Jumpserver之安裝在CentOS主機步驟
環境html
系統CentOS7.5前端
IP:172.16.90.248python
關閉防火牆設置selinuxmysql
systemctl stop firewalld setenforce 0 sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
一.準備Python3和Python虛擬環境linux
1.1安裝依賴包nginx
yum -y install wget gcc epel-release git
1.2安裝Python3.6git
yum -y install python36 python36-devel
若是下載速度慢能夠換國內源github
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum -y install python36 python36-devel
1.3創建Python虛擬環境web
由於 CentOS 7 自帶的是 Python2, 而 Yum 等工具依賴原來的 Python, 爲了避免擾亂原來的環境咱們來使用 Python 虛擬環境redis
cd /opt/ python3.6 -m venv py3 source /opt/py3/bin/activate
看到下面提示表明成功,之後運行jumpserver都要先運行以上source命令,如下全部命令都是在該虛擬環境運行
二.安裝Jumpserver
2.1下載或clone項目
cd /opt git clone https://github.com/jumpserver/jumpserver.git
2.2安裝依賴RPM包
cd /opt/jumpserver/requirements yum -y install $(cat rpm_requirements.txt)
2.3安裝Python庫依賴
pip install --upgrade pip setuptools pip install -r requirements.txt # 若是下載速度很慢, 能夠換國內源 pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/ pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
2.4安裝Redis,Jumpserver使用redis作cache和celery broke
yum -y install redis systemctl enable redis systemctl start redis
2.5安裝MySQL
本教程使用 Mysql 做爲數據庫, 若是不使用 Mysql 能夠跳過相關 Mysql 安裝和配置
yum -y install mariadb mariadb-devel mariadb-server systemctl enable mariadb systemctl start mariadb
2.6建立數據庫jumpserver並受權
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` echo -e "\033[31m 你的數據庫密碼是 $DB_PASSWORD \033[0m" mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
echo -e "\033[31m 你的數據庫密碼是 $DB_PASSWORD \033[0m" 你的數據庫密碼是 FCgdsBsyiiEdNT2BIgRTBwEv
2.7修改Jumpserver配置文件
$ cd /opt/jumpserver $ cp config_example.yml config.yml $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # 生成隨機SECRET_KEY $ echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # 生成隨機BOOTSTRAP_TOKEN $ echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml $ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" $ vi config.yml # 確認內容有沒有錯誤
# SECURITY WARNING: keep the secret key used in production secret! # 加密祕鑰 生產環境中請修改成隨機字符串,請勿外泄, 可以使用命令生成 # $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo SECRET_KEY: # SECURITY WARNING: keep the bootstrap token used in production secret! # 預共享Token coco和guacamole用來註冊服務帳號,不在使用原來的註冊接受機制 BOOTSTRAP_TOKEN: # Development env open this, when error occur display the full process track, Production disable it # DEBUG 模式 開啓DEBUG後遇到錯誤時能夠看到更多日誌 DEBUG: false # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ # 日誌級別 LOG_LEVEL: ERROR # LOG_DIR: # Session expiration setting, Default 24 hour, Also set expired on on browser close # 瀏覽器Session過時時間,默認24小時, 也能夠設置瀏覽器關閉則過時 # SESSION_COOKIE_AGE: 86400 SESSION_EXPIRE_AT_BROWSER_CLOSE: true # Database setting, Support sqlite3, mysql, postgres .... # 數據庫設置 # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases # SQLite setting: # 使用單文件sqlite數據庫 # DB_ENGINE: sqlite3 # DB_NAME: # MySQL or postgres setting like: # 使用Mysql做爲數據庫 DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: DB_NAME: jumpserver # When Django start it will bind this host and port # ./manage.py runserver 127.0.0.1:8080 # 運行時綁定端口 HTTP_BIND_HOST: 0.0.0.0 HTTP_LISTEN_PORT: 8080 # Use Redis as broker for celery and web socket # Redis配置 REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379 # REDIS_PASSWORD: # REDIS_DB_CELERY: 3 # REDIS_DB_CACHE: 4 # Use OpenID authorization # 使用OpenID 來進行認證設置 # BASE_SITE_URL: http://localhost:8080 # AUTH_OPENID: false # True or False # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/ # AUTH_OPENID_REALM_NAME: realm-name # AUTH_OPENID_CLIENT_ID: client-id # AUTH_OPENID_CLIENT_SECRET: client-secret # # Use Radius authorization # 使用Radius來認證 # AUTH_RADIUS: false # RADIUS_SERVER: localhost # RADIUS_PORT: 1812 # RADIUS_SECRET: # OTP settings # OTP/MFA 配置 # OTP_VALID_WINDOW: 0 # OTP_ISSUER_NAME: Jumpserver
2.8運行jumpserver
