手动部署JumpServer

一、环境配置

[root@sdp-dev ~]# getenforce
Disabled
[root@sdp-dev ~]# systemctl stop firewalld.service
# 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
[root@sdp-dev ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@sdp-dev ~]# export LC_ALL=zh_CN.UTF-8
[root@sdp-dev ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
[root@sdp-dev ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

# 编译安装,否则后面安装python依赖库时可能会有麻烦 [root@sdp-dev ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz #尽量使用最新版本,否则部分依赖包无法下载 [root@sdp-dev ~]# tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 [root@sdp-dev Python-3.6.1]# ./configure && make && make install # 安装python虚拟环境 [root@sdp-dev Python-3.6.1]# cd /opt [root@sdp-dev opt]# python3 -m venv py3 [root@sdp-dev opt]# source /opt/py3/bin/activate (py3) [root@sdp-dev opt]#
# 使用懒人 autoenv 配置虚拟环境 (py3) [root@sdp-dev opt]# git clone git://github.com/kennethreitz/autoenv.git 正克隆到 'autoenv'... remote: Enumerating objects: 671, done. remote: Total 671 (delta 0), reused 0 (delta 0), pack-reused 671 接收对象中: 100% (671/671), 103.92 KiB | 115.00 KiB/s, done. 处理 delta 中: 100% (356/356), done. (py3) [root@sdp-dev opt]# (py3) [root@sdp-dev opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc (py3) [root@sdp-dev opt]# source ~/.bashrc

二、下载Jumpserver

(py3) [root@sdp-dev opt]# git clone https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
正克隆到 'jumpserver'...
remote: Enumerating objects: 79, done.
remote: Counting objects: 100% (79/79), done.
remote: Compressing objects: 100% (68/68), done.
remote: Total 41282 (delta 19), reused 20 (delta 5), pack-reused 41203
接收对象中: 100% (41282/41282), 52.05 MiB | 79.00 KiB/s, done.
处理 delta 中: 100% (28176/28176), done.
已经位于 'master'
(py3) [root@sdp-dev jumpserver]#

三、安装所需的python modules

(py3) [root@sdp-dev jumpserver]#  echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
(py3) [root@sdp-dev jumpserver]# cd requirements/
autoenv:
autoenv: WARNING:
autoenv: This is the first time you are about to source /opt/jumpserver/.env:
autoenv:
autoenv:   --- (begin contents) ---------------------------------------
autoenv:     source /opt/py3/bin/activate$
autoenv:
autoenv:   --- (end contents) -----------------------------------------
autoenv:
autoenv: Are you sure you want to allow this? (y/N) y
(py3) [root@sdp-dev requirements]#

(py3) [root@sdp-dev requirements]#  yum -y install $(cat rpm_requirements.txt)
(py3) [root@sdp-dev requirements]# pip install --upgrade pip
(py3) [root@sdp-dev requirements]#  pip install -r requirements.txt  -i https://pypi.tuna.tsinghua.edu.cn/simple

四、安装Redis

(py3) [root@sdp-dev requirements]#  yum -y install redis
(py3) [root@sdp-dev requirements]#  systemctl enable redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service.
(py3) [root@sdp-dev requirements]# systemctl start redis

五、安装MySQL

(py3) [root@sdp-dev requirements]# yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@sdp-dev requirements]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
(py3) [root@sdp-dev requirements]# systemctl start mariadb
(py3) [root@sdp-dev requirements]#

(py3) [root@sdp-dev requirements]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>  create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> \q
Bye
(py3) [root@sdp-dev requirements]#

