SnipeIT: Update config from IP to Domain and set up SSL with or without reverse proxy.

[michelroegl-brunner]

To change how SnipeIT is reachable you need to change two files.

The first one you need to alter is the nginx config file.
vim /etc/nginx/conf.d/snipeit.conf

Here you need to change the value server_name. Change snipeit.example.com to your domain name.
server_name snipeit.example.com

The second file you need to change is the SnipeIT Webapp config.
vim nano /opt/snipe-it/.env

Here you need to change the value **APP_URL". Change http://snipeit.exampel.com to your domain name.
APP_URL=http://snipeit.example.com

This are alle the changes needed for HTTP.

For HTTPS with reverse Proxy you need to set proxy_set_header X-Forwarded-Proto $scheme; (NGINX) or RequestHeader set X-Forwarded-Proto "https" (APACHE) at you proxy config. Below as an exmple are the settings for Nginx Proxy Manager

And in the SnipeIT Webapp config you need to set APP_TRUSTED_PROXIES to the IP-Address of your proxy.
vim nano /opt/snipe-it/.env

To get HTTPS working without reverse proxy you need to change the nginx config file.
And again change the server_name from snipeit.exampe.com to your own domain.

vim /etc/nginx/conf.d/snipeit.conf

Replace all content with:

server {
    listen 80;
    server_name snipeit.example.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl;
    server_name snipeit.exampe.com;
    ssl_certificate /path/to/your.crt;
    ssl_certificate_key /path/to/your.key;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
    ssl_session_timeout 5m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    root /opt/snipe-it/public/;
    index index.php index.html index.htm;
    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
    location ~ \.php$ {
        try_files $uri $uri/ =404;
        fastcgi_pass unix:/var/run/php8.2-fpm-www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

[ismaelster]

Hello Michel, thank you for the post-installation guide. I have followed it completely but I have a problem when using Nginx Proxy Manager:

I have correctly created the A record in my domain manager.
In the .env file: app_url I have the complete application address: http://192.168.x.x and in the snipeit.conf file: server_name I also have the complete application address: http://192.168.x.x
I have added the IP of my Nginx Proxy Manager in the .env file: app_trusted_proxies: 192.168.x.x
I have added in my Nginx Proxy Manager, as you indicate, the line proxy_set_header X-Forwarded-Proto $forward_scheme;
But unfortunately, I can access the application locally via the IP 192.168.x.x but not through the domain snipeit.domain.com.

What am I missing?

[ismaelster]

I forgot to attach the message I receive when I try to connect via https

[dajmlj812]

I am getting the same.

[dajmlj812]

Nevermind. Fixed it by updating to https://...

[ismaelster]

Hi, I see that is it working for you, I tried several things before without no lucky, but today tried a different thing, I made a dnslookup with the domain and I see 2 ips, one for the nginx proxy manager thas was setup in .env and another ip from the web server (hosting), I have write this ip in the .env and works!

so, I dont know if this tip could be helpfully for another people :)