centos7安装jumpserver1.5.0
官方是用docker装的 这边用源码包安装。安装包在云盘下载。
链接:https://pan.baidu.com/s/1pAgKgvc5_BagF-sTjNqeQA
提取码:pfao
复制这段内容后打开百度网盘手机App,操作更方便哦
链接:https://pan.baidu.com/s/1Yp0x9wX8vhPrjrcAJCbqxg
提取码:i7xe
复制这段内容后打开百度网盘手机App,操作更方便哦
1、基础设置
版本说明
操作系统:centos7.4
jumpserver:1.5.0
升级所有包同时也升级软件和系统内核
yum update -y
selinux配置 阿里云服务器默认是关闭的
setenforce 0
sed -i “s/SELINUX=enforcing/SELINUX=disabled/g” /etc/selinux/config
安装依赖包
yum -y install wget gcc epel-release git vim
2、安装Redis
安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
yum -y install redis
systemctl enable redis
systemctl start redis
3、安装MySQL
安装 MySQL(centos7下叫mariadb, 用法与mysql一致)
yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared
systemctl enable mariadb
systemctl start mariadb
创建数据库 Jumpserver 并授权
mysql –uroot –e “create database jumpserver default charset ‘utf8’;grant all on jumpserver.* to ‘jumpserver’@‘127.0.0.1’ identified by ‘Hangzhou@123’;flush privileges;”
4、配置Python环境
安装 Python3.6
yum -y install python36 python36-devel
配置并载入 Python3 虚拟环境
cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均在该虚拟环境中运行
(py3) [root@localhost py3]
5、安装Jumpserver
下载 Jumpserver
cd /opt/
tar zxvf jumpserver-1.5.0.tar.gz
mv jumpserver-1.5.0 jumpserver
安装依赖 RPM 包
yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
安装 Python 库依赖
pip install --upgrade pip setuptools
这里如果有依赖报错 不影响后面的使用。
pip install -r /opt/jumpserver/requirements/requirements.txt
复制 Jumpserver 配置文件
cd /opt/jumpserver
cp config_example.yml config.yml
生成随机SECRET_KEY
加密秘钥 生产环境中请修改为随机字符串, 请勿外泄, PS: 纯数字不可以
SECRET_KEY=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50
echo “SECRET_KEY=$SECRET_KEY” >> ~/.bashrc
生成随机BOOTSTRAP_TOKEN
预共享Token coco和guacamole用来注册服务账号, 不在使用原来的注册接受机制
BOOTSTRAP_TOKEN=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
echo “BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN” >> ~/.bashrc
查看SECRET_KEY、BOOTSTRAP_TOKEN
cat ~/.bashrc
修改配置文件
sed -i “s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g” /opt/jumpserver/config.yml
sed -i “s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g” /opt/jumpserver/config.yml
sed -i “s/# DEBUG: true/DEBUG: false/g” /opt/jumpserver/config.yml
sed -i “s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g” /opt/jumpserver/config.yml
sed -i “s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g” /opt/jumpserver/config.yml
sed -i “s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g” /opt/jumpserver/config.yml
查看完整 config.yml 配置文件
cat /opt/jumpserver/config.yml |grep -v ‘#’ |grep -v ‘^$’
运行 Jumpserver
cd /opt/jumpserver
./jms start all -d
开机自启
vim /usr/lib/systemd/system/jms.service 并添加如下内容
[Unit]
Description=jms
After=network.target mariadb.service redis.service
Wants=mariadb.service redis.service
[Service]
Type=forking
Environment=“PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin”
ExecStart=/opt/jumpserver/jms start all -d
ExecReload=
ExecStop=/opt/jumpserver/jms stop
[Install]
WantedBy=multi-user.target
6、安装coco
cd /opt/
tar zxvf coco-1.5.0.tar.gz
mv coco-1.5.0 coco
cd /opt/coco
yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt)
pip install -r /opt/coco/requirements/requirements.txt
复制配置文件
cp config_example.yml config.yml
配置文件完整配置
cat /opt/coco/config.yml |grep -v ‘#’ |grep -v ‘^$’
后台启动coco
/opt/coco/cocod start -d
开机自启
vim /usr/lib/systemd/system/coco.service 并加入如下配置
[Unit]
Description=coco
After=network.target jms.service
[Service]
Type=forking
PIDFile=/opt/coco/coco.pid
Environment=“PATH=/opt/py3/bin”
ExecStart=/opt/coco/cocod start -d
ExecReload=
ExecStop=/opt/coco/cocod stop
[Install]
WantedBy=multi-user.target
7、下载Luna
安装 Web Terminal 前端: Luna 需要 Nginx 来运行访问 访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包, 直接解压, 不需要编译
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.5.0/luna.tar.gz
如果网络有问题导致下载无法完成可以使用下面地址
wget https://demo.jumpserver.org/download/luna/1.5.0/luna.tar.gz
解压
tar xf luna.tar.gz
chown -R root:root luna
8、安装Nginx
安装 Nginx, 用作代理服务器整合 Jumpserver 与各个组件
vim /etc/yum.repos.d/nginx.repo 并加入如下配置
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
yum -y install nginx
配置 Nginx 整合各组件
rm -rf /etc/nginx/conf.d/default.conf
修改/etc/nginx/nginx.conf 如下
For more information on configuration, see:
* Official English Documentation: http://nginx.org/en/docs/
* Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - r e m o t e u s e r [ remote_user [ remoteuser[time_local] “KaTeX parse error: Double superscript at position 34: … '̲status b o d y b y t e s s e n t " body_bytes_sent " bodybytessent"http_referer” ’
‘“ h t t p u s e r a g e n t " " http_user_agent" " httpuseragent""http_x_forwarded_for”’;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
# 代理端口, 以后将通过此端口进行访问, 不再通过8080端口
listen 80;
server_name localhost; # 修改成你的域名或者注释掉
client_max_body_size 500m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器, 请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
运行 Nginx
nginx -t
systemctl enable nginx
systemctl start nginx
9、访问
访问 UI (注意 没有 :8080 通过 nginx 代理端口进行访问):
http://192.168.10.144
默认账号: admin 密码: admin 到会话管理-终端管理 接受 coco 等应用的注册
测试ssh连接
ssh -p2222 [email protected]
密码: admin
10、附启动命令
#启动
systemctl start mariadb
systemctl start redis
systemctl start jms
systemctl start coco
systemctl start nginx