架构图
#环境
RedHat 8.6
外部MySQL 8.0.28
系统版本2.28.8
#安装MySQL数据库
#配置数据库
mysql> create database jumpserver default charset 'utf8';
mysql> show create database jumpserver;
mysql> CREATE USER 'jumpserver'@'IP地址' IDENTIFIED BY '密码';
mysql> grant all privileges on jumpserver.* to 'jumpserver'@'访问IP地址';
mysql> FLUSH PRIVILEGES;
#下载安装包
cd /opt
wget https://github.com/jumpserver/installer/releases/download/v2.28.6/jumpserver-installer-v2.28.6.tar.gz
tar -xf jumpserver-installer-v2.28.6.tar.gz
cd jumpserver-installer-v2.28.6
#创建软连接
ln -s /opt/jumpserver-installer-v2.28.6 /opt/jumpserver
/opt/jumpserver
cp config-example.txt config-example.txt.bak
#创建证书
mkdir -p /opt/jumpserver/config/nginx/cert
cd /opt/jumpserver/config/nginx/cert
# ll
total 12
-r--r--r-- 1 root root 1675 Jan 17 15:15 xx.key
-r--r--r-- 1 root root 5615 Jan 17 15:15 xx.pem
#修改配置
cp config_example.yml config.yml
vi config.yml
DB_HOST=127.0.0.1 #数据库IP地址
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=密码
DB_NAME=jumpserver
#配置SSL证书
HTTPS_PORT=443
SERVER_NAME=jump.xx.com
SSL_CERTIFICATE=xx.pem
SSL_CERTIFICATE_KEY=xx.key
#运行安装脚本
/opt/jumpserver/jmsctl.sh install
Do you need custom persistent store, will use the default directory /data/jumpserver? (y/n) (default n): y
Persistent storage directory (default /data/jumpserver):
Do you want to use external MySQL? (y/n) (default y):
Do you want to use external Redis? (y/n) (default n):
Do you need to customize the JumpServer external port? (y/n) (default n):
#配置AD认证配置
系统设置--认证设置
用户属性认证
{
"username": "sAMAccountName",
"name": "name",
"email": "mail"
}
测试链接,登录测试,同步设置,提交(不要用导入账号)
域账号登录--登录后推出--管理账号配置所在组(控制台--用户管理--用户列表--选择用户--更新--配置所在角色和组)
排错:日志位置
/data/jumpserver/core/logs/jumpserver.log
创建访问资源步骤
用户管理--用户组创建
资产管理--网络列表--系统用户--标签管理--资产列表--添加服务器