Configuration

This section is where you edit the Snipe-IT configuration file to reflect your own settings, such as your database credentials, mail server, preferred language, timezone, and so on. Some of the settings are optional, some are required.

Don't be intimidated by the length of this page. The configuration options are pretty straightforward, we just like to explain what each of them do. 😀

Your Environmental Config File

🚧

IMPORTANT!

Snipe-IT caches these variables for you to speed things up. If you make subsequent changes to this file, make sure you run php artisan config:clear to clear the compiled version to see your changes.

All system configuration variables are stored in a single .env file in your project's root. To get started, copy over the .env.example file to a new .env file:

cp .env.example .env

🚧

NOTE:

Make sure there are no trailing spaces after the values you add in your .env file, as that can sometimes cause unexpected results, and any values that contain special characters like #, $, etc should be enclosed in quotes.

(Click here for information on renaming files that begin with a dot in Windows.)

When you first get started, your .env file looks like this:

# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=null
APP_TIMEZONE='UTC'
APP_LOCALE='en-US'
MAX_RESULTS=500

# --------------------------------------------
# REQUIRED: UPLOADED FILE STORAGE SETTINGS
# --------------------------------------------
PRIVATE_FILESYSTEM_DISK=local
PUBLIC_FILESYSTEM_DISK=local_public

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_IS_PAAS=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null
DB_SSL_VERIFY_SERVER=null

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
[email protected]
MAIL_FROM_NAME='Snipe-IT'
[email protected]
MAIL_REPLYTO_NAME='Snipe-IT'
MAIL_AUTO_EMBED_METHOD='attachment'
MAIL_TLS_VERIFY_PEER=true

# MAIL_ENCRYPTION is no longer supported. SymfonyMailer will use tls if it's
# advertised, and won't if it's not. If you want to use your mail server's IP but it's failing
# because of certificate errors, set MAIL_TLS_VERIFY_PEER-true

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd


# --------------------------------------------
# OPTIONAL: BACKUP SETTINGS
# --------------------------------------------
MAIL_BACKUP_NOTIFICATION_DRIVER=null
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
BACKUP_ENV=true
ALLOW_BACKUP_DELETE=false
ALLOW_DATA_PURGE=false

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_DRIVER=file
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=15
BS_TABLE_STORAGE=cookieStorage
BS_TABLE_DEEPLINK=true

# --------------------------------------------
# OPTIONAL: SECURITY HEADER SETTINGS
# --------------------------------------------
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
ALLOW_IFRAMING=false
REFERRER_POLICY=same-origin
ENABLE_CSP=false
ADDITIONAL_CSP_URLS=null
CORS_ALLOWED_ORIGINS=null
ENABLE_HSTS=false

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
QUEUE_DRIVER=sync
CACHE_PREFIX=snipeit

# --------------------------------------------
# OPTIONAL: REDIS SETTINGS
# --------------------------------------------
REDIS_HOST=null
REDIS_PASSWORD=null
REDIS_PORT=null

# --------------------------------------------
# OPTIONAL: MEMCACHED SETTINGS
# --------------------------------------------
MEMCACHED_HOST=null
MEMCACHED_PORT=null

# --------------------------------------------
# OPTIONAL: PUBLIC S3 Settings
# --------------------------------------------
PUBLIC_AWS_SECRET_ACCESS_KEY=null
PUBLIC_AWS_ACCESS_KEY_ID=null
PUBLIC_AWS_DEFAULT_REGION=null
PUBLIC_AWS_BUCKET=null
PUBLIC_AWS_URL=null
PUBLIC_AWS_BUCKET_ROOT=null

# --------------------------------------------
# OPTIONAL: PRIVATE S3 Settings
# --------------------------------------------
PRIVATE_AWS_ACCESS_KEY_ID=null
PRIVATE_AWS_SECRET_ACCESS_KEY=null
PRIVATE_AWS_DEFAULT_REGION=null
PRIVATE_AWS_BUCKET=null
PRIVATE_AWS_URL=null
PRIVATE_AWS_BUCKET_ROOT=null

