这片文章讲解了如何安装jump server ,简单的来说,你照着官方文档,基本就可以搭建出来了,非常的简单。
官方文档
http://docs.jumpserver.org/zh/
基础服务
mysql 5.6 mariadb 版本大于等于 5.5.6
redis
nginx
1 机器配置
1.1 关闭防火墙
#停止firewall
systemctl stop firewalld.service
#关闭开机启动
systemctl disable firewalld.service
1.2 设定字符
# 修改字符集, 否则可能报 input/output error的问题, 因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
1.3 关闭setenforce
setenforce 0
sed -i "s/enforcing/disabled/g" /etc/selinux/config
1.4 安装基础软件
#添加阿里云得镜像
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#安装基础服务
yum -y install wget gcc epel-release git
yum -y install python36 python36-devel
1.4 设定python虚拟环境
以后运行 Jumpserver 都要先运行以上 source 命令, 以下所有命令均在该虚拟环境中运行
cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
2 安装jumpserver
2.1 下载git代码
# 下载代码
git clone https://github.com/jumpserver/jumpserver.git
# 安装 rpm依赖
yum -y install $(cat jumpserver/requirements/rpm_requirements.txt )
安装依赖
2.2 安装python依赖
#升级pip
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
#安装python得依赖包文件
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
2.3 创建jumpserver库
# 创建jumpserver 数据库,并授权
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jumpserver';
flush privileges;
2.4 配置config.yml 的文件
#拷贝配置文件
cd /opt/jumpserver
cp config_example.yml config.yml
# 生成随机SECRET_KEY
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
# 生成随机BOOTSTRAP_TOKEN
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
#配置密钥
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
#配置token信息
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
#关闭debug
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
#修改日志界别为error
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
#设定session在关闭浏览器的时候清空
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
#替换数据库的密码配置
sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
2.5 启动jumpserver
cd /opt/jumpserver
#启动服务
./jms start all -d
配置后启动服务,可以看到最后启动成功后,报出了启动了gunicon ,celery ,beat服务。
3 安装coco
3.1 下载项目
#使用python3
cd /opt
source /opt/py3/bin/activate
#下载项目
git clone https://github.com/jumpserver/coco.git
3.2 安装依赖
cd /opt/coco/requirements
yum -y install $(cat rpm_requirements.txt)
# 如果下载速度很慢, 可以换国内源
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
3.3 配置config.yml
coco里面,只是配置了token信息,以及日志的级别配置。
#拷贝配置文件
cd /opt/coco
cp config_example.yml config.yml
#修改token信息
sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml
#修改日志级别
sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml
#后台启动cocod
./cocod start -d
4 安装window 资产(非必须)
4 安装web
4.1 下载luna前端
#进入opt目录
cd /opt
#下载
wget https://github.com/jumpserver/luna/releases/download/1.4.8/luna.tar.gz
#解压并设定权限为root
tar xf luna.tar.gz
chown -R root:root luna
资源文件都存在于这个luna解压包里面了。
4.2 配置nginx
vi /etc/nginx/conf.d/vhost/jump.yellowcong.com.conf
server {
listen 80; # 代理端口, 以后将通过此端口进行访问, 不再通过8080端口
# server_name demo.jumpserver.org; # 修改成你的域名或者注释掉
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
实际上正式服务上额配置情况,没有安装guacamole 这个服务。
server {
listen 80; # 代理端口, 以后将通过此端口进行访问, 不再通过8080端口
# server_name demo.jumpserver.org; # 修改成你的域名或者注释掉
server_name jump.yellowcong.com; # 修改成你的域名或者注释掉
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
#location /guacamole/ {
# proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器, 请填写它的ip
# proxy_buffering off;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $http_connection;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# access_log off;
#}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
访问服务,可以发现正常访问到服务。
登陆后的界面
参考文章
https://github.com/jumpserver/jumpserverhttp://docs.jumpserver.org/zh/docs/step_by_step.html