碼上歡樂
相關內容    簡體    繁體

jumpserver安裝配置

本文轉載自   查看原文   2020-09-21 17:24   666    jumpserver安裝配置

1.環境配置

[root@xmj ~]# getenforce
Permissive

[root@xmj ~]# systemctl stop firewalld       關閉防火牆

修改字符集,否則可能報in put/out put error的問題,因為日志里打印了中文

[root@localhost ~]#  localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

[root@localhost ~]#  export  LC_ALL=zh_CN.UTF-8

[root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

修改完字符集后,安裝一些必須要的環境:

[root@localhost ~]# yum install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git -y

 [root@xmj ~]#  wget https://www.python.org/ftp/python/3.6.1/python-3.6.1.tar.xz

 [root@xmj ~]#   tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1

這里必須執行編譯安裝,否則會在安裝python依賴庫時會有麻煩

[root@xmj Python-3.6.1]# cd /opt

[root@xmj opt]# python3 -m venv py3

[root@xmj opt]# source  /opt/py3/bin/activate

(py3) [root@xmj opt]# git clone git://github.com/kennethreitz/autoenv.git

 (py3) [root@xmj opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc 

(py3) [root@xmj ~]# source ./.bashrc

2.下載jumpserver安裝包

(py3) [root@xmj opt]# git clone https://github.com/jumpserver/jumpserver.git

(py3) [root@xmj opt]#  cd jumpserver

(py3) [root@xmj jumpserver]# git checkout master

 3.安裝所需要的 python modules

(py3) [root@xmj jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env

(py3) [root@xmj jumpserver]# cd requirements/

 選擇y

(py3) [root@xmj requirements]# yum install $(cat rpm_requirements.txt) -y

(py3) [root@xmj requirements]# pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/

 (py3) [root@xmj requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

 4.安裝redis

(py3) [root@xmj requirements]# yum install redis -y             安裝

(py3) [root@xmj requirements]# systemctl enable redis     設為開機自啟

(py3) [root@xmj requirements]# systemctl start redis 

5.安裝mysql服務

(py3) [root@xmj requirements]# yum -y install mariadb mariadb-devel mariadb-server

 (py3) [root@xmj requirements]# systemctl enable mariadb

(py3) [root@xmj requirements]# systemctl start mariadb

進入mariadb數據庫

MariaDB [(none)]> create database jumpserver default charset 'utf8';                創建名為jumpserver 的數據庫,默認使用utf8字符集

MariaDB [(none)]> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd';           給數據庫授權

MariaDB [(none)]> flush privileges;               刷新下數據庫

 6.配置jumpserver

(py3) [root@xmj requirements]# pwd      確認下路徑
/opt/jumpserver/requirements

(py3) [root@xmj requirements]# cd ..  返回到上一級目錄

(py3) [root@xmj jumpserver]# cp config_example.yml config.yml  復制一下配置文件

(py3) [root@xmj jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`   隨機生成一個包含大a到大z,小a到小z的 0-9 的50位數

確認是否生成

(py3) [root@xmj jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc             寫入到bash.rc里面

(py3) [root@xmj jumpserver]# cd        切換到家目錄看看,確認內容是否追加

(py3) [root@xmj ~]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 16`

(py3) [root@xmj ~]# echo $BOOTSTRAP_TOKEN
48hmOImYsCWRqqn0

(py3) [root@xmj ~]# echo "BOOTSTRAP_TOKEN= $BOOTSTRAP_TOKEN" >> ~/.bashrc

(py3) [root@xmj ~]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
你的SECRET_KEY是 24AybD8hm1XtVMC1F1TnQTAY6088q8UmeETKvL6mumvt5FItuC

(py3) [root@xmj ~]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

你的BOOTSTRAP_TOKEN是 48hmOImYsCWRqqn0

(py3) [root@xmj ~]# cd /opt/jumpserver/

(py3) [root@xmj jumpserver]# vim config.yml   修改如下內容

DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserveradmin
DB_PASSWORD: jumpserverpwd
DB_NAME: jumpserver