# --------------------------------------------
# OPTIONAL: AWS Settings
# --------------------------------------------
AWS_ACCESS_KEY_ID=null
AWS_SECRET_ACCESS_KEY=null
AWS_DEFAULT_REGION=null

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60
LOGIN_AUTOCOMPLETE=false

# --------------------------------------------
# OPTIONAL: FORGOTTEN PASSWORD SETTINGS
# --------------------------------------------
RESET_PASSWORD_LINK_EXPIRES=15
PASSWORD_CONFIRM_TIMEOUT=10800
PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50

# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
LOG_CHANNEL=single
LOG_MAX_DAYS=10
APP_LOCKED=false
APP_CIPHER=AES-256-CBC
APP_FORCE_TLS=false
APP_ALLOW_INSECURE_HOSTS=false
GOOGLE_MAPS_API=
LDAP_MEM_LIM=500M
LDAP_TIME_LIM=600
IMPORT_TIME_LIMIT=600
IMPORT_MEMORY_LIMIT=500M
REPORT_TIME_LIMIT=12000
REQUIRE_SAML=false
API_THROTTLE_PER_MINUTE=120
CSV_ESCAPE_FORMULAS=true
LIVEWIRE_URL_PREFIX=null

# --------------------------------------------
# OPTIONAL: HASHING
# --------------------------------------------
HASHING_DRIVER='bcrypt'
BCRYPT_ROUNDS=10
ARGON_MEMORY=1024
ARGON_THREADS=2
ARGON_TIME=2

# --------------------------------------------
# OPTIONAL: SCIM
# --------------------------------------------
SCIM_TRACE=false
SCIM_STANDARDS_COMPLIANCE=false

We'll spend some time breaking down these options so you're clear on what should go where.

REQUIRED: Basic App Settings

The first part of your .env file covers basic application settings.

# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=http://ChangeMe
APP_TIMEZONE='America/Los_Angeles'
APP_LOCALE=en
MAX_RESULTS=500
SettingNotes
APP_ENVThis should always be set to production unless you are a developer who is editing code within snipe-IT.
APP_DEBUGSetting this to true will turn on debugging in your Snipe-IT installation. This can be very useful for debugging, but should NEVER be left to true in a production environment.
APP_KEYThis is a randomly generated key that your system will use to store encrypted data. It's best not to change this manually, but to run php artisan key:generate to create a new key that is the right length. (You'll complete this step after you Install Dependencies - See Step 5 in the installation overview.)

Make sure you keep a backup of this value somewhere safe (password manager, etc).
APP_URLThis is the url to your application, beginning with http:// or https:// (if you're running Snipe-IT over SSL). This should not have a trailing slash, should not be left as null, and you should not have public in the URL.

Images and javascript will not load correctly if this is not set to EXACTLY the URL you access your Snipe-IT app from.
APP_FORCE_TLSSet to true to force https protocol during setup.
APP_TIMEZONESet this to be the timezone you wish your Snipe-IT installation to use. This should use a PHP-supported timezone, and should be enclosed in single quotes.
APP_LOCALESet this to reflect the abbreviation for the language you'd like to use for Snipe-IT. The default language is US English (en-US), however we have additional language translations available, thanks to a great community of people helping us translate Snipe-IT
MAX_RESULTSMaximum number of results returned in paginated results. Default is 500.

❗️

IMPORTANT:

Make sure you keep a backup of your APP_KEY somewhere safe.

Setting a Language

If you wish to use one of the other available languages, simply replace the default value of locale from en-US to one of the values listed below.

