jumpserver的搭建

systemctl stop firewalld
systemctl disable firewalld
setenforce 0

0.生成secret key Bootstrap
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi




1.安装Python3.6 安装 MySQL 安装Redis
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install python3 python3-devel mariadb mariadb-server redis -y


2.启动mysql和redis
systemctl enable mariadb redis
systemctl start mariadb redis

3.为mysql设定登录密码,创建jumpserver的库
mysqladmin password oldxu.com

mysql -uroot -poldxu.com -e "create database jumpserver default charset 'utf8' collate 'utf8_bin';"
mysql -uroot -poldxu.com -e "grant all privileges on jumpserver.* to jumpserver@'%' identified by 'oldxu.com';"

mysql -uroot -poldxu.com -e "show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+

创建 Python 虚拟环境
python3.6 -m venv /opt/py3

载入 Python 虚拟环境
source /opt/py3/bin/activate


安装JumpServer
cd /opt/
rz
tar xf jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2 jumpserver


安装jumpserver所依赖的rpm包
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)

安装jumpserver所依赖的python包
pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/


修改jumpserver配置
cd /opt/jumpserver && \
cp config_example.yml config.yml && \
vi config.yml
SECRET_KEY: Tw7OZj3cJKiJhXdfMAiNdeVCIk7EljzJxIyM9vJGvIs1WzeEK3 #自己用自己的
BOOTSTRAP_TOKEN: 3PIEqKa0IbI3ypRk #自己用自己的
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: oldxu.com
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True


启动jumpserver
cd /opt/jumpserver
./jms start -d

部署koko组件 ( 以前叫coco )
cd /opt
tar xf koko-v2.2.2-linux-amd64.tar.gz
mv koko-v2.2.2-linux-amd64 koko
chown -R root:root koko
cd /opt/koko
cp config_example.yml config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: 3PIEqKa0IbI3ypRk
LOG_LEVEL: ERROR
SSH_TIMEOUT: 60
SHARE_ROOM_TYPE: redis
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379

安装Nginx
yum install nginx -y


下载 Lina 组件
cd /opt
tar -xf lina-v2.2.2.tar.gz
mv lina-v2.2.2 lina
chown -R nginx:nginx lina

下载 Luna 组件
cd /opt
tar -xf luna-v2.2.2.tar.gz
mv luna-v2.2.2 luna
chown -R nginx:nginx luna

配置 Nginx 整合各组件
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf

server {
listen 80;
server_name jumpserver.oldxu.com;

client_max_body_size 100m; # 录像及文件上传大小限制

location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}

location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}

location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}

location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}

location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}

nginx -t
systemctl restart nginx
systemctl enable nginx

 

jumpserver 默认用户名 密码
admin
admin

2020-09-14

posted @ 2020-09-14 19:20  断尽的记忆  阅读(815)  评论(0编辑  收藏  举报