跳板机 jumpserver
http://docs.jumpserver.org/zh/docs/introduce.html
启动脚本
1 #!/bin/bash 2 set -e 3 4 export LANG=zh_CN.UTF-8 5 6 # 项目安装位置,默认是/opt 7 Project=/data1/jumpserver 8 9 pid=`ps -ef | grep -v grep | egrep '(gunicorn|celery|beat|cocod)' | awk '{print $2}'` 10 if [ "$pid" != "" ]; then 11 echo -e "\033[31m 检测到 Jumpserver 进程未退出,结束中 \033[0m" 12 cd $Project && sh stop_jms.sh 13 sleep 5s 14 pid1=`ps -ef | grep -v grep | egrep '(gunicorn|celery|beat|cocod)' | awk '{print $2}'` 15 if [ "$pid1" != "" ]; then 16 echo -e "\033[31m 检测到 Jumpserver 进程任未退出,强制结束中 \033[0m" 17 kill -9 ${pid1} 18 fi 19 fi 20 21 echo -e "\033[31m 正常启动 Jumpserver ... \033[0m" 22 23 # jumpserver 24 source $Project/py3/bin/activate 25 cd $Project/ && ./jms start all -d 26 27 # coco 28 cd $Project/coco && ./cocod start -d 29 30 exit 0
停止脚本
1 #!/bin/bash 2 set -e 3 4 # 项目安装位置,默认是/opt 5 Project=/usr/local/Jumpserver 6 7 source $Project/py3/bin/activate 8 cd $Project/coco && ./cocod stop 9 cd $Project/ && ./jms stop 10 11 exit 0
nginx配置
1 server { 2 listen 80; 3 server_name jumpserver.xxx.com; # 修改成你的域名或者注释掉 4 5 client_max_body_size 100m; # 录像及文件上传大小限制 6 7 location ~ /luna/.*\.(svg|eot|ico|woff|woff2|ttf|js|css|png|json|txt)$ { 8 #try_files $uri / /index.html; 9 #alias /data1/Jumpserver/jumpserver/luna/; # luna 路径,如果修改安装目录,此处需要修改 10 rewrite ^/luna/(.*)$ http://jumpserver.oss-cn-hangzhou.aliyuncs.com/luna/$1 permanent; 11 add_header Access-Control-Allow-Origin 'http://jumpserver.oss-cn-hangzhou.aliyuncs.com'; 12 add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; 13 access_log off; 14 } 15 location /luna/ { 16 try_files $uri / /index.html; 17 alias /usr/local/Jumpserver/luna/; # luna 路径,如果修改安装目录,此处需要修改 18 } 19 20 location /media/ { 21 add_header Content-Encoding gzip; 22 root /usr/local/Jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改 23 } 24 25 location /static/ { 26 #root /usr/local/Jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改 27 rewrite ^/static/(.*)$ http://jumpserver.oss-cn-hangzhou.aliyuncs.com/data/static/$1 permanent; 28 add_header Access-Control-Allow-Origin 'http://jumpserver.oss-cn-hangzhou.aliyuncs.com'; 29 add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; 30 access_log off; 31 } 32 33 location /socket.io/ { 34 proxy_pass http://127.0.0.1:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip 35 proxy_buffering off; 36 proxy_http_version 1.1; 37 proxy_set_header Upgrade $http_upgrade; 38 proxy_set_header Connection "upgrade"; 39 proxy_set_header X-Real-IP $remote_addr; 40 proxy_set_header Host $host; 41 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 42 access_log off; 43 } 44 45 location /coco/ { 46 proxy_pass http://127.0.0.1:5000/coco/; # 如果coco安装在别的服务器,请填写它的ip 47 proxy_set_header X-Real-IP $remote_addr; 48 proxy_set_header Host $host; 49 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 50 access_log off; 51 } 52 53 location /guacamole/ { 54 proxy_pass http://127.0.0.1:8081/; # 如果guacamole安装在别的服务器,请填写它的ip 55 proxy_buffering off; 56 proxy_http_version 1.1; 57 proxy_set_header Upgrade $http_upgrade; 58 proxy_set_header Connection $http_connection; 59 proxy_set_header X-Real-IP $remote_addr; 60 proxy_set_header Host $host; 61 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 62 access_log off; 63 } 64 65 location / { 66 proxy_pass http://127.0.0.1:8080; # 如果jumpserver安装在别的服务器,请填写它的ip 67 proxy_set_header X-Real-IP $remote_addr; 68 proxy_set_header Host $host; 69 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 70 } 71 }
阿里云oss客户端工具
https://help.aliyun.com/document_detail/61872.html?spm=a2c4g.11186623.6.1370.497f65d30E4SWw
