欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

jumpserver跳板机搭建

程序员文章站 2022-03-24 20:12:45
...

安装jumpserver
环境说明:主机IP:192.168.31.10
关闭sellinux与防火墙
一、 准备python3和python虚拟环境
安装依赖包:
yum -y install wget libselinux-python sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

  1. 下载并解压python包
    cd /usr/local/src/
    wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
    tar xvf Python-3.6.1.tar.xz
  2. 安装python3
    yum -y install zlib-devel gcc //安装依赖
    cd Python-3.6.1 && ./configure
    make && make install
  3. 建立python虚拟环境
    cd /opt/ && python3 -m venv py3
    source /opt/py3/bin/activate
    二、 安装Jumpserver
  4. 下载软件包
    cd /opt/
    git clone https://github.com/jumpserver/jumpserver.git
  5. 安装依赖 RPM 包
    cd /opt/jumpserver/requirements
  6. 安装rpm依赖包与python库依赖
    yum -y install epel-release //安装epel源
    yum -y install $(cat rpm_requirements.txt)
    pip install -r requirements.txt
  7. 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
    yum -y install redis
    systemctl start redis
    systemctl enable redis
  8. 安装MySQL
    yum -y install mariadb mariadb-devel mariadb-server
    systemctl start mariadb
    systemctl enable mariadb
    设置mysql密码
    mysql_secure_installation
    创建数据库Jumpserver并授权
    mysql -uroot -p123qqq…A -e “create database jumpserver default charset ‘utf8’; grant all on jumpserver.* to ‘jumpserver’@‘127.0.0.1’ identified by ‘[email protected]’; flush privileges;”
    安装mysql驱动
    pip install mysqlclient
  9. 进到jumpserver目录下,复制文件并修改
cd /opt/jumpserver
cp config_example.yml config.yml 
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
sed -i "s/DB_PASSWORD: /DB_PASSWORD: [email protected]/g" /opt/jumpserver/config.yml
  1. 启动Jumpserver
    ./jms start all -d
    三、 部署 koko 组件
  2. 下载或 Clone 项目
    cd /opt
    wget https://github.com/jumpserver/koko/releases/
    download/1.5.5/koko-master-linux-amd64.tar.gz
    tar xf koko-master-linux-amd64.tar.gz
    chown -R root:root kokodir
    cd kokodir
    cp config_example.yml config.yml
    sed -i “s/BOOTSTRAP_TOKEN: /BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g” /opt/jumpserver/kokodir/config.yml
    sed -i “s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g” /opt/jumpserver/kokodir/config.yml
    ./koko # 可以 -d 参数在后台运行 ./koko –d
    四、 安装 Web Terminal 前端: Luna
    cd /opt/
    wget https://github.com/jumpserver/luna/releases/download/1.4.8/luna.tar.gz
    tar xf luna.tar.gz
    chown -R root:root luna
    五、 配置 Nginx 整合各组件
  3. 安装Nginx
    yum install yum-utils
    vi /etc/yum.repos.d/nginx.repo
    [nginx-stable]
    name=nginx stable repo
    baseurl=http://nginx.org/packages/centos/releasever/releasever/basearch/
    gpgcheck=1
    enabled=1
    gpgkey=https://nginx.org/keys/nginx_signing.key
    yum install -y nginx
  4. 准备配置文件 修改 /etc/nginx/conf.d/jumpserver.conf
    rm -rf /etc/nginx/conf.d/default.conf
    systemctl enable nginx
    vim /etc/nginx/conf.d/jumpserver.conf
    server {
    listen 80; # 代理端口, 以后将通过此端口进行访问, 不再通过8080端口
    server_name demo.jumpserver.org; # 修改成你的域名或者注释掉

client_max_body_size 100m; # 录像及文件上传大小限制

location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}

location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}

location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}

location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /coco/ {
proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}}

  1. 运行 Nginx
    nginx -t # 确保配置没有问题, 有问题请先解决
    systemctl start nginx
    systemctl enable nginx

六、 检查应用是否已经正常运行

  1. 访问http://192.168.31.10, 访问nginx代理的端口

  2. 测试连接,密码admin
    ssh -p2222 [email protected]

相关标签: 服务环境搭建 linux

上一篇: Redmine使用手册

下一篇: Silverlight & Blend动画设计系列十二:三角函数(Trigonometry)动画之*旋转(Free-form rotation) BlendSilverlightUIMicrosoft算法 

推荐阅读