Ubuntu 20.04源码安装jumpserver

转载

a371933136 2022-07-10 00:28:06 博主文章分类：jumpserver

文章标签 ubuntu linux jumpserver redis bootstrap 文章分类 虚拟化云计算

Ubuntu 20.04安装jumpserver

环境要求

Ubuntu 20.04源码安装jumpserver_redis

软件源配置

cp /etc/apt/sources.list /etc/apt/sources.list.bak
vi  /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

设置时区

root@kms:~# timedatectl set-timezone Asia/Shanghai

安装环境python3、mariadb等

# 依赖包、mariadb安装
apt -y install mariadb-server
apt-get install -y pkg-config libxmlsec1-dev libpq-dev libffi-dev libxml2 libxslt-dev libldap2-dev libsasl2-dev sshpass mariadb-client bash-completion g++ make sshpass
apt-get install -y libmariadb-dev
# 安装 lrzsz 用于上传、下载文件
apt install -y lrzsz

# 安装 python3
apt-get install -y python3.8 python3.8-dev python3-venv

# 通过命令行中判断是否安装完成
root@jumpserver:~# python3
Python 3.8.10 (default, Mar 15 2022, 12:22:08) 
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

安装Redis 6.2.7

cd /opt
# 上传redis-6.2.7.tar.gz  
tar -zxvf  redis-6.2.7.tar.gz
mv redis-6.2.7 redis/
cd redis/
# apt -y install gcc 已安装可跳过
# apt install make -y 已安装可跳过
make
# apt -y install pkg-config 已安装可跳过

# tcl 安装（make test）
cd /opt
# 上传tcl8.6.12-src.tar.gz 可以在http://www.tcl.tk/software/tcltk/download.html下载
tar -zxvf  tcl8.6.12-src.tar.gz
cd tcl8.6.12/unix/
./configure
make
make install

cd /opt/redis/src/
make test
make install

cd /opt/redis/
cp redis.conf redis.conf.bak
vim redis.conf
# 把 daemonize no 改成 daemonize yes
# 配置日志路径 logfile "/var/log/redis/redis-server.log"
# 配置工作目录 dir /var/lib/redis
# 配置Append Only追加写入方式 appendonly yes

mkdir  /var/log/redis 
touch /var/log/redis/redis-server.log
mkdir /var/lib/redis

mkdir /etc/redis
cp /opt/redis/redis.conf /etc/redis/6379.conf
cp /opt/redis/utils/redis_init_script /etc/init.d/redisd

# 查看路径是否正确
vi /etc/init.d/redisd

# 启动redis
cd /etc/init.d/
chmod +x /etc/init.d/redisd
update-rc.d redisd defaults
systemctl status redisd
systemctl start redisd

Core安装

cd /opt
mkdir /opt/jumpserver-v2.23.2
wget -O /opt/jumpserver-v2.23.2.tar.gz https://github.com/jumpserver/jumpserver/archive/refs/tags/v2.23.2.tar.gz
tar -xf jumpserver-v2.23.2.tar.gz -C /opt/jumpserver-v2.23.2 --strip-components 1
cd jumpserver-v2.23.2
rm -f apps/common/utils/ip/geoip/GeoLite2-City.mmdb apps/common/utils/ip/ipip/ipipfree.ipdb
wget https://download.jumpserver.org/files/ip/GeoLite2-City.mmdb -O apps/common/utils/ip/geoip/GeoLite2-City.mmdb
wget https://download.jumpserver.org/files/ip/ipipfree.ipdb -O apps/common/utils/ip/ipip/ipipfree.ipdb

# -------------------------------------------------------------
# PIP源修改
mkdir ~/.pip
vim ~/.pip/pip.conf

[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host=mirrors.aliyun.com
-------------------------------------------------------------

# 为 JumpServer 项目单独创建 python3 虚拟环境
python3 -m venv /opt/py3
source /opt/py3/bin/activate

# 每次运行项目都需要先执行 source /opt/py3/bin/activate 载入此环境。
pip install -U pip setuptools wheel
pip install -r requirements/requirements.txt

cp config_example.yml config.yml

# 创建数据库、用户、密码
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` # 生成随机数据库密码
echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"

# 修改配置文件
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # 生成随机SECRET_KEY
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # 生成随机BOOTSTRAP_TOKEN
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver-v2.23.2/config.yml 
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver-v2.23.2/config.yml 
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver-v2.23.2/config.yml 
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver-v2.23.2/config.yml 
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver-v2.23.2/config.yml 
sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver-v2.23.2/config.yml 
echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

vi config.yml # 确认内容有没有错误

# 处理国际化
apt -y install gettext
rm -f apps/locale/zh/LC_MESSAGES/django.mo
python apps/manage.py compilemessages

# 后台运行
./jms start -d

Lina

# npm源设置
npm config get registry
npm config set registry http://r.cnpmjs.org/ #推荐
# npm config set registry https://registry.npm.taobao.org  使用这个后面发现版本有报错

cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.23.2/lina-v2.23.2.tar.gz
tar -xf lina-v2.23.2.tar.gz