LanguageValue
English (US)en-US
English (UK)en-GB
Afrikaansaf-ZA
Arabicar-SA
Bulgarianbg-BG
Catalanca-ES
Chinese Simplifiedzh-CN
Chinese Traditionalzh-TW
Croatianhr-HR
Czechcs-CZ
Danishda-DK
Dutchnl-NL
Estonianet-EE
Filipinofil-PH
Finnishfi-FI
Frenchfr-FR
Germande-DE
German (Informal)de-if
Greekel-GR
Hebrewhe-IL
Hungarianhu-HU
Indonesianid-ID
English, Indonesiaen-ID
Irishga-IE
Italianit-IT
Japaneseja-JP
Koreanko-KR
Latvianlv-LV
Lithuanianlt-LT
Malayms-MY
Maorimi-NZ
Mongolianmn-MN
Norwegianno-NO
Persianfa-IR
Polishpl-PL
Portuguesept-PT
Portuguese, Brazilianpt-BR
Romanianro-RO
Russianru-RU
Spanishes-ES
Spanish, Colombiaes-CO
Swedishsv-SE
Tamilta-IN
Turkishtr-TR
Ukrainianuk-UA
Vietnamesevi-VN
Zuluzu-ZA

If you're interested in additional languages, or would like to help us translate some of the incomplete existing languages, please see the Translations page. Check out the Snipe-IT CrowdIn translation project here to see current translation progress and all available languages.

REQUIRED: Database Settings

The next section in the .env asks you about your database settings:

# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/local/bin'

❗️

IMPORTANT:

You must create the database yourself if you did a manual installation (meaning you didn't use install.sh, or docker). Snipe-IT does not create the database or database users for you. Click here to learn more about creating a database and database user.

SettingNotes
DB_CONNECTIONLeave this as mysql. Snipe-IT currently only supports MySQL/MariaDB.
DB_HOSTThe host for your database. On most installations, you can leave this as localhost.
DB_DATABASEThe name of your Snipe-IT database.
DB_USERNAMEThe MySQL username you set up to access the database.
DB_PASSWORDYour database password for the user you specified above.
DB_PREFIXOnly required if you wish to use a prefix for your database tables. (Most installations can leave this set to null.)
DB_DUMP_PATHPath to the directory that contains mysqldump on your machine. This should point to the directory, not the binary itself.

This is often something like '/usr/bin' on linux systems.

Windows users should use something like: 'C:\\PROGRA~1\\MARIAD~1.0\\bin' or 'C:\\PROGRA~1\\MARIAD~1.1\\bin', depending your version (note the double-slashes).

If you're not sure what the path is to mysqldump, linux users can run which mysqldump and Windows users can use cmd /c for %A in ("C:\Program Files\MariaDB 10.1\bin") do @echo %~sA via command line to reveal the path information.
DB_SOCKETPath to the unix socket if you are connecting via socket instead. This field is optional and should only be used if you are connecting via socket.
DB_PORT(Optional) If you wish to use a non-standard database port, specify it here.

REQUIRED: Outgoing Mail Settings

Outgoing mail settings are required in order for your Snipe-IT installation to send email. If you do not configure your mail settings, users will not be able to request a password reset if they get locked out, your email alerts for expiring licenses and assets (etc) will not work, and you cannot use asset acceptance/EULA requirements on your system.

# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
[email protected]
MAIL_FROM_NAME=Snipe-IT
[email protected]
MAIL_REPLYTO_NAME=Snipe-IT
MAIL_AUTO_EMBED=true
MAIL_AUTO_EMBED_METHOD=base64
MAIL_TLS_VERIFY_PEER=false

When you've completed the configuration setup and get to the Pre-Flight & Setup page, you will be able to test yout mail settings.

SettingNotes
MAIL_MAILERSpecify the driver you would like to use. On most installations, you can leave this as smtp. Other options include mail to use the system's PHP mail function, or sendmail if you wish to use your server's sendmail. If you do not wish to send any email from the system, you can set this to log.
MAIL_HOSTSpecify the hostname for your outgoing mail server. Keep in mind that this server must be accessible from the server you're running Snipe-IT on.
MAIL_PORTSet the port number that your mail server expects to send from. Some common port numbers are:

