click here.
You should use the minimum permissions available for writing, based on how you’ve got your web server configured.
chown -R snipeit storage public/uploads bootstrap/cache
Next, you'll want to ensure that this user has write permissions to those directories.
On Linux/OS X, you would do something like this:
chmod -R 775 storage
chmod -R 775 public/uploads
chmod -R 775 bootstrap/cache
For help fixing permissions on IIS, see the Windows/IIS Installation Guide.
If you still run into a permissions error, you may need to increase the permissions to 775, or twiddle your user/group permissions on your server so that the web server (Apache, IIS, etc) can write to those directories.
IMPORTANT:
Make sure the Snipe-IT project directory is not owned by root. Your webserver should be running as your webserver’s user (often apache, nobody, or www-data). But never, ever root. Ever.
OPTIONAL: Set Your .htaccess to Redirect to SSL
If you are running Snipe-IT over HTTPS and wish to automatically redirect the user to the HTTPS version if they accidentally go to the HTTP version, uncomment the following lines from the public/.htaccess
file:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
IMPORTANT:
If you are NOT running Snipe-IT over SSL and you enable this feature, your users will not be able to access the site. Only use this option if you are running Snipe-IT over SSL.
Updated 5 months ago