JumpServer1.0 服务搭建
系统环境配置
setenforce 0
systemctl stop iptables.service
systemctl stop firewalld.service
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n
安装python3
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure --prefix=/usr/local/python3
make
make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
yum -y install epel-release wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel
mariadb-devel mariadb-server supervisor libffi-devel openssh-clients
systemctl restart redis
systemctl restart mariadb
systemctl enable redis
systemctl enable mariadb
cd /opt/
python3 -m venv py3
source /opt/py3/bin/activate
Jumpserver配置
wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -O jumpserver.zip
unzip jumpserver.zip && rm -f jumpserver.zip && mv jumpserver* jumpserver
source /opt/py3/bin/activate && pip install --upgrade pip && pip install -i https://pypi.douban.com/simple/ -r /opt/jumpserver/requirements/requirements.txt
cd /opt/jumpserver
cp config_example.py config.py
# 修改数据库配置
vim config.py
mysql -uroot -pMYSQL@2018 -e "create database jumpserver character set utf8"
# 生成数据库表结构和初始化数据
python apps/manage.py makemigrations
python apps/manage.py migrate
# 运行Jumpserver
python run_server.py all
安装SSH Server和WebSocket Server: Coco
cd /opt/
wget https://github.com/jumpserver/coco/archive/1.0.0.zip -O coco.zip
unzip coco.zip && rm -f coco.zip && mv coco* coco
source /opt/py3/bin/activate && pip install --upgrade pip && pip install -i https://pypi.douban.com/simple/ -r /opt/coco/requirements/requirements.txt
# 查看配置文件并运行
cd /opt/coco
cp conf_example.py conf.py
python run_server.py
#Jumpserver管理后台-会话管理-终端管理,接受 Coco 的注册
cd /opt/
wget https://github.com/jumpserver/luna/archive/v1.0.0.zip -O luna.zip
unzip luna.zip && rm -f luna.zip && mv luna* luna
安装docker
#curl -fsSL https://get.docker.com/ | sh
yum install -y -q docker-ce
systemctl start docker
systemctl enable docker
# 安装guacamole
host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"`
# 将Host_IP换为本机IP后执行
docker run --name jms_guacamole -d
--restart always
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key
-e JUMPSERVER_KEY_DIR=/config/guacamole/key
-e JUMPSERVER_SERVER=http://$host_ip:8080
registry.jumpserver.org/public/guacamole:1.0.0
nginx环境配置
cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
}
}
EOF
其他说明
nginx配置后,通过ip打开jumpserver显示默认的nginx提示页,注释/etc/nginx/nginx.conf的默认80配置项即可