Si
Applications Azure

Snipe-IT on Ubuntu 24.04 on Azure User Guide

| Product: Snipe-IT on Ubuntu 24.04 LTS on Azure

Overview

Snipe-IT is the popular free, open source IT asset management system. Track hardware assets, software licenses, accessories, consumables and components, check items in and out to users and locations, print QR and barcode labels, run audits and reports, and drive it all through a full REST API. The cloudimg image delivers Snipe-IT fully installed and configured on Ubuntu 24.04 — a Laravel application on PHP 8.3 with OPcache, served by nginx over HTTPS with php-fpm, backed by MariaDB. The database schema is already migrated and the pre-flight setup wizard is already complete, so you land directly on the sign-in page with nothing to configure. Backed by 24/7 cloudimg support.

Snipe-IT is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). cloudimg is not affiliated with, endorsed by, or sponsored by Grokability, Inc. or the Snipe-IT project; "Snipe-IT" is a trademark of its respective owner. This image repackages the upstream open source release with cloudimg's provisioning and support.

What is included:

  • Snipe-IT 8.6.1 (AGPL-3.0), served from /var/www/snipe-it/public
  • nginx (TLS on :443, with :80 redirected to HTTPS and a plain /healthz liveness endpoint) + PHP 8.3 (php8.3-fpm with OPcache) + MariaDB, all from Ubuntu 24.04 main/universe
  • A per-VM self-signed TLS certificate generated on first boot, so the interface loads over a secure context
  • Per-VM administrator password, MariaDB password and Laravel APP_KEY, all generated at first boot and written to a root-only file — no default or shared login ships in the image
  • The Laravel scheduler running every minute via a systemd timer
  • nginx.service, php8.3-fpm.service and mariadb.service as systemd units, enabled and active
  • 24/7 cloudimg support

Snipe-IT sign-in

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2ms (2 vCPU / 8 GiB RAM) is a good starting point; scale up for larger inventories or heavier traffic. NSG inbound: allow 22/tcp from your management network and 443/tcp (HTTPS) plus 80/tcp (which redirects to HTTPS) from your users.

Step 1 — Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Snipe-IT by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTPS (443). Then Review + create and Create.

Step 2 — Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name snipe-it \
  --image <marketplace-image-urn> \
  --size Standard_B2ms \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

Open HTTPS (and HTTP, which redirects) to reach the web interface:

az vm open-port --resource-group <your-rg> --name snipe-it --port 443 --priority 900
az vm open-port --resource-group <your-rg> --name snipe-it --port 80  --priority 910

Step 3 — Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 — Confirm the services are running

The three services that back Snipe-IT should all report active. The plain HTTP port answers a lightweight /healthz liveness check and redirects everything else to HTTPS, and the interface answers over TLS:

systemctl is-active nginx php8.3-fpm mariadb
curl -s  -o /dev/null -w 'healthz        -> %{http_code}\n' http://127.0.0.1/healthz
curl -s  -o /dev/null -w 'http redirect  -> %{http_code}\n' http://127.0.0.1/
curl -ks -o /dev/null -w 'https app      -> %{http_code}\n' https://127.0.0.1/

Expected: three lines of active, then healthz -> 200, http redirect -> 301 and https app -> 302 (Snipe-IT redirects an unauthenticated request to the login page).

Service status and listening ports

Step 5 — Retrieve your administrator password

On the first boot of every VM, a one-shot service (snipe-it-firstboot.service) generates credentials that are unique to that VM: a fresh Laravel application key, a fresh MariaDB password, and a fresh administrator password. It also generates a per-VM self-signed TLS certificate and sets the VM's own address as the application URL. No shared or default credentials ship in the image.

sudo cat /root/snipe-it-credentials.txt

The file (mode 0600, root only) contains the administrator username (snipeit.admin.user, which is admin), the administrator password (snipeit.admin.pass), the sign-in URL, and the database credentials. Snipe-IT signs in by username.

Per-VM credentials, root-only and masked

You can prove the login round-trip from the VM's own shell — this reads the per-VM credentials, fetches a CSRF token and posts a real sign-in (a successful Snipe-IT login answers HTTP 302 into the dashboard), and confirms a wrong password is rejected back to the login page:

USER=$(sudo grep '^snipeit.admin.user=' /root/snipe-it-credentials.txt | cut -d= -f2-)
PASS=$(sudo grep '^snipeit.admin.pass=' /root/snipe-it-credentials.txt | cut -d= -f2-)
CJ=$(mktemp)
TOK=$(curl -ks -c "$CJ" https://127.0.0.1/login | grep -oE 'name="_token" value="[^"]+"' | head -1 | sed 's/.*value="//;s/"//')
curl -ks -o /dev/null -w 'good login -> %{http_code}\n' -b "$CJ" -c "$CJ" \
  -d "_token=$TOK" --data-urlencode "username=$USER" --data-urlencode "password=$PASS" https://127.0.0.1/login
BAD=$(mktemp)
BTOK=$(curl -ks -c "$BAD" https://127.0.0.1/login | grep -oE 'name="_token" value="[^"]+"' | head -1 | sed 's/.*value="//;s/"//')
curl -ks -o /dev/null -w 'wrong pass -> %{redirect_url}\n' -b "$BAD" -c "$BAD" \
  -d "_token=$BTOK" --data-urlencode "username=$USER" --data-urlencode "password=wrong-99" https://127.0.0.1/login
rm -f "$CJ" "$BAD"

Expected: good login -> 302 (into the app) and wrong pass -> https://127.0.0.1/login (bounced back, rejected).

Step 6 — Sign in

Browse to https://<vm-public-ip>/ and sign in with the username admin and the password from the credentials file. Because the image ships a per-VM self-signed certificate, your browser shows a one-time certificate warning on first visit — click through it, or install your own domain certificate into /etc/nginx/ssl/snipe-it.crt and /etc/nginx/ssl/snipe-it.key.

After signing in you land on the dashboard, which summarises your asset, license, accessory, consumable, component and people counts, recent activity, and an assets-by-status breakdown.

Snipe-IT dashboard

Step 7 — Manage your assets

The image ships with an empty inventory ready for your own data. Snipe-IT models your estate as Categories → Manufacturers → Asset Models → Assets: create a category (for example Laptops), a manufacturer and an asset model, then add assets against that model. From the Assets list you can search, filter, bulk-edit, and check items in and out to users and locations; the toolbar exports to CSV, prints labels and opens the column picker.

Assets list

Choose Create New → Asset to add hardware. Snipe-IT auto-generates the next asset tag; pick a model and a status, optionally check it out to a user, add the serial, purchase details and a location, then Save.

Create an asset

Step 8 — Confirm the version and the stack

grep app_version /var/www/snipe-it/config/version.php
php -v | head -1
df -h /

Expected: 'app_version' => 'v8.6.1', PHP 8.3, and the OS disk that holds the application tree (/var/www/snipe-it) and the MariaDB datadir (/var/lib/mysql). Resize the OS disk from the Azure portal if you need more room for uploads or the database.

Version and application stack

First-boot service and security model

A one-shot snipe-it-firstboot.service runs After=mariadb.service and Before=nginx.service, so the per-VM credentials and TLS certificate are in place before the first page is ever served. It rotates the MariaDB password (editing .env in lock-step so the application never loses its database connection), regenerates the Laravel APP_KEY, sets a per-VM administrator password, writes the credentials file at mode 0600 (root only) and drops a sentinel so it runs exactly once.

systemctl status snipe-it-firstboot.service --no-pager | head -6
sudo stat -c '%a %U:%G %n' /root/snipe-it-credentials.txt

First-boot rotation of the DB password, APP_KEY and per-VM certificate

Administration from the CLI

Admin tasks use Laravel's artisan as the www-data user. For example, list the available commands or clear the caches:

sudo -u www-data php /var/www/snipe-it/artisan list | head -20
sudo -u www-data php /var/www/snipe-it/artisan config:clear

The Laravel scheduler (background jobs such as expiring-license and audit reminders) runs every minute through the snipe-it-scheduler.timer systemd timer — no crontab entry to add.

Enabling HTTPS with your own domain

The image serves HTTPS with a per-VM self-signed certificate out of the box. For a browser-trusted certificate, point a DNS record at the VM and install a certificate from your CA (for example Let's Encrypt) over the shipped self-signed pair:

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.example.com

Certbot updates the nginx site to serve your domain certificate; set APP_URL=https://your-domain.example.com in /var/www/snipe-it/.env and run sudo -u www-data php /var/www/snipe-it/artisan config:cache so generated links use your domain.

Backup and maintenance

Snipe-IT's data lives in the MariaDB database and the uploaded files under /var/www/snipe-it/public/uploads and /var/www/snipe-it/storage. Back the database up with mysqldump, and snapshot the OS disk from the Azure portal for a full point-in-time copy:

sudo mariadb-dump --single-transaction snipeit | gzip > /var/backups/snipeit-$(date +%F).sql.gz

Keep the OS current with sudo apt-get update && sudo apt-get upgrade; the image ships with unattended security updates enabled. Review Snipe-IT's own upgrade notes before moving between major versions.

Support

This image is backed by 24/7 cloudimg support for deployment, upgrades, LDAP and SAML single sign-on, REST API integration, email and label configuration, performance tuning and database administration. Email support@cloudimg.co.uk or use the live chat in the support portal; critical issues receive a one-hour average response.