六、配置Jumpserver

(py3) [root@sdp-dev requirements]# pwd
/opt/jumpserver/requirements
(py3) [root@sdp-dev requirements]# cd ..
(py3) [root@sdp-dev jumpserver]# ls
apps      config_example.yml  Dockerfile  entrypoint.sh  LICENSE  README_EN.md  requirements   tmp
build.sh  data                docs        jms            logs     README.md     run_server.py  utils
(py3) [root@sdp-dev jumpserver]# cp config_example.yml config.yml
(py3) [root@sdp-dev jumpserver]#
(py3) [root@sdp-dev jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3) [root@sdp-dev jumpserver]# echo $SECRET_KEY
vFjo4WEMRWNinXMconEXodf3VeEaRStkDzo6SpIfNxphYEEMUZ
(py3) [root@sdp-dev jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@sdp-dev jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3) [root@sdp-dev jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@sdp-dev jumpserver]# echo $BOOTSTRAP_TOKEN
yBCVQ9WHA9phTZ21
(py3) [root@sdp-dev jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@sdp-dev jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@sdp-dev jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@sdp-dev jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@sdp-dev jumpserver]#  sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@sdp-dev jumpserver]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
 你的SECRET_KEY是 vFjo4WEMRWNinXMconEXodf3VeEaRStkDzo6SpIfNxphYEEMUZ
(py3) [root@sdp-dev jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
 你的BOOTSTRAP_TOKEN是 yBCVQ9WHA9phTZ21
(py3) [root@sdp-dev jumpserver]# vi config.yml
(py3) [root@sdp-dev jumpserver]# sed -n '/^DB_/p' /opt/jumpserver/config.yml
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserveradmin
DB_PASSWORD: jumpserverpwd
DB_NAME: jumpserver
(py3) [root@sdp-dev jumpserver]#

七、启动/关闭Jumpserver

(py3) [root@sdp-dev jumpserver]# ./jms start
......

(py3) [root@sdp-dev jumpserver]# ./jms stop
Stop service: gunicorn
Stop service: celery
Stop service: beat
(py3) [root@sdp-dev jumpserver]#

后台启动

(py3) [root@sdp-dev jumpserver]# ./jms start -d 

八、部署koko

支持终端管理,默认port为2222

1.docker部署

[root@sdp-dev ~]# systemctl start docker
[root@sdp-dev ~]#
[root@sdp-dev ~]# Server_IP=192.168.20.32
[root@sdp-dev ~]# BOOTSTRAP_TOKEN=yBCVQ9WHA9phTZ21
[root@sdp-dev ~]# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_koko:1.5.5
Unable to find image 'jumpserver/jms_koko:1.5.5' locally
1.5.2: Pulling from jumpserver/jms_koko
050382585609: Pull complete
f6e2d22aa00f: Pull complete
8c86c00c5332: Pull complete
6b9c6941a89d: Pull complete
a10054b94acf: Pull complete
4005724a64ff: Pull complete
446406ca2953: Pull complete
716a981c63ee: Pull complete
41a65efed49e: Pull complete
Digest: sha256:ac6258fe46165860289410970e124031aa74a380cb3e1ad97348feb2c9265cbc
Status: Downloaded newer image for jumpserver/jms_koko:1.5.5
31fc5862ea104946590c232f16dab366d55823e559e256c5208a3720be9406ba
[root@sdp-dev ~]#

2.手工部署koko (coco 目前已经被 koko 取代)

cd /opt
wget https://github.com/jumpserver/koko/releases/download/1.5.2/koko-master-37daa82-linux-amd64.tar.gz
tar xf koko-master-37daa82-linux-amd64.tar.gz
chown -R root:root kokodir
cd kokodir
chown -R root:root /opt/kokodir
cd /opt/kokodir
cp config_example.yml config.yml
vim config.yml  # BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致
./koko  

九、部署guacamole

基于 HTML 5 和 JavaScript 的 VNC 查看器

[root@sdp-dev ~]# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.5
Unable to find image 'jumpserver/jms_guacamole:1.5.5' locally
1.5.5: Pulling from jumpserver/jms_guacamole
8ba884070f61: Pull complete
74b389e6937e: Pull complete
41f5461bfc2f: Pull complete
f693f2484212: Pull complete
246835158fe4: Pull complete
Digest: sha256:de0b74e33c9991181eb507d768df73fb05932f3b4722dc36ecdca4e358fdce8d
Status: Downloaded newer image for jumpserver/jms_guacamole:1.5.5
f4d0c314c5fb840e42ea7e284f5349c571039bb1e3af2f3f8377b7a2c5f53f82
[root@sdp-dev ~]#

手工部署guacamole  

$ cd /opt
$ git clone --depth=1 https://github.com/jumpserver/docker-guacamole.git
$ cd /opt/docker-guacamole
$ tar xf guacamole-server-1.0.0.tar.gz
$ cd /opt/docker-guacamole/guacamole-server-1.0.0
# 根据 http://guacamole.apache.org/doc/gug/installing-guacamole.html 文档安装对应的依赖包
$ autoreconf -fi
$ ./configure --with-init-dir=/etc/init.d
$ make
$ make install