Luna

cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.23.2/luna-v2.23.2.tar.gz
tar -xf luna-v2.23.2.tar.gz

KoKo

cd /opt
wget https://download.jumpserver.org/public/kubectl-linux-amd64.tar.gz -O kubectl.tar.gz
tar -xzf kubectl.tar.gz
chmod +x kubectl
mv kubectl /usr/local/bin/rawkubectl
wget https://github.com/jumpserver/koko/releases/download/v2.23.2/koko-v2.23.2-linux-amd64.tar.gz
tar -xf koko-v2.23.2-linux-amd64.tar.gz -C /opt
cd koko-v2.23.2-linux-amd64
mv kubectl /usr/local/bin/kubectl

# 修改配置文件
cp config_example.yml config.yml
sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/koko-v2.23.2-linux-amd64/config.yml 
sed -i "s/# BIND_HOST: 0.0.0.0/BIND_HOST: 0.0.0.0/g" /opt/koko-v2.23.2-linux-amd64/config.yml 
sed -i "s/# SSHD_PORT: 2222/SSHD_PORT: 2222/g" /opt/koko-v2.23.2-linux-amd64/config.yml 
sed -i "s/# HTTPD_PORT: 5000/HTTPD_PORT: 5000/g" /opt/koko-v2.23.2-linux-amd64/config.yml 
sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/koko-v2.23.2-linux-amd64/config.yml 

vi config.yml #确定配置是否正确

# 后台运行koko
./koko -d

Lion

mkdir /opt/guacamole-v2.23.2
cd /opt/guacamole-v2.23.2
wget http://download.jumpserver.org/public/guacamole-server-1.3.0.tar.gz
tar -xzf guacamole-server-1.3.0.tar.gz
cd guacamole-server-1.3.0/

# 依赖包安装
apt-get install -y libcairo2-dev libjpeg-turbo8-dev libpng-dev libtool-bin libossp-uuid-dev
apt-get install -y libavcodec-dev libavformat-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev

# 构建 Guacd
./configure --with-init-dir=/etc/init.d
make
make install
ldconfig

cd /opt
wget https://github.com/jumpserver/lion-release/releases/download/v2.23.2/lion-v2.23.2-linux-amd64.tar.gz
tar -xf lion-v2.23.2-linux-amd64.tar.gz
cd lion-v2.23.2-linux-amd64

cp config_example.yml config.yml
vi config.yml

# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
# NAME: 

# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://127.0.0.1:8080   # Core 的地址

# Bootstrap Token, 预共享秘钥, 用来注册使用的service account和terminal
# 请和jumpserver 配置文件中保持一致，注册完成后可以删除
BOOTSTRAP_TOKEN: ********  # 和 Core config.yml 的值保持一致

# 启动时绑定的ip, 默认 0.0.0.0
BIND_HOST: 0.0.0.0

# 监听的HTTP/WS端口号，默认8081
HTTPD_PORT: 8081

# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: DEBUG           # 开发建议设置 DEBUG, 生产环境推荐使用 ERROR

# Guacamole Server ip，默认127.0.0.1
# GUA_HOST: 127.0.0.1

# Guacamole Server 端口号，默认4822
# GUA_PORT: 4822

# 会话共享使用的类型 [local, redis], 默认local
# SHARE_ROOM_TYPE: local

# Redis配置
# REDIS_HOST: 127.0.0.1
# REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_DB_ROOM:

# 启动 Guacd
/etc/init.d/guacd start

# 启动 Lion
./lion

Magnus

cd /opt
wget https://github.com/jumpserver/magnus-release/releases/download/v2.23.2/magnus-v2.23.2-linux-amd64.tar.gz
tar -xf magnus-v2.23.2-linux-amd64.tar.gz
cd magnus-v2.23.2-linux-amd64

wget https://github.com/jumpserver/wisp/releases/download/v0.0.7/wisp-v0.0.7-linux-amd64.tar.gz
tar -xf wisp-v0.0.7-linux-amd64.tar.gz
mv wisp-v0.0.7-linux-amd64/wisp /usr/local/bin/
chown root:root /usr/local/bin/wisp /opt/magnus-v2.23.2-linux-amd64/magnus
chmod 755 /usr/local/bin/wisp /opt/magnus-v2.23.2-linux-amd64/magnus

vi config.yml

# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://127.0.0.1:8080   # Core 的地址

# Bootstrap Token, 预共享秘钥, 用来注册使用的service account和terminal
# 请和jumpserver 配置文件中保持一致，注册完成后可以删除
BOOTSTRAP_TOKEN: ********  # 和 Core config.yml 的值保持一致

# 服务 bind 地址
BIND_HOST: "0.0.0.0"

# 数据库代理暴露的端口
MYSQL_PORT: 33060
MARIA_DB_PORT: 33061
POSTGRESQL_PORT: 54320

# 日志级别
LOG_LEVEL: "info"

# jumpserver api grpc 组件地址
WISP_HOST: "localhost"
WISP_PORT: 9090

# 启动 Wisp
export CORE_HOST="http://127.0.0.1:8080"   # Core 的地址
export WORK_DIR="/opt/magnus-v2.23.2-linux-amd64"
export COMPONENT_NAME="magnus"
export EXECUTE_PROGRAM="/opt/magnus-v2.23.2-linux-amd64/magnus"
cd /usr/local/bin/wisp
./wisp

Nginx

# 安装Nginx
apt-get install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
echo "deb http://nginx.org/packages/ubuntu focal nginx" > /etc/apt/sources.list.d/nginx.list
curl -o /etc/apt/trusted.gpg.d/nginx_signing.asc https://nginx.org/keys/nginx_signing.key
apt-get update
apt-get install -y nginx
echo > /etc/nginx/conf.d/default.conf

# 创建配置文件
vi /etc/nginx/conf.d/jumpserver.conf

server {
  listen 80;
  # server_name _;

  client_max_body_size 5000m; #文件大小限制

  # Luna 配置
  location /luna/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:4200;
    # proxy_pass http://luna:4200;
  }

  # Core data 静态资源
  location /media/replay/ {
    add_header Content-Encoding gzip;
    root /opt/jumpserver-v2.23.2/data/;
  }

  location /media/ {
    root /opt/jumpserver-v2.23.2/data/;
  }

  location /static/ {
    root /opt/jumpserver-v2.23.2/data/;
  }

  # KoKo Lion 配置
  location /koko/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:5000;
    # proxy_pass       http://koko:5000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  # lion 配置
  location /lion/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:8081;
    # proxy_pass http://lion:8081;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_ignore_client_abort on;
    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 6000;
  }

  # Core 配置
  location /ws/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:8070;
    # proxy_pass http://core:8070;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location /api/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:8080;
    # proxy_pass http://core:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location /core/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:8080;
    # proxy_pass http://core:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  # 前端 Lina
  location /ui/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址， 如都在本机部署
    proxy_pass       http://127.0.0.1:9528;
    # proxy_pass http://lina:9528;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location / {
    rewrite ^/(.*)$ /ui/$1 last;
  }
}

# 检查配置文件
nginx -t

nginx -s reload
systemctl restart nginx

查看是否都正常

登录http://IP

Ubuntu 20.04源码安装jumpserver_jumpserver_02

Ubuntu 20.04源码安装jumpserver_redis_03

启动优化

vi jumpserver-start.sh
#!/bin/bash
# python
python3 -m venv /opt/py3
source /opt/py3/bin/activate
# jms
cd /opt/jumpserver-v2.23.2
./jms start -d
sleep 10s
# koko
cd /opt/koko-v2.23.2-linux-amd64/
./koko -d
sleep 10s
# lion
cd /opt/lion-v2.23.2-linux-amd64/
nohup ./lion >> lion-start.log 2>&1 &
sleep 10s
# wisp
cd /opt/magnus-v2.23.2-linux-amd64
nohup wisp >> wisp-start.log 2>&1 &


vi jumpserver-stop.sh
#!/bin/bash
# python
python3 -m venv /opt/py3
source /opt/py3/bin/activate
# koko
cd /opt/koko-v2.23.2-linux-amd64/
./koko -d -s stop
sleep 10s
# jms
cd /opt/jumpserver-v2.23.2
./jms stop -d

上一篇：组策略管理（入站规则-ICMP-IN）

下一篇：zabbix自定义监控项-统计AP在线、离线数量（AC:H3C WX5540H）

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯

Ubuntu 20.04源码安装jumpserver

Ubuntu 20.04源码安装jumpserver

Ubuntu 20.04安装jumpserver

环境要求

软件源配置

设置时区

安装环境python3、mariadb等

安装Redis 6.2.7

Core安装

Lina

Luna

KoKo

Lion

Magnus

Nginx

查看是否都正常

启动优化

51CTO博客