From dacb3c74fbd39f5e7ef62289d032b24e848f3839 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 5 Feb 2025 15:49:45 +0100 Subject: [PATCH] Finalized Snipe IT role. SAML Support still missing --- roles/docker-snipe_it/README.md | 49 +++++++++++++++++-- roles/docker-snipe_it/templates/env.j2 | 8 +-- roles/docker-snipe_it/vars/main.yml | 3 +- .../templates/proxy_pass.conf.j2 | 2 +- 4 files changed, 52 insertions(+), 10 deletions(-) diff --git a/roles/docker-snipe_it/README.md b/roles/docker-snipe_it/README.md index e113431a..f004fcba 100644 --- a/roles/docker-snipe_it/README.md +++ b/roles/docker-snipe_it/README.md @@ -1,6 +1,47 @@ +# CyMaIS Role -## more -- https://github.com/snipe/snipe-it -- https://snipeitapp.com/ +🚀 **CyMaIS** - Centralized Management and Integration System for **[Snipe-IT](https://github.com/snipe/snipe-it)** + +## About 📖 +This role provides an automated deployment and configuration for **Snipe-IT**, an open-source asset management system. It leverages **Docker Compose**, **Ansible**, and **centralized database integration** to streamline deployment and maintenance. + +👤 **Author:** Kevin Veen-Birkenbach +🔗 **Website:** [veen.world](https://veen.world) + +## Features ✨ +- Automated setup using **Docker Compose** 🐳 +- Centralized **MariaDB** database support 🛢️ +- Secure environment configurations 🔐 +- Configurable **SMTP email settings** 📧 +- **SAML Authentication Support** (Pending Fix) 🔐 +- **Redis Caching** for improved performance ⚡ + +## Administration 🛠️ +Clear and restart the application: +```bash +docker-compose exec application php artisan config:clear +docker-compose exec application php artisan cache:clear +docker-compose restart application +``` + +## Configuration +- **Database:** The role supports **MariaDB** as the primary database. +- **Environment Variables:** Defined in `templates/env.j2`. +- **Nginx Proxy Support:** Automated through `nginx-docker-proxy-domain.yml`. + +## Pending Issue 🚧 +To ensure full **SAML authentication integration**, this issue still needs to be resolved: +🔗 [GitHub Issue #16186](https://github.com/snipe/snipe-it/issues/16186) + +## Additional Resources 📚 +For more details, visit the official documentation and related links: +- 🔗 [Snipe-IT Documentation](https://snipe-it.readme.io/docs/ldap-sync-login) +- 🔗 [SAML Setup](https://snipe-it.readme.io/docs/saml) +- 🔗 [Mattermost SSO Integration](https://docs.mattermost.com/onboard/sso-saml-keycloak.html) - https://snipe-it.readme.io/docs/ldap-sync-login -- https://snipe-it.readme.io/docs/saml \ No newline at end of file +- https://github.com/snipe/snipe-it/issues/8584 +- https://chatgpt.com/c/67a34927-a994-800f-a3d5-86a5b0205c8b +- https://github.com/snipe/snipe-it/issues/14895 +- https://github.com/snipe/snipe-it/issues/16186 + +🚀 Happy Deploying! 🏗️ diff --git a/roles/docker-snipe_it/templates/env.j2 b/roles/docker-snipe_it/templates/env.j2 index dde8ca23..ffd4e53c 100644 --- a/roles/docker-snipe_it/templates/env.j2 +++ b/roles/docker-snipe_it/templates/env.j2 @@ -5,7 +5,7 @@ APP_ENV=production APP_DEBUG={{enable_debug | string | lower }} # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here APP_KEY={{applications.snipe_it.app_key}} -APP_URL=http://{{domain}} +APP_URL=https://{{domain}} # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier APP_TIMEZONE='{{timezone}}' APP_LOCALE={{locale}} @@ -87,18 +87,18 @@ EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session COOKIE_DOMAIN=null -SECURE_COOKIES=false +SECURE_COOKIES=true API_TOKEN_EXPIRATION_YEARS=40 # -------------------------------------------- # OPTIONAL: SECURITY HEADER SETTINGS # -------------------------------------------- -APP_TRUSTED_PROXIES=172.17.0.1 # Docker Gateway +APP_TRUSTED_PROXIES=** ALLOW_IFRAMING=false REFERRER_POLICY=same-origin ENABLE_CSP=false CORS_ALLOWED_ORIGINS=null -ENABLE_HSTS=false # Certificates managed by nginx +ENABLE_HSTS=true # Certificates managed by nginx # -------------------------------------------- # OPTIONAL: CACHE SETTINGS diff --git a/roles/docker-snipe_it/vars/main.yml b/roles/docker-snipe_it/vars/main.yml index c6155b31..0916c9cd 100644 --- a/roles/docker-snipe_it/vars/main.yml +++ b/roles/docker-snipe_it/vars/main.yml @@ -1,3 +1,4 @@ application_id: "snipe_it" database_password: "{{applications.snipe_it.database_password}}" -database_type: "mariadb" \ No newline at end of file +database_type: "mariadb" +# enable_central_database: false For debugging reasons here \ No newline at end of file diff --git a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 index c22c713f..11ea4a85 100644 --- a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 @@ -10,7 +10,7 @@ location / # headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_set_header Accept-Encoding "";