# 访问 https://tomcat.apache.org/download-90.cgi 下载最新的 tomcat9
$ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/
$ cd /config
$ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.22/bin/apache-tomcat-9.0.22.tar.gz
$ tar xf apache-tomcat-9.0.22.tar.gz
$ mv apache-tomcat-9.0.22 tomcat9
$ rm -rf /config/tomcat9/webapps/*
$ sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml
$ echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties
$ ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war
$ ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
$ ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
$ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
$ tar xf linux-amd64.tar.gz -C /bin/
$ chmod +x /bin/ssh-forward

# 设置 guacamole 环境
$ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
$ export BOOTSTRAP_TOKEN=******
$ echo "export BOOTSTRAP_TOKEN=******" >> ~/.bashrc
$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
$ export GUACAMOLE_HOME=/config/guacamole
$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

$ /etc/init.d/guacd start
$ sh /config/tomcat9/bin/startup.sh

十、部署luna

与nginx结合支持Web Terminal前端

[root@sdp-dev ~]# cd /opt/
[root@sdp-dev opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz
[root@sdp-dev opt]# tar xf luna.tar.gz
[root@sdp-dev opt]# chown -R root:root luna

十一、配置nginx

[root@sdp-dev opt]# cd /usr/local/nginx/conf/
[root@sdp-dev conf]# ls
fastcgi.conf            koi-utf             nginx.conf           uwsgi_params
fastcgi.conf.default    koi-win             nginx.conf.default   uwsgi_params.default
fastcgi_params          mime.types          scgi_params          win-utf
fastcgi_params.default  mime.types.default  scgi_params.default
[root@sdp-dev conf]# mkdir conf.d
[root@sdp-dev conf]# cd conf.d/
[root@sdp-dev conf.d]# vim jumpserver.conf
[root@sdp-dev conf.d]# ls
jumpserver.conf
[root@sdp-dev conf.d]# cat jumpserver.conf
server {
    listen 80;
    # server_name _;
    server_name bastion.qf.com;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
        proxy_pass       http://localhost:5000;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /ws/ {
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }
}
[root@sdp-dev conf.d]#
[root@sdp-dev conf.d]# cd ..
[root@sdp-dev conf]# vim nginx.conf
[root@sdp-dev conf]# grep -Pv "^($| *#)" nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    include /usr/local/nginx/conf/conf.d/*.conf;
}
[root@sdp-dev conf]# cd ..
[root@sdp-dev nginx]# sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@sdp-dev nginx]#

十二、Jumpserver 登录测试

  • # 检查应用是否已经正常运行
  • # 服务全部启动后, 访问 jumpserver 服务器 nginx 代理的 80 端口, 不要通过8080端口访问
  • # 默认账号: admin 密码: admin

十三、快速入门

参考:https://jumpserver.readthedocs.io/zh/master/quick_start.html

系统设置

设置用户访问的URL

设置邮件地址及验证

设置邮件内容

配置LDAP

导入LDAP用户

终端设置

安全设置

用户管理

用户组设置

用户设置

资产管理

资产管理--管理用户

资产管理--系统用户

资产管理--网域列表

资产管理--资产列表

权限管理

 

 

会话管理

会话管理--Web终端

 

windows终端

会话管理--命令记录

会话管理--历史记录

会话管理--文件管理

会话管理--终端管理

作业中心

作业中心--批量命令

作业中心--任务列表

日志审计

日志审计--登录日志

日志审计--操作日志

日志审计--批量命令

仪表盘

14、排错

(1)koko 不在线

原因:版本不匹配

解决过程如下:

(py3) [root@qa95-devel jumpserver]# Server_IP=`ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`
(py3) [root@qa95-devel jumpserver]# docker run --name jms_koko -d -p 2222:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_koko:1.5.5
Unable to find image 'jumpserver/jms_koko:1.5.5' locally
1.5.5: Pulling from jumpserver/jms_koko
e7c96db7181b: Pull complete
579b06fc1e6a: Pull complete
1a195461e3ce: Pull complete
cb544743625b: Pull complete
ec65f2bdce0b: Pull complete
Digest: sha256:e6c35bd8a9f7be72055be21380344c81c4a6330efa254aabf60b8a4796d508c5
Status: Downloaded newer image for jumpserver/jms_koko:1.5.5
a42306dc4572b58dff389a0d0bf7c62dda0251800039345c17a84cda87734739
(py3) [root@qa95-devel jumpserver]#