 7.啟動/關閉jumpserver

(py3) [root@xmj jumpserver]# pwd
/opt/jumpserver

(py3) [root@xmj jumpserver]# ./jms start        啟動

(py3) [root@xmj jumpserver]# ./jms stop       停止
Stop service
gunicorn is stopped
celery_ansible is stopped
celery_default is stopped
beat is stopped

(py3) [root@xmj jumpserver]# ./jms start  -d  放在后台啟動

(四)、安裝 docker 部署coco與guacamole
1、安裝Docker
yum install -y yum-utils device-mapper-persistent-data lvm2

# 安裝相關依賴

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 配置Docker源

yum makecache fast

# 重新生成緩存

rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

yum -y install docker-ce

# 安裝Docker-ce

mkdir -p /etc/docker

wget -O /etc/docker/daemon.json http://demo.jumpserver.org/download/docker/daemon.json

# 下載相關文件

systemctl restart docker && systemctl enable docker

# 啟動docker並設置開機自啟

8.部署koko

(py3) [root@xmj ~]# Server_IP=192.168.6.189

(py3) [root@xmj ~]# BOOTSTRAP_TOKEN=48hmOImYsCWRqqn0

(py3) [root@xmj ~]# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP-TOKEN jumpserver/jms_koko:1.5.5

 

(py3) [root@xmj ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jumpserver/jms_koko 1.5.5 17cf3f220213 9 months ago 41.4MB

手工部署koko(coco目前已經被koko取代)

9.部署guacamole

 (py3) [root@xmj ~]# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP-TOKEN jumpserver/jms_guacamole:1.5.5

[root@xmj opt]# cd /opt

 [root@xmj opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz

[root@xmj opt]# tar xvf luna.tar.gz

[root@xmj opt]# chown -R root:root luna    

11.配置nginx下載nginx的源碼包

[root@xmj ~]# tar xvf nginx-1.14.2.tar.gz    解壓

[root@xmj ~]# cd nginx-1.14.2/

[root@xmj nginx-1.14.2]#./configure --prefix=/usr/local/nginx

[root@xmj nginx-1.14.2]# make && make install

[root@xmj nginx-1.14.2]# cd /usr/local/nginx/conf/

[root@xmj conf]# mkdir conf.d

[root@xmj conf]# cd conf.d/

[root@xmj conf.d]# vim jumpserver.conf

server { listen 80; client_max_body_size 100m; # 錄像及文件上傳大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝目錄, 此處需要修改 } location /static/ { root /opt/jumpserver/data/; # 靜態資源, 如果修改安裝目錄, 此處需要修改 } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

[root@xmj conf.d]# /usr/local/nginx/sbin/nginx -t              檢測下nginx配置文件
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@xmj conf.d]# pwd
/usr/local/nginx/conf/conf.d
[root@xmj conf.d]# cd ..

[root@xmj conf]# cp nginx.conf nginx.conf.bak

[root@xmj conf]#  grep -Pv "^($| *#)" nginx.conf  去掉注釋行

[root@xmj conf]# vim nginx.conf     以下內容是過濾好的,可直接清空nginx.conf后在粘貼進去

worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /usr/local/nginx/conf/conf.d/*.conf;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}

[root@xmj conf]# /usr/local/nginx/sbin/nginx -t             再次檢查
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@xmj bin]# /usr/local/nginx/sbin/nginx  啟動nginx

訪問ip

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Jumpserver堡壘機安裝配置全過程 jumpserver安裝與配置 jumpserver堡壘機安裝與配置 jumpserver的安裝 jumpserver的安裝 Hadoop安裝配置 inotify安裝配置 如何安裝配置ulipad Jetty安裝配置 Apollo安裝配置
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM