JumpServer1.0 服务搭建

JumpServer1.0 服务搭建

系统环境配置

setenforce 0
systemctl stop iptables.service
systemctl stop firewalld.service

localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n

安装python3

wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1
./configure --prefix=/usr/local/python3
make
make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3

yum -y install epel-release wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb  
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel 
mariadb-devel mariadb-server supervisor libffi-devel openssh-clients
systemctl restart redis
systemctl restart mariadb
systemctl enable redis
systemctl enable mariadb
cd /opt/
python3 -m venv py3
source /opt/py3/bin/activate

Jumpserver配置

wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -O jumpserver.zip
unzip jumpserver.zip && rm -f jumpserver.zip && mv jumpserver* jumpserver
source /opt/py3/bin/activate && pip install --upgrade pip && pip install -i https://pypi.douban.com/simple/ -r /opt/jumpserver/requirements/requirements.txt
cd /opt/jumpserver
cp config_example.py config.py
# 修改数据库配置
vim config.py 
mysql -uroot -pMYSQL@2018 -e "create database jumpserver character set utf8"
# 生成数据库表结构和初始化数据
python apps/manage.py makemigrations
python apps/manage.py migrate
# 运行Jumpserver
python run_server.py all 

安装SSH Server和WebSocket Server: Coco

cd /opt/
wget https://github.com/jumpserver/coco/archive/1.0.0.zip -O coco.zip
unzip coco.zip && rm -f coco.zip && mv coco* coco
source /opt/py3/bin/activate && pip install --upgrade pip && pip install -i https://pypi.douban.com/simple/ -r /opt/coco/requirements/requirements.txt
# 查看配置文件并运行
cd /opt/coco
cp conf_example.py conf.py
python run_server.py
#Jumpserver管理后台-会话管理-终端管理,接受 Coco 的注册

cd /opt/
wget https://github.com/jumpserver/luna/archive/v1.0.0.zip -O luna.zip
unzip luna.zip && rm -f luna.zip && mv luna* luna

安装docker

#curl -fsSL https://get.docker.com/ | sh
yum install -y -q docker-ce
systemctl start docker
systemctl enable docker

# 安装guacamole
host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"`

# 将Host_IP换为本机IP后执行
docker run --name jms_guacamole -d 
  --restart always 
  -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key 
  -e JUMPSERVER_KEY_DIR=/config/guacamole/key 
  -e JUMPSERVER_SERVER=http://$host_ip:8080 
  registry.jumpserver.org/public/guacamole:1.0.0

nginx环境配置

cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
    listen 80;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }

    location /static/ {
        root /opt/jumpserver/data/;
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
    }
}

EOF

其他说明

nginx配置后，通过ip打开jumpserver显示默认的nginx提示页，注释/etc/nginx/nginx.conf的默认80配置项即可