然后koko注册成功,并处于在线状态:  

(2)Guacamole 注册失败

原因:版本不匹配

解决过程如下:

(py3) [root@qa95-devel jumpserver]# docker stop jms_guacamole
jms_guacamole
(py3) [root@qa95-devel jumpserver]# docker rm jms_guacamole
jms_guacamole
(py3) [root@qa95-devel jumpserver]# docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_guacamole:1.5.5
Unable to find image 'jumpserver/jms_guacamole:1.5.5' locally
1.5.5: Pulling from jumpserver/jms_guacamole
ab5ef0e58194: Pull complete
edf7bc06322e: Pull complete
2034ec367e45: Pull complete
e75756b89a95: Pull complete
f04c5d071413: Pull complete
2599c3a6a821: Pull complete
52a073ddf64c: Pull complete
805616d72c12: Pull complete
3c40529b36f6: Pull complete
3044f8f99b07: Pull complete
d97561b081f3: Pull complete
Digest: sha256:667651fd4fe9836d6c4121c66cde25095dce966e9610035da512af25cbe00b79
Status: Downloaded newer image for jumpserver/jms_guacamole:1.5.5
71f7e22b7b0e1687b55f79063b3fe9c699286157c1efd361e4a68ee4ad141a95
(py3) [root@qa95-devel jumpserver]#  docker ps
CONTAINER ID        IMAGE                            COMMAND             CREATED             STATUS              PORTS                                              NAMES
71f7e22b7b0e        jumpserver/jms_guacamole:1.5.5   "./entrypoint.sh"   4 minutes ago       Up 4 minutes        127.0.0.1:8081->8080/tcp                           jms_guacamole
a42306dc4572        jumpserver/jms_koko:1.5.5        "./entrypoint.sh"   29 minutes ago      Up 29 minutes       0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp   jms_koko
(py3) [root@qa95-devel jumpserver]#

然后Guacamole注册成功,如下所示:

 

 

 排错参考:https://docs.jumpserver.org/zh/docs/faq.html

  

  

  

  

  

  

 

 

  

 

posted @ 2023-02-03 16:46  百衲本  阅读(162)  评论(0编辑  收藏  举报
cnblogs_post_body { color: black; font: 0.875em/1.5em "微软雅黑" , "PTSans" , "Arial" ,sans-serif; font-size: 15px; } cnblogs_post_body h1 { text-align:center; background: #333366; border-radius: 6px 6px 6px 6px; box-shadow: 0 0 0 1px #5F5A4B, 1px 1px 6px 1px rgba(10, 10, 0, 0.5); color: #FFFFFF; font-family: "微软雅黑" , "宋体" , "黑体" ,Arial; font-size: 23px; font-weight: bold; height: 25px; line-height: 25px; margin: 18px 0 !important; padding: 8px 0 5px 5px; text-shadow: 2px 2px 3px #222222; } cnblogs_post_body h2 { text-align:center; background: #006699; border-radius: 6px 6px 6px 6px; box-shadow: 0 0 0 1px #5F5A4B, 1px 1px 6px 1px rgba(10, 10, 0, 0.5); color: #FFFFFF; font-family: "微软雅黑" , "宋体" , "黑体" ,Arial; font-size: 20px; font-weight: bold; height: 25px; line-height: 25px; margin: 18px 0 !important; padding: 8px 0 5px 5px; text-shadow: 2px 2px 3px #222222; } cnblogs_post_body h3 { background: #2B6695; border-radius: 6px 6px 6px 6px; box-shadow: 0 0 0 1px #5F5A4B, 1px 1px 6px 1px rgba(10, 10, 0, 0.5); color: #FFFFFF; font-family: "微软雅黑" , "宋体" , "黑体" ,Arial; font-size: 18px; font-weight: bold; height: 25px; line-height: 25px; margin: 18px 0 !important; padding: 8px 0 5px 5px; text-shadow: 2px 2px 3px #222222; } 回到顶部 博客侧边栏 回到顶部 页首代码 回到顶部 页脚代码