- 25 for unencrypted connections
- 587 for encrypted connections
MAIL_USERNAMESet the username of the authenticated user you'll be sending email as.
MAIL_PASSWORDSet the password for the authenticated user you'll be sending as.
MAIL_FROM_ADDRSpecify an email address that is used globally for all e-mails that are sent by your application.
MAIL_FROM_NAMESpecify the name that should show up in the recipient's inbox when they receive email from your Snipe-IT instance.
MAIL_REPLYTO_ADDRSpecify the address that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_ADDR, but it is required.
MAIL_REPLYTO_NAMESpecify the name that should be the reply:to on emails from your Snipe-IT instance. This can be the same as your MAIL_FROM_NAME , but it is required.
MAIL_AUTO_EMBEDWhether or not to embed images in emails (via CID or base64) versus linking to them. This can be helpful when your Snipe-IT installation is behind a private network, as employees not currently logged into that network would show broken images.
MAIL_AUTO_EMBED_METHODMethod that should be used for attaching inline images. Options are attachment (for CID) or base64.
MAIL_TLS_VERIFY_PEERSnipe-IT mail will use TLS if the server offers it, so if you're using a self-signed certificate or want to refer to your mailserver by a name that isn't in the certificate (like the IP address, set this to 0 or false..

If you are having an issue with mail sending, you can try setting MAIL_TLS_VERIFY_PEER=false in your .env file.

GoDaddy Email

If you're using GoDaddy for hosting, you will need to set your mail server to use relay-hosting.secureserver.net on port 25, with username and password left as null values. See the GoDaddy relay server documentation for more specifics.

Using Gmail

If you're using Gmail to send your emails, you'll want to use the settings below (in addition to filling out the from address and name in the config file):

driversmtp
hostsmtp.gmail.com
port587
usernameyour_gmail_username
passwordyour_gmail_password

Additionally, you may need to tweak a few settings in your Gmail account to handle Google's security that can kick in if Google doesn't recognize the system you're trying to access it through.

  • Sign into the Gmail account in a browser
  • Check if you have enabled the two-factor authentication. If it is enabled, disable it or use a special app password.
  • Go here and enable access for "less secure" apps:
  • Then go here and click Continue.
  • If you're still getting errors, try this solution on StackOverflow.

(More info on sending email through Laravel and Gmail is available here, and more info on why Google makes you jump through these hoops is available here.)

If you're still having problems

If you don’t have easy access to a mail server (or you can't get your settings to work for some reason), we suggest signing up for Mandrill.

REQUIRED: Image Library Settings

GD Library or Imagemagick are required to generate barcodes for Snipe-IT, and to resize uploaded images associated with assets, asset models, etc. Specify which one you have available on your server.

# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd

OPTIONAL: Backup Settings

# --------------------------------------------
# OPTIONAL: BACKUP SETTINGS
# --------------------------------------------
MAIL_BACKUP_NOTIFICATION_DRIVER=null
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
BACKUP_ENV=true
ALLOW_BACKUP_DELETE=false
ALLOW_DATA_PURGE=false
SettingNotes
MAIL_BACKUP_NOTIFICATION_DRIVERThis should usually be set to mail or null
MAIL_BACKUP_NOTIFICATION_ADDRESSOptional email address to send backup notifications to.
BACKUP_ENVWhether to backup your .env file
ALLOW_BACKUP_DELETEEnables the option to delete backups in the UI. These backups will normally rotate out, so there isn't usually a need to enable this. Defaults to false.
ALLOW_DATA_PURGEEnabled the option to purge deleted data in the UI. Defaults to false.

OPTIONAL: Session Settings

These settings can usually be left as their defaults, however we'll walk through what each of the options do.

# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_DRIVER=file
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
API_TOKEN_EXPIRATION_YEARS=15
BS_TABLE_STORAGE=cookieStorage
BS_TABLE_DEEPLINK=true
SettingNotes
SESSION_DRIVERThe driver you wish to use for session handling. Supported: cookie, database, apc,
memcached, redis. Default is file.
SESSION_LIFETIMESpecify the time in minutes that the session should remain valid.
EXPIRE_ON_CLOSESpecify whether or not the logged in session should be expired when the user closes their browser window.
ENCRYPTSpecify whether you wish to use encrypted cookies for your Snipe-IT sessions.
COOKIE_NAMEUnless you're running multiple instances of Snipe-IT, you should be able to leave this as the default. If you are running multiple Snipe-IT installs, you should probably set this to a unique name for each one so that your browser doesn't get sessions confused.
COOKIE_DOMAINSpecify what domain name Snipe-IT should honor cookies from. This provides enhanced security, and should be set to whatever the domain name is of your Snipe-IT installation if you choose to use it. If you are having problems logging into your Snipe-IT instance, check and make sure this setting is correct.
SECURE_COOKIESBy setting this option to true, session cookies will only be sent back to the server if the browser has a HTTPS connection. This will keep the cookie from being sent to you if it can not be done securely. If you are not running your Snipe-IT over SSL, you should leave this as false.
API_TOKEN_EXPIRATION_YEARSThis sets how long the API tokens should be valid for. The default is 40 years if no value is given, however if you're running 32-bit PHP, you should manually set this to something lower like 15 years, otherwise you may get a 401 Unauthorized error on API requests.
BS_TABLE_STORAGEThis allows you to configure whether you want to use local storage or cookies to remember which columns you have shown/hidden in the list views. Options are cookieStorage or localStorage, and the default setting is cookieStorage. If you run into an issue where the browser returns a "cookie size too large" error, switching this to localStorage can help.
BS_TABLE_DEEPLINKThis enables "deep linking" to search results on listings pages. Disable this by setting it to false in the event it is interfering with your workflow.

❗️

IMPORTANT:

If you are NOT running Snipe-IT over SSL and you enable SECURE_COOKIES, your users will not be able to login to the site. Only use this option if you are running Snipe-IT over SSL.

Optional: Cache Settings

# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
QUEUE_DRIVER=sync
CACHE_PREFIX=snipeit
SettingDefault ValueNotes
CACHE_DRIVERfileThe driver you wish to use for caching. This is usually file. Supported drivers: apc, database, memcached, redis, dynamodb, null.
QUEUE_DRIVERsyncThis is not currently used by Snipe-IT and can be left as-is
CACHE_PREFIXWhen utilizing a RAM based store such as APC or Memcached, there might be other applications utilizing the same cache. So, we'll specify a value to get prefixed to all our keys so we can avoid collisions.

Optional: Login Throttling

Snipe-IT utilizes brute force prevention to prevent attackers from attempting to brute-force logins to your installation. There is no way to disable brute force prevention, but you can configure the maximum allowed attempts and the duration a user is locked out when they exceed that number.

SettingDefault ValueNotes
LOGIN_MAX_ATTEMPTS5The maximum number of failed attempts allowed before the user is throttled.
LOGIN_LOCKOUT_DURATION60The duration (in seconds) that the user should be blocked from attempting to authenticate again.

Optional: Amazon S3 Settings

These should be used if you wish to store your file uploads on Amazon S3. All of the fields below are required if you want to use this option.

# --------------------------------------------
# OPTIONAL: PUBLIC S3 Settings
# --------------------------------------------
PUBLIC_AWS_SECRET_ACCESS_KEY=null
PUBLIC_AWS_ACCESS_KEY_ID=null
PUBLIC_AWS_DEFAULT_REGION=null
PUBLIC_AWS_BUCKET=null
PUBLIC_AWS_URL=null
PUBLIC_AWS_BUCKET_ROOT=null

# --------------------------------------------
# OPTIONAL: PRIVATE S3 Settings
# --------------------------------------------
PRIVATE_AWS_ACCESS_KEY_ID=null
PRIVATE_AWS_SECRET_ACCESS_KEY=null
PRIVATE_AWS_DEFAULT_REGION=null
PRIVATE_AWS_BUCKET=null
PRIVATE_AWS_URL=null
PRIVATE_AWS_BUCKET_ROOT=null

Optional: AWS SES Settings

If you want to use Amazon's Simple Email Service instead of regular SMTP, you can fill out the settings below in your .env instead of the settings in the mail section.

