zoukankan      html  css  js  c++  java

  • jumpserver的搭建

    systemctl stop firewalld
    systemctl disable firewalld
    setenforce 0

    0.生成secret key Bootstrap
    if [ ! "$SECRET_KEY" ]; then
    SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
    echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
    echo $SECRET_KEY;
    else
    echo $SECRET_KEY;
    fi
    if [ ! "$BOOTSTRAP_TOKEN" ]; then
    BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
    echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
    echo $BOOTSTRAP_TOKEN;
    else
    echo $BOOTSTRAP_TOKEN;
    fi




    1.安装Python3.6 安装 MySQL 安装Redis
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    yum install python3 python3-devel mariadb mariadb-server redis -y


    2.启动mysql和redis
    systemctl enable mariadb redis
    systemctl start mariadb redis

    3.为mysql设定登录密码,创建jumpserver的库
    mysqladmin password oldxu.com

    mysql -uroot -poldxu.com -e "create database jumpserver default charset 'utf8' collate 'utf8_bin';"
    mysql -uroot -poldxu.com -e "grant all privileges on jumpserver.* to jumpserver@'%' identified by 'oldxu.com';"

    mysql -uroot -poldxu.com -e "show databases;"
    +--------------------+
    | Database |
    +--------------------+
    | information_schema |
    | jumpserver |
    | mysql |
    | performance_schema |
    | test |
    +--------------------+

    创建 Python 虚拟环境
    python3.6 -m venv /opt/py3

    载入 Python 虚拟环境
    source /opt/py3/bin/activate


    安装JumpServer
    cd /opt/
    rz
    tar xf jumpserver-v2.2.2.tar.gz
    mv jumpserver-v2.2.2 jumpserver


    安装jumpserver所依赖的rpm包
    cd /opt/jumpserver/requirements
    yum install -y $(cat rpm_requirements.txt)

    安装jumpserver所依赖的python包
    pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
    pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
    pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/


    修改jumpserver配置
    cd /opt/jumpserver &&
    cp config_example.yml config.yml &&
    vi config.yml
    SECRET_KEY: Tw7OZj3cJKiJhXdfMAiNdeVCIk7EljzJxIyM9vJGvIs1WzeEK3 #自己用自己的
    BOOTSTRAP_TOKEN: 3PIEqKa0IbI3ypRk #自己用自己的
    DEBUG: false
    LOG_LEVEL: ERROR
    SESSION_EXPIRE_AT_BROWSER_CLOSE: true
    DB_ENGINE: mysql
    DB_HOST: 127.0.0.1
    DB_PORT: 3306
    DB_USER: jumpserver
    DB_PASSWORD: oldxu.com
    DB_NAME: jumpserver
    HTTP_BIND_HOST: 0.0.0.0
    HTTP_LISTEN_PORT: 8080
    WS_LISTEN_PORT: 8070
    REDIS_HOST: 127.0.0.1
    REDIS_PORT: 6379
    WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True


    启动jumpserver
    cd /opt/jumpserver
    ./jms start -d

    部署koko组件 ( 以前叫coco )
    cd /opt
    tar xf koko-v2.2.2-linux-amd64.tar.gz
    mv koko-v2.2.2-linux-amd64 koko
    chown -R root:root koko
    cd /opt/koko
    cp config_example.yml config.yml
    CORE_HOST: http://127.0.0.1:8080
    BOOTSTRAP_TOKEN: 3PIEqKa0IbI3ypRk
    LOG_LEVEL: ERROR
    SSH_TIMEOUT: 60
    SHARE_ROOM_TYPE: redis
    REDIS_HOST: 127.0.0.1
    REDIS_PORT: 6379

    安装Nginx
    yum install nginx -y


    下载 Lina 组件
    cd /opt
    tar -xf lina-v2.2.2.tar.gz
    mv lina-v2.2.2 lina
    chown -R nginx:nginx lina

    下载 Luna 组件
    cd /opt
    tar -xf luna-v2.2.2.tar.gz
    mv luna-v2.2.2 luna
    chown -R nginx:nginx luna

    配置 Nginx 整合各组件
    echo > /etc/nginx/conf.d/default.conf
    vi /etc/nginx/conf.d/jumpserver.conf

    server {
    listen 80;
    server_name jumpserver.oldxu.com;

    client_max_body_size 100m; # 录像及文件上传大小限制

    location /ui/ {
    try_files $uri / /index.html;
    alias /opt/lina/;
    }

    location /luna/ {
    try_files $uri / /index.html;
    alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
    add_header Content-Encoding gzip;
    root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
    root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
    proxy_pass http://localhost:5000;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    access_log off;
    }

    location /guacamole/ {
    proxy_pass http://localhost:8081/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    access_log off;
    }

    location /ws/ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8070;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    }

    location /api/ {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /core/ {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
    rewrite ^/(.*)$ /ui/$1 last;
    }
    }

    nginx -t
    systemctl restart nginx
    systemctl enable nginx

    jumpserver 默认用户名 密码
    admin
    admin

    2020-09-14
  • 相关阅读:
    xiaopiu产品原型设计与团队实时协作平台
    asp.net webform过滤器(注意我们可以在拦截请求的同时设置回调函数)
    wdScrollTab
    pageoffice实现网页打开编辑保存word文档(基于SSM框架)
    ESB企业服务总线
    JRebel for IntelliJ
    dtcms 手机浏览
    maven仓库添加jar架包
    shell脚本实现FTP自动上传文件
    mysql创建数据库指定字符集
  • 原文地址:https://www.cnblogs.com/lailaoban/p/13668643.html
Copyright © 2011-2022 走看看