Linux —— Jumpserver 环境配置

通过远程终端finalshell/xshell 实现window与Linux互传

查找rz的安装包yum provides rz

1. 安装rz yum -y install lrzsz-0.12.20-36.el7.x86_64
2. 上传到Linux rz
3. 下载到window sz {文件名}

Jumpserver 环境配置

1. 关闭防火墙 systemctl stop firewalld 和selinux setenforce 0

2. 修改默认字符集并生效

   [root@localhost ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
   [root@localhost ~]# export LC_ALL=zh_CN.UTF-8
   [root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
   

3. 安装软件
   1）一些安装包yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

   2）下载python3.6 wget https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tar.xz
   进入python3.6的configured目录编译安装 ./configure && make && make install

   3）进入opt目录 cd /opt
   建立python3环境 python3 -m venv py3
   使用python3环境 source /opt/py3/bin/activate

   4）在python3环境下
   下载克隆kennethreitz git clone git://github.com/kennethreitz/autoenv.git
   默认使用.bashrc echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
   使.bashrc生效 source ~/.bashrc
   下载克隆jumpserver git clone https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master

   安装所需的python模块
   step1.

   (py3) [root@localhost jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
   (py3) [root@localhost jumpserver]# cd requirements/
   autoenv:
   autoenv: WARNING:
   autoenv: This is the first time you are about to source /opt/jumpserver/.env:
   autoenv:
   autoenv:   --- (begin contents) ---------------------------------------
   autoenv:     source /opt/py3/bin/activate$
   autoenv:
   autoenv:   --- (end contents) -----------------------------------------
   autoenv:
   autoenv: Are you sure you want to allow this? (y/N) y
   
   

   step2.安装rpm_requirements.txt里的模块 yum -y install $(cat rpm_requirements.txt)
   step3.更新
   pip install --upgrade pip
pip install -r requirements.txt

   安装Redis
   step1.安装redis yum -y install redis
   step2.开机自启redis systemctl enable redis
   step3.启动redis systemctl start redis

   安装MySQL
   step1.安装mysql yum -y install mariadb mariadb-devel mariadb-server
   step2.开机自启mariadb systemctl enable mariadb
   step3.启动mariadb systemctl start mariadb
   step4.进入mysql mysql
   step5.建立一个叫jumpserver的数据库默认为utf-8字符集 create database jumpserver default charset 'utf8';
   step6.给本机授权 grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1'identified by 'jumpserverpwd';
   step7.刷新数据库 flush privileges;
   step8.退出 \q

   配置Jumpserver
   step1.返回上级目录

   (py3) [root@localhost requirements]# cd ..
   (py3) [root@localhost jumpserver]# 
   

   step2.复制config_example.yml文件 cp config_example.yml config.yml
   step3.生成50位数的KEY

   SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
   # 检测是否生成KEY
   echo $SECRET_KEY
   

   step4.将KEY添加到.bashrc中echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
   step5.生成16位数的KEY

   BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
   # 检测是否生成KEY
   echo $SECRET_KEY
   

   step6.将KEY添加到.bashrc中echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

   step7.修改 Jumpserver配置文件

   sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
   sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
   sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
   sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
   sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
   sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
   #检测
   echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
   echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
   

   step8.修改config.yml文件 vim /opt/jumpserver/config.yml
   step9.启动/关闭Jumpserver
   启动 /opt/jumpserver/jms start
   后台启动 /opt/jumpserver/jms start -d
   关闭 /opt/jumpserver/jms stop

   5）Docker 部署koko
   step1.下载docker服务 yum -y install docker
   step2.启动docker服务 systemctl restart docker
   step3.配置koko docker run --name jms_koko -d \ -p 2222:2222 \ -p 127.0.0.1:5000:5000 \ -e CORE_HOST=http://192.168.137.133:8080 \ -e BOOTSTRAP_TOKEN=Whiv8NboExuhYaWC \ -e LOG_LEVEL=ERROR \ --restart=always \ jumpserver/jms_koko:v2.1.0
   6）Docker 部署 Guacamole
   step1.配置Guacamole docker run --name jms_guacamole -d \ -p 127.0.0.1:8081:8080 \ -e JUMPSERVER_SERVER=http://192.168.137.133:8080 \ -e BOOTSTRAP_TOKEN=Whiv8NboExuhYaWC \ -e GUACAMOLE_LOG_LEVEL=ERROR \ jumpserver/jms_guacamole:v2.1.0
   7）下载 Lina 组件和Luna 组件
   step1.下载Lina组件 cd /opt wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz
   step2.Lina解压、改名、更改权限 tar -xf lina-v2.1.0.tar.gz mv lina-v2.1.0 lina chown -R root:root lina
   step3.下载 Luna 组件 cd /opt wget https://github.com/jumpserver/luna/releases/download/v2.1.0/luna-v2.1.0.tar.gz
   step2.Luna解压、改名、更改权限 tar -xf luna-v2.1.0.tar.gz mv luna-v2.1.0 luna chown -R root:root luna
   8）配置nginx
   step1.下载最新稳定版nginx官方下载
   step2.解压并进入目录
   step3.解码，安装到指定目录/usr/local/nginx ./configure --prefix=/usr/local/nginx && make && make install
   step4.切换目录到 cd /usr/local/nginx/conf/ \ mkdir conf.d \ vim jumpserver.conf 创建目录 mkdir conf.d
   step5.在conf.d下创建jumpserver.conf文件 cd conf.d && vim jumpserver.conf
   配置文件jumpserver.conf输入

   server {
       listen 80;
   
       client_max_body_size 100m;  # 录像及文件上传大小限制
   
       location /ui/ {
           try_files $uri / /index.html;
           alias /opt/lina/;
       }
   
       location /luna/ {
           try_files $uri / /index.html;
           alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
       }
   
       location /media/ {
           add_header Content-Encoding gzip;
           root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
       }
   
       location /static/ {
           root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
       }
   
       location /koko/ {
           proxy_pass       http://localhost:5000;
           proxy_buffering off;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           access_log off;
       }
   
       location /guacamole/ {
           proxy_pass       http://localhost:8081/;
           proxy_buffering off;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection $http_connection;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           access_log off;
       }
   
       location /ws/ {
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_pass http://localhost:8070;
           proxy_http_version 1.1;
           proxy_buffering off;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
       }
   
       location /api/ {
           proxy_pass http://localhost:8080;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
   
       location /core/ {
           proxy_pass http://localhost:8080;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
   
       location / {
           rewrite ^/(.*)$ /ui/$1 last;
       }
   }
   

   step6. 更改nginx配置文件 vim /usr/local/nginx/conf/nginx.conf
   step7.检测nginx配置 /usr/local/nginx/sbin/nginx -t
   step8.刷新nginx配置 /usr/local/nginx/sbin/nginx -s reload

/usr/local/nginx/sbin/nginx -s reload 时出现错误 nginx: [error] invalid PID number “” in “/usr/local/nginx/logs/nginx.pid”

解决方法：

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf