JumpServer 是广受欢迎的开源堡垒机,可以满足等保双认证、管理员操作日志记录等需求,并提高系统运维安全性。简单易上手功能强大。
注:系统为最小化安装,版本是CentOS7.6,分区为默认。
一、安装组件
[root@JumpServer home]# yum install wget bzip2 -y //安装wget和bzip2
[root@JumpServer home]# wget https://github.com/jumpserver/installer/releases/download/v2.17.1/jumpserver-installer-v2.17.1.tar.gz //下载安装包
[root@JumpServer home]# tar xvf jumpserver-installer-v2.17.1.tar.gz //解压安装包
[root@JumpServer home]# cd jumpserver-installer-v2.17.1
compose config-example.txt config_init jmsctl.sh locale quick_start.sh README.md scripts static.env utils
二、配置安装模板
启动https访问需将USE_LB值改为1,其他默认即可。
[root@JumpServer home]# vi config-example.txt
# 以下设置如果为空系统会自动生成随机字符串填入
## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
## 安装配置, amd64 默认使用华为云加速下载, arm64 请注释掉 DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
# DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/var/lib/docker
SECRET_KEY=
BOOTSTRAP_TOKEN=
LOG_LEVEL=ERROR
## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
USE_EXTERNAL_MYSQL=0
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=
DB_NAME=jumpserver
## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
USE_EXTERNAL_REDIS=0
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=192.168.250.0/24
## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
USE_IPV6=0
DOCKER_SUBNET_IPV6=2001:db8:10::/64
## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
HTTP_PORT=80
SSH_PORT=2222
RDP_PORT=3389
USE_LB=1
HTTPS_PORT=443
## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
USE_TASK=1
## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
USE_XPACK=0
# Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true
# Koko Lion XRDP 组件配置
CORE_HOST=http://core:8080
# 额外的配置
CURRENT_VERSION=
三、运行安装脚本
因系统安装时选择的默认分区,home目录空间较大,所以安装docker时选择docker镜像存放到/home/data/docker目录下。其余配置均默认保持不变。
注:32行docker配置时选择手动制定镜像位置,38行输入开始创建的镜像目/home/data/docker
[root@JumpServer jumpserver-installer-v2.17.1]# mkdir /home/data/docker -p //创建docker镜像目录
[root@JumpServer jumpserver-installer-v2.17.1]# ./jmsctl.sh install
██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
Version: v2.17.1
1. Check Configuration File
Path to Configuration file: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
complete
2. Backup Configuration File
Back up to /opt/jumpserver/config/backup/config.txt.2021-12-30_04-47-11
complete
>>> Install and Configure Docker
1. Install Docker
Starting to download Docker engine ...
Starting to download Docker Compose binary ...
complete
2. Configure Docker
Do you need custom docker root dir, will use the default directory /var/lib/docker? (y/n) (default n): y
Modify the default storage directory of Docker image, you can select your largest disk and create a directory in it, such as /opt/docker
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 1014M 166M 849M 17% /boot
Docker image storage directory (default /var/lib/docker): /home/data/docker/
complete
3. Start Docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
complete
>>> Loading Docker Image
[jumpserver/redis:6-alpine]
6-alpine: Pulling from jumpserver/redis
......
......
......
complete
>>> Install and Configure JumpServer
1. Configure Network
Do you want to support IPv6? (y/n) (default n):
complete
2. Configure Private Key
SECRETE_KEY: ZTBhMDkzMTMtMTlhMi00ODljLTlmMmUtNzQ1NDlhYTYyMTZi
BOOTSTRAP_TOKEN: ZTBhMDkzMTMtMTlhMi00ODlj
complete
3. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /opt/jumpserver? (y/n) (default n):
complete
4. Configure MySQL
Do you want to use external MySQL? (y/n) (default n):
complete
5. Configure Redis
Do you want to use external Redis? (y/n) (default n):
complete
6. Configure External Port
Do you need to customize the JumpServer external port? (y/n) (default n):
complete
7. Init JumpServer Database
Creating network "jms_net" with driver "bridge"
Creating jms_mysql ...
Creating jms_redis ...
Creating jms_core ...
2021-12-30 17:53:41 Collect static files
2021-12-30 17:53:42 Collect static files done
2021-12-30 17:53:42 Check database structure change ...
2021-12-30 17:53:42 Migrate model change to database ...
Operations to perform:
Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
......
......
......
Applying users.0038_auto_20211209_1140... OK
complete
>>> The Installation is Complete
1. You can use the following command to start, and then visit
cd /home/jumpserver-installer-v2.17.1
./jmsctl.sh start
2. Other management commands
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
For more commands, you can enter ./jmsctl.sh --help to understand
3. Web access
https://172.27.30.85:80
Default username: admin Default password: admin
4. SSH/SFTP access
ssh -p2222 admin@172.27.30.85
sftp -P2222 admin@172.27.30.85
5. More information
Official Website: https://www.jumpserver.org/
Documentation: https://docs.jumpserver.org/
[root@JumpServer jumpserver-installer-v2.17.1]# ./jmsctl.sh start //启动jumpserver服务
jms_mysql is up-to-date
jms_redis is up-to-date
Creating jms_core ...
Creating jms_lion ...
Creating jms_koko ...
Creating jms_web ...
Creating jms_celery ...
四、初始化
#初始化配置文件 /opt/jumpserver/config/config.txt
[root@JumpServer jumpuser]# cd /opt/jumpserver/config/
[root@JumpServer config]# ls
backup config.txt core koko mariadb mysql nginx redis
[root@JumpServer config]# cat config.txt
# 以下设置如果为空系统会自动生成随机字符串填入
## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
## 安装配置, 可以使用华为云加速下载, arm64 用户需要注释掉 DOCKER_IMAGE_PREFIX
# DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/home/data/docker
SECRET_KEY=ZTBhMDkzMTMtMTlhMi00ODljLTlmMmUtNzQ1NDlhYTYyMTZi
BOOTSTRAP_TOKEN=ZTBhMDkzMTMtMTlhMi00ODlj
LOG_LEVEL=ERROR
## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息
USE_EXTERNAL_MYSQL=0
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=ZTBhMDkzMTMtMTlhMi00ODljLT
DB_NAME=jumpserver
## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置 Redis, 请输入正确的 Redis 信息
USE_EXTERNAL_REDIS=0
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=ZTBhMDkzMTMtMTlhMi00ODljLT
## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=192.168.250.0/24
## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
USE_IPV6=0
DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
HTTP_PORT=80
SSH_PORT=2222
RDP_PORT=3389
USE_LB=1
HTTPS_PORT=443
## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
USE_TASK=1
## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
USE_XPACK=0
## Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true
## Koko Lion XRDP 组件配置
CORE_HOST=http://core:8080
## Lion 开启字体平滑
JUMPSERVER_ENABLE_FONT_SMOOTHING=true
## Nginx 文件上传大小
CLIENT_MAX_BODY_SIZE=4096m
## 终端使用宿主 HOSTNAME 标识
SERVER_HOSTNAME=${HOSTNAME}
## 额外的配置
CURRENT_VERSION=v2.17.1
[root@JumpServer config]#
五、日常维护
#cd /opt/jumpserver-installer-v2.17.1
# 启动
./jmsctl.sh start
# 停止
./jmsctl.sh down
# 卸载
./jmsctl.sh uninstall
# 帮助
./jmsctl.sh -h