Snipe-IT is an open-source asset management system that empowers IT departments and organisations to manage their asset assignments and tracking through a powerful and practical user interface. It's time to say goodbye to missing assets, complicated spreadsheets and inefficient workflows. Snipe-IT has grown into one of the best asset management systems since its launch in 2013 and is still actively developed with new releases every few weeks.
Amazon Web Services (AWS) offers a wide variety of services that provide on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis. In this guide, we will be using the Elastic Compute Cloud (EC2) service. EC2 allows users to rent virtual computers on which to run their computer applications.
Please Note: If you are a new AWS customer, you receive 12 months of free tier usage. For EC2 this includes 750 computing hours per month. The webserver deployed in this guide is free tier eligible. You can learn more about the AWS free tier here.
- 1 Launching an EC2 Instance
- 2 Configuring Security Group (DO NOT SKIP)
- 3 Allocating Elastic IP
- 4 Connecting through SSH
- 5 Installing LAMP Stack (Linux, Apache, MySQL & PHP)
- 6 Enable Apache Rewrite Module
- 7 Install Composer
- 8 Create MySQL Database
- 9 Download & Configure Snipe-IT
- 10 Set Directory Permissions
- 11 Install Unzip
- 12 Install Dependencies
- 13 Generate App Key
- 14 Create Apache Site
- 15 Snipe-IT Pre-Flight
- 16 SSL & FQDN Configuration
- AWS Account (sign up here - account activation can take up to 24 hours)
- SSH Client (options include Terminal on macOS and PuTTY on Windows)
Head over to the AWS Console and sign in.
Once you've signed into the console, change the AWS Region in the top right to the most appropriate region for your location.
Then click on Services in the top left and select EC2 under Compute.
In the EC2 Dashboard, click on Launch Instance.
Ubuntu Server 20.04 LTS x86 architecture
This is where you select an Amazon Machine Image (AMI). An AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance.
Make sure to select Ubuntu Server 20.04 LTS with the x86 architecture. This guide is for that specific AMI.
t2.micro
This is where you select the instance type. EC2 provides a wide selection of instance types optimised to fit different use cases. Instances are virtual servers that can run applications. They have varying combinations of CPU, memory, storage, and networking capacity, and give you the flexibility to choose the appropriate mix of resources for your applications. You can view the EC2 pricing for each instance type here and you can learn more about EC2 instance types here.
t2.micro is free tier eligible and sufficient for a Snipe-IT deployment. You can change the instance type later down the road if you find that your instance is over-utilised (instance type is too small) or under-utilised (instance type is too large - unlikely to be the case). If you need to resize your instance, please thoroughly read through this section of the EC2 documentation. There are requirements and compatibility factors that need to be considered.
Select t2.micro then click on Next: Configure Instance Details.
This is where you configure the instance to suit your requirements.
| Option | Value |
|---|---|
| Number of instances | 1 |
| Purchasing option | False |
| Network | Default VPC |
| Subnet | No preference |
| Auto Assign Public IP | Use subnet setting (Enable) |
| Placement Group | False |
| Capacity Reservation | Open |
| Domain join directory | No directory |
| IAM Role | None |
| Shutdown Behaviour | Stop |
| Stop - Hibernate behaviour | False |
| Enable Termination Protection | True |
| Monitoring | False |
| Tenancy | Shared |
| Credit specification | False |
| File systems | Don't touch |
| All Advanced Details | Don't touch |
Click on Next: Add Storage.
This is where you configure your instance's storage settings.
| Size (GiB) | Volume Type | Delete on Termination | Encryption |
|---|---|---|---|
30 |
General Purpose SSD (gp2) |
Personal preference (I usually set this to True) |
Not Encrypted |
Please Note: EBS volumes persist independently from the running life of an EC2 instance. However, you can choose to automatically delete an EBS volume when the associated instance is terminated.
Click on Next: Add Tags.
This is where you configure your instance name. Make sure to change Value to the desired name of your instance.
| Key | Value | Instances | Volumes | Network Interfaces |
|---|---|---|---|---|
Name |
YOUR SERVER NAME HERE | True |
True |
True |
Example Instance Name: Snipe-IT Webserver
Click on Next: Configure Security Group.
