I would like to host GLPI-latest in a larger environment with abt ~250 user and make it accessible via LAN and Internet.
Nethserver will be added to a already existing windows 2019 AD. A firewall appliance also exists… What would be the most secure best practice scenario in this setup?
GLPi with Fusion Inventory and Flyve MDM try this leaving out nethserver steps and flyve etc on debian with lamp use nethserver as reverse proxy point DNS record externally (for the glpi url) to nethserver and have nethserver reverse proxy to the glpi server internal ip I currently have this working on proxmox at the moment as for security while I agree with using vpn I also agree about the hassle
also some discussion on running glpi on dmz some relevance
also on the pc your trying to make it work with did you select the built in web server option if so make sure you can see the service page at http://localhost:62354/
while testing the work around i tried curl http://host/glpi/plugins/fusioninventory/
and got
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://host/plugins/fusioninventory/">here</a>.</p>
</body></html>
so I’m thinking the agent is trying to querry the server to get instructions but is being met with the redirection notice and giving up try changing the http to https in the bat file and try again and post the results
update:
I was wrong keep the http:// in the batfile and make sure to unhash local = /tmp
in my agent.cfg (it’s mac not windows so bat file would be windows equivilent)
truncated
# send tasks results to a FusionInventory for GLPI server
server = http://ip/glpi/plugins/fusioninventory/
# write tasks results in a directory
local = /tmp
also make sure the permissions on the server have apache user ie www-data (if ubuntu or debian) or httpd (if centos or redhat) chown www-data:www-data -R path(ie /var/www/html)/glpi/plugins/fusioninventory
restart the machine and run force inventory and in a few minutes it should appear in fusion inventory
Let me know if you have issues with the above advise if so ill try to get access to a windows machine and test
I’ve just successfully tested with the glpi inventory app on my Phone using the above settings
server = https://192.168.100.168/glpi/plugins/fusioninventory/
no-ssl-check = 1
The full agent.conf is here:
# fusioninventory agent configuration
# all defined values match default
# all commented values are examples
#
# Target definition options
#
# send tasks results to an OCS server
#server = http://server.domain.com/ocsinventory
# send tasks results to a FusionInventory for GLPI server
server = https://192.168.100.168/glpi/plugins/fusioninventory/
# write tasks results in a directory
#local = /tmp
#
# Task definition options
#
# disable software deployment tasks
#no-task = deploy
#tasks = inventory,deploy,inventory
#
# Target scheduling options
#
# maximum delay before first target, in seconds
# Also the maximum delay on network error. Delay on network error starts
# from 60, is doubled at each new failed attempt until reaching delaytime.
delaytime = 3600
# do not contact the target before next scheduled time
lazy = 0
#
# Inventory task specific options
#
# do not list local printers
# no-category = printer
# allow to scan user home directories
scan-homedirs = 0
# allow to scan user profiles
scan-profiles = 0
# save the inventory as HTML
html = 0
# timeout for inventory modules execution
backend-collect-timeout = 180
# always send data to server
force = 0
# additional inventory content file
additional-content =
#
# Package deployment task specific options
#
# do not use peer to peer to download files
no-p2p = 0
#
# Network options
#
# proxy address
proxy =
# user name for server authentication
user =
# password for server authentication
password =
# CA certificates directory
ca-cert-dir =
# CA certificates file
ca-cert-file =
# do not check server SSL certificate
no-ssl-check = 1
# connection timeout, in seconds
timeout = 180
#
# Web interface options
#
# disable embedded web server
no-httpd = 0
# network interface to listen to
httpd-ip = 0.0.0.0
# network port to listen to
httpd-port = 62354
# trust requests without authentication token
httpd-trust = 127.0.0.1/32
#
# Logging options
#
# Logger backend, either Stderr, File or Syslog (Stderr)
logger = File
# log file
logfile = 'C:\Program Files\FusionInventory-Agent\logs\fusioninventory-agent.log'
# maximum log file size, in MB
#logfile-maxsize = 0
# Syslog facility
logfacility = LOG_USER
# Use color in the console
color = 0
#
# Execution mode options
#
# add given tag to inventory results
tag =
# debug mode
debug = 0
# time to wait to reload config (0 means no reload, it's default value)
# conf-reload-interval = 0
# Since 2.4, you can include all .cfg files from a folder or any given file
# For example:
# 1. file "conf.d/tag.cfg" contains "tag = 'entity123'"
# using "include 'conf.d' will set tag to 'entity123'
# 2. file "/etc/production/glpi-tag" contains "tag = 'entity123'"
# using "include '/etc/production/glpi-tag' will set tag to 'entity123'
# Remark:
# 1. Prefer to use full path to avoid confusion, but be aware relative paths are
# relative against current config file folder
# 2. A parameter set in included file can be over-rided if set again after the directive
# 3. *.cfg files are read in order in folder, it's better to prefix them with a number
# 4. Package maintainers are encouraged to use this feature to avoid conflict
# during upgrades after configuration update
#
#include "conf.d/"
#include "agent.local"
include "conf.d/"
I used Powershell with admin-rights with or without debug option:
Are they with ad (nethserver or Ms) if so just deploy with group policy should be able to use the bat script instead of exe or make a bat script with parameter to run once and have it call the install in silent mode