# --------------------------------------------
# OPTIONAL: AWS SES Settings
# --------------------------------------------
AWS_ACCESS_KEY_ID=null
AWS_SECRET_ACCESS_KEY=null
AWS_DEFAULT_REGION=null

Optional: Misc

SettingDefault ValueNotes
LOGsingleWhether to use a single log file, or multiple date-based log files for your app error logs. Set to daily for logs broken down into daily files.
APP_LOG_MAX_FILES10Max number of daily app log files to retain.
LOG_LEVELwarningLevel of logging that should be sent to the storage/logs/laravel.log file.
FILESYSTEM_DISKlocalSnipe-IT only supports local disks at this time, so this setting should be left as is.
APP_TRUSTED_PROXIES192.168.1.1,10.0.0.1Enter your host IP address if you use a reverse proxy.
ALLOW_IFRAMINGfalseSet this to true if you need to run Snipe-IT within an iframe. This is an uncommon scenario, so you can leave this out or set it to false in most cases.
APP_ALLOW_INSECURE_HOSTSfalseSet this to this to true ONLY if you if you can’t make your APP_URL match the actual URL of your application, and your hosting environment is secure and not accessible to the outside world. (This can be useful in some situations where proxies are used.)
APP_CIPHERAES-256-CBCYou should not change this unless you know what you're doing.
GOOGLE_MAPS_APIInclude your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages. For more information on setting this up, see our common issues.
BACKUP_ENVtrueSet this to true if you wish to backup your .env file in your Admin > Backups process. Set it to false to disable backing up .env files.
LDAP_MEM_LIM500MMemory limit for LDAP execution
LDAP_TIME_LIM600Time limit for LDAP execution
ENABLE_HSTSfalseHTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone.

The HSTS Policy is communicated by the server to the user agent via an HTTPS response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site.
REQUIRE_SAMLfalseForce SAML logins only and disable local login
ENABLE_CSPfalseThis will enable the CSP headers for additional security.
ADDITIONAL_CSP_URLSfalseIf you're using an outside server to host your images for the image or avatar fields, you'll need to add the URL where they are hosted to this config variable or else the Content Security Policy will prevent them from loading.
LIVEWIRE_URL_PREFIXfalseMake sure to set this value if you are running Snipe-IT in a subdirectory, to allow certain javascript files to load properly, example: LIVEWIRE_URL_PREFIX=/snipeit
CSV_ESCAPE_FORMULASfalseDetermines whether to escape CSVs values on exporting custom reports.

REQUIRED: Set Directory Permissions

You’ll need to make sure that the storage directory and its subdirectories, as well as the uploads directory within public are writable by your web server, since caches, log files, and uploaded files get written there.

The easiest way to handle permissions is to have your non-privileged user that owns your snipe-it project root set as belonging to the same group that the web server runs as.

useradd -g apache snipeit

The above creates a new linux user snipeit and adds them to the apache group. This is just an example though, and if you have experience running web servers, you probably already know how to manage this.

For more info on linux users and groups, click here.

You should use the minimum permissions available for writing, based on how you’ve got your web server configured.

chown -R snipeit storage public/uploads bootstrap/cache

Next, you'll want to ensure that this user has write permissions to those directories.

On Linux/OS X, you would do something like this:

chmod -R 775 storage
chmod -R 775 public/uploads
chmod -R 775 bootstrap/cache

For help fixing permissions on IIS, see the Windows/IIS Installation Guide.

If you still run into a permissions error, you may need to increase the permissions to 775, or twiddle your user/group permissions on your server so that the web server (Apache, IIS, etc) can write to those directories.

❗️

IMPORTANT:

Make sure the Snipe-IT project directory is not owned by root. Your webserver should be running as your webserver’s user (often apache, nobody, or www-data). But never, ever root. Ever.

OPTIONAL: Set Your .htaccess to Redirect to SSL

If you are running Snipe-IT over HTTPS and wish to automatically redirect the user to the HTTPS version if they accidentally go to the HTTP version, uncomment the following lines from the public/.htaccess file:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

❗️

IMPORTANT:

If you are NOT running Snipe-IT over SSL and you enable this feature, your users will not be able to access the site. Only use this option if you are running Snipe-IT over SSL.