This is where you configure network traffic by adding rules. A security group is a set of firewall rules that control the traffic for your instance. On this page, you can add rules to allow specific traffic to reach your instance.
IMPORTANT: As this page only allows us to configure the inbound rules, we are going to create a new security group AFTER the instance has been launched. This way we can configure both the inbound and outbound rules at the same time.
So for now:
| Option | Value |
|---|---|
| Assign a Security Group | Select an existing security group |
| Security Group Name | default (default VPC security group) |
DO NOT SKIP THE SECURITY GROUP CONFIGURATION AFTER THE INSTANCE HAS LAUNCHED. THIS IS EXTREMELY IMPORTANT FOR THE SECURITY OF YOUR WEB SERVER AND EC2 INSTANCE.
Click on Review and Launch.
This is where you review the instance's launch details. Double-check everything is correct and fix any errors. Once the instance's launch details have been checked, click Launch to assign a key pair. Make sure to change the Key pair name to the desired name of your key pair.
| Option | Value |
|---|---|
| Key pair function | Create a new key pair |
| Key pair type | RSA |
| Key pair name | YOUR KEY PAIR NAME HERE |
Example Key Pair Name: snipe-it
MAKE SURE TO DOWNLOAD YOUR KEY PAIR AND STORE IT IN A SECURE AND ACCESSIBLE LOCATION. YOU CANNOT DOWNLOAD THE .PEM FILE AFTER THE KEY HAS BEEN CREATED. IF YOU LOSE THE KEY, YOU WILL NOT BE ABLE TO ACCESS THE BACKEND OF YOUR INSTANCE. STORE A COPY OF THE KEY LOCALLY, ON A BACKUP DISK AND IN THE CLOUD.
Click on Launch Instances then View Instances.
The instance will now be pending while it is created. When ready, the state will update to running.
Under the Network & Security section in the navigation pane, select Security Groups.
In the top right, select Create security group.
Make sure to change the Security Group Name and Description.
Please Note: The Security Group Name cannot be changed after creation.
| Option | Value |
|---|---|
| Security Group Name | YOUR SECURITY GROUP NAME HERE |
| Description | YOUR SECURITY GROUP DESCRIPTION HERE |
| VPC | Don't touch |
Example Security Group Name: snipe-it
Example Description: snipe-it webserver security group
| Type | Protocol | Port Range | Source Selection | Source Input | Description |
|---|---|---|---|---|---|
SSH |
TCP |
22 |
My IP |
YOUR PUBLIC IPV4 ADDRESS AUTOFILLED | Allows SSH access for server admin |
HTTP |
TCP |
80 |
Anywhere IPv4 |
0.0.0.0/0 |
Apache (normal, unencrypted web traffic) |
HTTPS |
TCP |
443 |
Anywhere IPv4 |
0.0.0.0/0 |
Apache (TLS/SSL encrypted traffic) |
| Type | Protocol | Port Range | Destination Selection | Destination Input | Description |
|---|---|---|---|---|---|
SSH |
TCP |
22 |
My IP |
YOUR PUBLIC IPV4 ADDRESS AUTOFILLED | Allows SSH access for server admin |
HTTP |
TCP |
80 |
Anywhere IPv4 |
0.0.0.0/0 |
Apache (normal, unencrypted web traffic) |
HTTPS |
TCP |
443 |
Anywhere IPv4 |
0.0.0.0/0 |
Apache (TLS/SSL encrypted traffic) |
Custom TCP |
TCP |
587 |
Anywhere IPv4 |
0.0.0.0/0 |
Snipe-IT Outgoing SMTP Port for **Gmail** (encrypted) |
| Key | Value |
|---|---|
Name |
YOUR SECURITY GROUP NAME HERE |
Example Security Group Name: Snipe-IT Webserver
Click on Create security group.
Now we need to change the associated security group for the instance.
Head over to Instances and select your Snipe-IT instance. Go to Actions > Security > Change security group.
Select the security group we just created, add the security group to the association, remove the default security group from the association and save the changes.
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account.
An Elastic IP address doesn’t incur charges as long as all the following conditions are true:
- The Elastic IP address is associated with an EC2 instance.