cd /opt/jumpserver/ ./jms start all -d
不報錯則表明運行成功
-d參數表明後臺運行
三.安裝SSH Server和WebSocket Server:Coco
3.1下載或clone項目
cd /opt/ source /opt/py3/bin/activate git clone https://github.com/jumpserver/coco.git
3.2安裝依賴
$ cd /opt/coco/requirements $ yum -y install $(cat rpm_requirements.txt) $ pip install -r requirements.txt # 若是下載速度很慢, 能夠換國內源 $ pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
3.3修改配置文件並運行
$ cd /opt/coco $ cp config_example.yml config.yml $ sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml $ sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml $ vi config.yml
# 項目名稱, 會用來向Jumpserver註冊, 識別而已, 不能重複
# NAME: {{ Hostname }}
# Jumpserver項目的url, api請求註冊會使用
CORE_HOST: http://127.0.0.1:8080
# Bootstrap Token, 預共享祕鑰, 用來註冊coco使用的service account和terminal
# 請和jumpserver 配置文件中保持一致,註冊完成後能夠刪除
BOOTSTRAP_TOKEN:
# 啓動時綁定的ip, 默認 0.0.0.0
# BIND_HOST: 0.0.0.0
# 監聽的SSH端口號, 默認2222
# SSHD_PORT: 2222
# 監聽的HTTP/WS端口號,默認5000
# HTTPD_PORT: 5000
# 項目使用的ACCESS KEY, 默認會註冊,並保存到 ACCESS_KEY_STORE中,
# 若是有需求, 能夠寫到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY: null
# ACCESS KEY 保存的地址, 默認註冊後會保存到該文件中
# ACCESS_KEY_FILE: data/keys/.access_key
# 加密密鑰
# SECRET_KEY: null
# 設置日誌級別 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: ERROR
# 日誌存放的目錄
# LOG_DIR: logs
# SSH白名單
# ALLOW_SSH_USER: all
# SSH黑名單, 若是用戶同時在白名單和黑名單,黑名單優先生效
# BLOCK_SSH_USER:
# -
# 和Jumpserver 保持心跳時間間隔
# HEARTBEAT_INTERVAL: 5
# Admin的名字,出問題會提示給用戶
# ADMINS: ''
# SSH鏈接超時時間 (default 15 seconds)
# SSH_TIMEOUT: 15
# 語言 [en,zh]
# LANGUAGE_CODE: zh
# SFTP的根目錄, 可選 /tmp, Home其餘自定義目錄
# SFTP_ROOT: /tmp
# SFTP是否顯示隱藏文件
# SFTP_SHOW_HIDDEN_FILE: false
運行
./cocod start -d
四。安裝Web Terminnal前端:Luna
Luna已改成純前端,須要Nginx來運行訪問
4.1解壓Luna
cd /opt/ wget https://github.com/jumpserver/luna/releases/download/1.4.9/luna.tar.gz tar -xf luna.tar.gz chown -R root:root luna
五.安裝windows支持組件
沒有windows資產不須要安裝
六。配置Nginx整合組件
6.1安裝Nginx
$ yum install yum-utils $ vi /etc/yum.repos.d/nginx.repo [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key $ yum makecache fast $ yum install -y nginx $ rm -rf /etc/nginx/conf.d/default.conf $ systemctl enable nginx
6.2準備配置文件 修改 /etc/nginx/conf.d/jumpserver.conf
server {
listen 80; # 代理端口, 之後將經過此端口進行訪問, 再也不經過8080端口
# server_name demo.jumpserver.org; # 修改爲你的域名或者註釋掉
client_max_body_size 100m; # 錄像及文件上傳大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 若是修改安裝目錄, 此處須要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄像位置, 若是修改安裝目錄, 此處須要修改
}
location /static/ {
root /opt/jumpserver/data/; # 靜態資源, 若是修改安裝目錄, 此處須要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 若是coco安裝在別的服務器, 請填寫它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # 若是coco安裝在別的服務器, 請填寫它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 若是guacamole安裝在別的服務器, 請填寫它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 若是jumpserver安裝在別的服務器, 請填寫它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
6.3運行
nginx -t systemctl start nginx systemctl enable nginx
6.4開始使用Jumpserver
使用IP訪問,不要經過8080端口訪問
默認帳號:admin 默認密碼:admin
測試鏈接
若是登陸客戶端是 macOS 或 Linux, 登陸語法以下 $ ssh -p2222 admin@172.16.90.248 $ sftp -P2222 admin@172.16.90.248 密碼: admin 若是登陸客戶端是 Windows, Xshell Terminal 登陸語法以下 $ ssh admin@172.16.90.248 2222 $ sftp admin@172.16.90.248 2222 密碼: admin 若是能登錄表明部署成功
Jumpserver部署成功
相關文章
- 1. jumpserver-1.4.8安裝步驟
- 2. memcached在centos安裝步驟
- 3. centos 安裝 jumpserver
- 4. 一步一步安裝Jumpserver (CentOS)
- 5. CentOS安裝步驟
- 6. 安裝CentOS步驟
- 7. centos 7 安裝jumpserver
- 8. Docker在centos上的安裝步驟
- 9. GitLab在Centos下的安裝步驟
- 10. MemcacheD、Repcached在centos上的安裝步驟
- 更多相關文章...
- • Docker 安裝 CentOS - Docker教程
- • CentOS Docker 安裝 - Docker教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策
歡迎關注本站公眾號,獲取更多信息
