部署jumpserver - 走看看

zoukankan html css js c++ java

部署jumpserver

参考：https://jumpserver.readthedocs.io/zh/master/setup_by_centos7.html

yum update -y

systemctl start firewalld
firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=2222/tcp
firewall-cmd --reload

setenforce 0
sed -i "s/SELINUX=enforing/SELINUX=diabled/g" /etc/selinux/config

yum -y install wget gcc epel-release git

yum -y install redis
systemctl start redis
systemctl enable redis

yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared
systemctl start mariadb
systemctl enable mariadb

#创建数据库jumpserver并生成密码
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
echo -e "33[31m 你的数据库密码是 $DB_PASSWORD 33[0m"
你的数据库密码是
mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"

vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx.repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

yum -y install nginx
systemctl start nginx

yum -y install python3 python36-devel

cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate //以后执行该命令都要通过该命令进入python3的虚拟环境中执行命令

cd /opt/
git clone --depth=1 https://github.com/jumpserver/jumpserver.git
yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
pip install --upgrade pip setuptools
pip install -r /opt/jumpserver/requirements/requirements.txt

#修改jumpserver配置文件
cd /opt/jumpserver
cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml

echo -e "33[31m 你的SECRET_KEY是 $SECRET_KEY 33[0m"
你的SECRET_KEY是
echo -e "33[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN 33[0m"
你的BOOTSTRAP_TOKEN是

#运行jumpserver
cd /opt/jumpserver
./jms start -d

wget -O /usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service
chmod 755 /usr/lib/systemd/system/jms.service
systemctl enable jms

#安装docker 部署koko与guacamole
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
yum -y install docker-ce
systemctl enable docker
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl restart docker

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.107/16" port protocol="tcp" port="8080" accept"
firewall-cmd --reload

Server_IP=`ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`

docker run --name jms_koko -d -p 2222:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_koko:1.5.4
docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_guacamole:1.5.4

cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.5.4/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
rm -rf /etc/nginx/conf.d/default.conf

vi /etc/nginx/conf.d/jumpserver.conf

server {
listen 80;

client_max_body_size 100m; # 录像及文件上传大小限制

location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}

location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}

location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}

location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /ws/ {
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
}

nginx -t
systemctl restart nginx

登录账号;; Ip 初始用户和密码： admin admin

查看全文

相关阅读:
Mac上的USB存储设备使用痕迹在新版操作系统有所变化
 Beware of the encrypted VM
A barrier for Mobile Forensics
Second Space could let suspect play two different roles easily
Take advantage of Checkra1n to Jailbreak iDevice for App analysis
Find out "Who" and "Where"
Where is the clone one and how to extract it?
Downgrade extraction on phones running Android 7/8/9
高版本安卓手机的取证未来
 How to extract WeChat chat messages from a smartphone running Android 7.x or above

原文地址：https://www.cnblogs.com/will--1213/p/11823195.html