- The instance associated with the Elastic IP address is running.
- The instance has only one Elastic IP address attached to it.
- The Elastic IP address is associated with an attached network interface, such as a Network Load Balancer or NAT gateway.
You're charged by the hour for each Elastic IP address that doesn't meet these conditions. For pricing information, see Elastic IP addresses on the Amazon EC2 pricing page.
Select Elastic IPs under Network & Security in the navigation pane.
Click on Allocate Elastic IP address.
| Option | Value |
|---|---|
| Public IPv4 address pool | Amazon's pool of IPv4 addresses |
| Key | Value |
|---|---|
Name |
YOUR ELASTIC IP NAME HERE |
Example Elastic IP Name: Snipe-IT Webserver
Select Allocate.
The Elastic address has now been provisioned to your AWS account and is ready to be associated with the Snipe-IT instance.
Go to Actions > Associate Elastic IP address.
Select Instance as the resource type, then Choose the instance we created, as well as the matching private IP address. Then select Associate to confirm the association.
Please refer to this guide from the EC2 documentation to connect to the instance using SSH.
- macOS and Linux most likely includes an SSH client by default.
- For Windows, download PuTTY.
Please Note:
- The user will be ubuntu@public_dns_name.
- You can obtain the public DNS from the instance details pane (Select instance and check details) or connection window (Select Instance > Connect > SSH client - Step 4).
Once you've connected to the EC2 instance using SSH, remain logged in as the Ubuntu user. DO NOT ESCALATE TO ROOT!
Let's start by updating the package lists to obtain any new versions of packages/dependencies and subsequently fetch these new versions.
ubuntu@private_IPv4_address:~$ sudo apt update && sudo apt upgrade -y
AGAIN, REMAIN LOGGED IN AS THE UBUNTU USER. DO NOT ESCALATE TO ROOT. All commands from this point onwards are performed by the Ubuntu user.
Too easy! That's "L" taken care of.
Time to move onto "A". Let's install Apache.
$ sudo apt install apache2 -y
Visit the public IPv4 address of your EC2 instance in your browser. Make sure to view this page with http NOT https.
- http://YOUR-PUBLIC-IPV4-ADDRESS-HERE
The default Apache2 Ubuntu page should be displayed:
2/4 done!
"M" for MySQL. Let's install it.
$ sudo apt install mysql-server -y
Secure the MySQL installation with the following command.
$ sudo mysql_secure_installation
IMPORTANT: Make sure you set a strong and secure password for the database server root account.
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security.
It checks the strength of passwords and allows the users to set only those passwords
which are secure enough. Would you like to set up VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: y
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1
Please set the password for root here.
New password: *YOUR-MYSQL-ROOT-PASSWORD-HERE*
Re-enter new password: *CONFIRM-YOUR-MYSQL-ROOT-PASSWORD-HERE*
Estimated strength of the password: #
Do you wish to continue with the password provided? (Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user, allowing anyone to log into
MySQL without having to have a user account created for them. This is intended only
for testing, and to make the installation go a bit smoother. You should remove them
before moving into a production environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Normally, root should only be allowed to connect from 'localhost'. This ensures that
someone cannot guess the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
By default, MySQL comes with a database named 'test' that anyone can access. This is also
intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!
Time to install the last component of the LAMP stack, PHP.
First, we'll install the PHP package.
$ sudo apt install php -y
And then the PHP extensions required by Snipe-IT.
$ sudo apt install -y php-{opcache,pdo,bcmath,bz2,calendar,ctype,exif,ffi,fileinfo,ftp,gd,iconv,intl,json,mbstring,mysqli,phar,posix,readline,shmop,sockets,sysvmsg,sysvsem,sysvshm,tokenizer,zip,curl,ldap}
Verify the installation of the PHP extensions.
$ sudo php -m
To confirm PHP is working, we'll create a PHP information file in the root directory of the webserver.
$ sudo nano /var/www/html/info.php
Paste the following lines into the file.
<?php
phpinfo();
Write out the file with CTRL + O, Enter and then close with CTRL + X.
Then restart Apache to load PHP.
$ sudo systemctl restart apache2
Visit the php file we just created. Make sure to view this page with http NOT https.
- http://YOUR-PUBLIC-IPV4-ADDRESS-HERE/info.php
The following page should be displayed.
The mod_rewrite module uses a rule-based rewriting engine, based on a PCRE regular-expression parser, to rewrite requested URLs on the fly.
$ sudo a2enmod rewrite
$ sudo systemctl restart apache2
Navigate to the home directory of the Ubuntu user.
$ cd ~
Download the Composer installer.
$ curl -sS https://getcomposer.org/installer | php
Move composer.phar to /usr/local/bin/
$ sudo mv composer.phar /usr/local/bin/composer
Log in to the MySQL database server as the root user.
$ sudo mysql -u root -p
Enter the root password of the MySQL database server. This was configured when securing the MySQL server installation.
Create the database.
mysql> CREATE DATABASE snipeit;
Verify the database was created.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| snipeit |
| sys |
+--------------------+
Create a non-root MySQL user. Make sure you set a strong and secure password. The password validation policy will enforce this.
mysql> CREATE USER 'snipe'@'localhost' IDENTIFIED WITH mysql_native_password BY '*YOUR-MYSQL-USER-PASSWORD-HERE*';
Assign the snipe user full access to the snipeit database and reloads the grant tables.
mysql> GRANT ALL PRIVILEGES ON snipeit.* TO 'snipe'@'localhost';
mysql> FLUSH PRIVILEGES;
Exit MySQL database server.
mysql> exit
Navigate to the root directory of the webserver.
$ cd /var/www/
Git clone the latest Snipe-IT repository from GitHub. This will clone the repo into a snipe-it directory.
$ sudo git clone https://github.com/snipe/snipe-it snipe-it
Navigate the newly created snipe-it directory.
$ cd snipe-it/
All system configuration variables are stored in a single .env file in the Snipe-IT project root directory. To get started with the configuration, copy over the .env.example file to a new .env file.
$ sudo cp .env.example .env
Edit the configuration file.
$ sudo nano .env
Reference the configuration page on the Snipe-IT documentation for a breakdown of each configuration parameter.
APP_ENV=production
APP_DEBUG=false
APP_KEY will be generated later.
APP_URL is the public IPv4 address of your EC2 instance. Make sure it starts with http:// at this point. Later on, we'll be changing this to https:// (when configuring SSL) and an FQDN (if you want to use one).
APP_TIMEZONE is the timezone of your location. See the list of PHP supported timezones. Make sure to enclose the timezone in single quotation marks.
APP_LOCALE is the application language. See the list of support languages.
Example:
APP_URL=http://123.123.123.123
APP_TIMEZONE='Australia/Sydney'
APP_LOCALE=en
These parameters can remain untouched.
IMPORTANT: MAKE SURE THE DB_PASSWORD IS ENCLOSED IN SINGLE QUOTATION MARKS.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_DATABASE=snipeit
DB_USERNAME=snipe
DB_PASSWORD='*YOUR-MYSQL-USER-PASSWORD-HERE*'
The remaining database parameters can remain untouched.
By default, MySQL is configured to only accept local connections. As we aren't hosting the MySQL database on a remote server, it isn't necessary to configure SSL for MySQL (Source: Digital Ocean 2019).
Please Note: The mail host and mail port are configured for Gmail. If you are using a different email provider, please change the host and port as required. If the mail port is not 587 you will also need to update the outbound rule in the EC2 Security Group associated with your instance.
For Google Accounts with Two Factor Authentication (2FA) enabled, you will need to create an app password. See this guide.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=*YOUR-GMAIL-USERNAME-HERE*
MAIL_PASSWORD=*YOUR-GMAIL-PASSWORD*
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDR=*YOUR-GMAIL-USERNAME-HERE*
MAIL_FROM_NAME='Snipe-IT'
MAIL_REPLYTO_ADDR=*YOUR-GMAIL-USERNAME-HERE*
MAIL_REPLYTO_NAME='Snipe-IT'
MAIL_AUTO_EMBED_METHOD='attachment'
IMAGE_LIB=gd
MAIL_BACKUP_NOTIFICATION_DRIVER=smtp
MAIL_BACKUP_NOTIFICATION_ADDRESS=*YOUR-GMAIL-USERNAME-HERE*
BACKUP_ENV=true
SESSION_LIFETIME=60
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=15
When configuring SSL, we'll be changing the ENCRYPT, COOKIE_DOMAIN and SECURE_COOKIES parameters.
All remaining parameters are optional and can remain untouched unless you wish to configure them.
Write out the file with CTRL + O, Enter and then close with CTRL + X.
We're going to change the ownership of the Snipe-IT project root directory to the Ubuntu user.
$ sudo chown -R ubuntu:ubuntu /var/www/snipe-it
Make sure you are in the Snipe-IT project root directory of /var/www/snipe-it.
$ pwd
/var/www/snipe-it
Similarly, we're now going to change the ownership of the storage and public/upload directories to the web server user www-data.
$ sudo chown -R www-data:www-data storage public/uploads
Then we're going to update the permissions of the storage and public/uploads directories.
$ sudo chmod 755 storage
$ sudo chmod 755 public/uploads
To avoid unpacking files using the PHP zip extension, install unzip.
$ sudo apt install unzip -y
Make sure you are in the Snipe-IT project root directory of /var/www/snipe-it.
$ pwd
/var/www/snipe-it
I NEED TO MAKE THIS EXPLICITLY CLEAR. DO NOT EVER RUN COMPOSER AS A SUPERUSER OR WITH ESCALATED SUDO PRIVILEGES. EVERY OTHER SNIPE-IT INSTALLATION TUTORIAL HAS RAN THE FOLLOWING COMMAND WITH ROOT OR ESCALATED SUDO PRIVILEGES. DON'T DO IT. IT WILL BREAK PERMISSIONS AND OWNERSHIP OF FILES THAT WILL BE DIFFICULT TO DEBUG LATER. THE ADVICE FROM SNIPE-IT AND COMPOSER IS NOT TO RUN COMPOSER WITH ROOT OR ESCALATED SUDO PRIVILEGES, ESPECIALLY AS THIS IS A PRODUCTION ENVIRONMENT. THEY ARE TRYING TO PROTECT YOU, LISTEN TO THEM.
Run the following (DO NOT TYPE SUDO)
$ composer install --no-dev --prefer-source
Wait patiently for composer to download the dependencies into the cache and subsequently install them.
$ sudo php artisan key:generate
**************************************
* Application In Production! *
**************************************
Do you really wish to run this command? (yes/no) [no]:
> yes
IMPORTANT: Make sure you keep a copy of your APP_KEY in a safe place, for example, a secure password manager. This key is required to decrypt any encrypted fields in the database.
$ cat .env
ONCE YOU HAVE OBTAINED AND SAVED YOUR APP KEY, DO NOT SHARE IT WITH ANYONE.
Firstly, disable the default Apache Site configuration file.
$ sudo a2dissite 000-default.conf
Next up we are going to create a new Apache Site. If you plan on using a fully qualified domain name (FQDN) then use it here. If you don't have an FQDN, you can call this configuration file something like snipe-it.conf.
Example FQDN: snipeit.github.com.conf.
$ sudo nano /etc/apache2/sites-available/snipeit.*YOUR-DOMAIN-NAME*.com.conf
Add the following site contents. Make sure the directories reflect your installation, but if you've been following along with this guide exactly, the directories are already set and ready to go.
Make sure to change the ServerName to the public IPv4 address of your EC2 instance. If you are using an FQDN, keep the Redirect permanent line commented out for now. If you aren't using an FQDN, you can completely ignore the Redirect permanent line or even delete it.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
<Directory /var/www/snipe-it/public>
Require all granted
AllowOverride All
</Directory>
DocumentRoot /var/www/snipe-it/public
ServerName *YOUR-PUBLIC-IPV4-ADDRESS-HERE*
#Redirect permanent / https://snipeit.*YOUR-DOMAIN-NAME*.com/
ErrorLog /var/log/apache2/snipeit.error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
Write out the file with CTRL + O, Enter and then close with CTRL + X.
Enable the new Apache Site.
$ sudo a2ensite snipeit.*YOUR-DOMAIN-NAME*.com.conf
For our Github FQDN example, this would look something like this:
$ sudo a2ensite snipeit.github.com.conf
And for our non-FQDN example, this would look something like this:
$ sudo a2ensite snipeit.conf
Restart the Apache service.
$ sudo systemctl restart apache2
Check the status of the Apache service.
$ sudo systemctl status apache2
Active: active (running)
Visit the public IPv4 address of your EC2 instance in your browser. Make sure to view this page with http NOT https.
- http://YOUR-PUBLIC-IPV4-ADDRESS-HERE
You should be presented with the Snipe-IT Pre-Flight. All of the settings should return valid if you have followed this guide correctly. Test the outgoing mail server by clicking Send Test. You should receive an email from yourself.
You can now continue with the Snipe-IT setup.
An A or Address record (also known as a host record) links a domain to the physical IP address of a computer hosting that domain's services.
In the DNS settings of your domain, create a new A record. Make sure to update the domain name and public IPv4 address to match your own.
| Host Name | Type | TTL | Destination/Data |
|---|---|---|---|
snipeit.YOUR-DOMAIN-NAME.com |
A |
3600 (1 hour) |
YOUR-PUBLIC-IPV4-ADDRESS-HERE |
If you need assistance creating an A record for your particular domain registrar, reference the support documentation.
We're quickly going to update the APP_URL in the .env file.
Navigate to the project directory.
$ cd /var/www/snipe-it
Open the .env file.
$ sudo nano .env
Update the APP_URL. Make sure to update the domain name to match your own. Also make sure type http NOT https.
APP_URL=http://snipeit.*YOUR-DOMAIN-NAME*.com
Write out the file with CTRL + O, Enter and then close with CTRL + X.
Clear the compiled version of the .env file.
$ php artisan config:clear
Restart the Apache service.
$ sudo systemctl restart apache2
Check the status of the Apache service.
$ sudo systemctl status apache2
Active: active (running)
Now you should be able to navigate to http://snipeit.*YOUR-DOMAIN-NAME*.com. Make sure to view this page with http NOT https.
Time to get that desired padlock with https.
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS (Source: Cerbot 2021).
snapd is pre-installed on Ubuntu 20.04, so we only have to ensure that the latest version is installed.
$ sudo snap install core; sudo snap refresh core
$ sudo apt-get remove certbot
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step (Source: Cerbot 2021).
$ sudo certbot --apache
$ sudo nano /etc/apache2/sites-available/snipeit.*YOUR-DOMAIN-NAME*.com.conf
Uncomment the Redirect permanent line by removing the #. Make sure to update the domain name to match your own.
Redirect permanent / https://snipeit.*YOUR-DOMAIN-NAME*.com/
Write out the file with CTRL + O, Enter and then close with CTRL + X.
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again unless you change your configuration (Source: Cerbot 2021).
$ sudo certbot renew --dry-run
Navigate to the project directory.
$ cd /var/www/snipe-it
Open the .env file.
$ sudo nano .env
Update the following parameters to match. Make sure to update the domain name to match your own.
APP_URL=https://snipeit.*YOUR-DOMAIN-NAME*.com
ENCRYPT=true
COOKIE_DOMAIN='snipeit.*YOUR-DOMAIN-NAME*.com'
SECURE_COOKIES=true
Write out the file with CTRL + O, Enter and then close with CTRL + X.
Clear the compiled version of the .env file.
$ php artisan config:clear
Make sure to update the domain name to match your own.
$ sudo hostnamectl set-hostname snipeit.*YOUR-DOMAIN-NAME*.com
Reboot the server.
$ sudo reboot
When connecting with SSH, you can now use ubuntu@snipeit.*YOUR-DOMAIN-NAME*.com instead of the AWS public IPv4 DNS.
Restart the Apache service.
$ sudo systemctl restart apache2
Check the status of the Apache service.
$ sudo systemctl status apache2
Active: active (running)
Navigate to https://snipeit.*YOUR-DOMAIN-NAME*.com.
Woo! If everything is working correctly, you should be able to see the padlock icon in the URL bar of your browser.
If you navigate to http://snipeit.*YOUR-DOMAIN-NAME*.com you should be automatically redirected to the https version.