Ubuntu22.04-JumpServer-v3.9.3源码部署

Ubuntu22.04-JumpServer-v3.9.3源码部署

  • 设置时区并设置时间同步
  • 部署MySQL或MariaDB
  • 安装redis
  • Core 环境部署
  • Lina 环境部署
  • Luna 环境部署
  • KoKo 环境部署
  • Lion 环境部署
  • Magnus 环境部署
  • 安装Nginx
  • JumpServer 环境整合

设置时区并设置时间同步

# 设置时区
timedatectl set-timezone "Asia/Shanghai"

# 安装chrony
apt -y install chrony

# 修改chrony的配置文件
vim /etc/chrony/chrony.conf

# 把所有pool行删除并添加如下时间同步服务器
server  ntp.aliyun.com  iburst

# 重启chrony服务
systemctl enable chrony && systemctl restart chrony

# 检查是否同步成功
chronyc sources

部署MySQL或MariaDB

# MySQL版本>= 5.7
# MariaDB版本>= 10.3
# 查看软件源的版本是否符合要求,符合要求直接安装即可
apt-cache madison 软件包名

# MySQL安装(这里我选择安装mysql,软件源的版本为8.0.35)
apt -y install mysql-server

# MariaDB安装
apt -y install mariadb-server

# 修改数据库root密码
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
flush privileges;

# 创建jumpserver数据库
create database jumpserver;

# 创建jumpserver用户
create user 'jumpserver'@'%' IDENTIFIED BY 'password';

# 给jumpserver用户授权
GRANT ALL PRIVILEGES ON jumpserver.* TO 'jumpserver'@'%' WITH GRANT OPTION;
flush privileges;

安装redis

apt -y install redis

Core 环境部署

# 下载源代码
cd /opt

mkdir /opt/jumpserver-v3.9.3

wget -O /opt/jumpserver-v3.9.3.tar.gz  https://github.com/jumpserver/jumpserver/archive/refs/tags/v3.9.3.tar.gz

tar -xf jumpserver-v3.9.3.tar.gz -C /opt/jumpserver-v3.9.3 --strip-components 1

cd jumpserver-v3.9.3

rm -f apps/common/utils/ip/geoip/GeoLite2-City.mmdb apps/common/utils/ip/ipip/ipipfree.ipdb

wget https://download.jumpserver.org/files/ip/GeoLite2-City.mmdb -O apps/common/utils/ip/geoip/GeoLite2-City.mmdb

wget https://download.jumpserver.org/files/ip/ipipfree.ipdb -O apps/common/utils/ip/ipip/ipipfree.ipdb

# 安装所需依赖环境
cd /opt/jumpserver-v3.9.3/requirements
chmod 755 deb_pkg.sh
./deb_pkg.sh

# 如果是MariaDB
apt install -y libmariadb-dev mariadb-client

# 如果是MySQL
apt install -y libmysqlclient-dev mysql-client

# 编译安装Python3.11.6
cd /opt
wget https://www.python.org/ftp/python/3.11.6/Python-3.11.6.tgz
tar -xvf Python-3.11.6.tgz
cd Python-3.11.6/
./configure --prefix=/opt/python3-11-6/
make && make install
echo PATH="/opt/python3-11-6/bin:\$PATH" >> /etc/profile
source /etc/profile

# 为 JumpServer 项目单独创建 python3 虚拟环境
python3.11 -m venv /opt/py3
source /opt/py3/bin/activate

# 安装JumpServer依赖,依赖文件为pyproject.toml
# 先安装poetry
pip3.11 install poetry -i https://pypi.tuna.tsinghua.edu.cn/simple
cd /opt/jumpserver-v3.9.3
# ansible-core、django-radius和django-cas-ng由于是GitHub连接,所以先手动下载解压到/opt/目录下
cd /opt
unzip ansible-2.14.1.2.zip
unzip django-cas-ng-4.3.2.zip
unzip django-radius-1.5.0.zip

cd /opt/jumpserver-v3.9.3
vim pyproject.toml # 修改内容里面包含GitHub连接的模块
ansible-core = { path = "/opt/ansible-2.14.1.2" }
django-radius = { path = "/opt/django-radius-1.5.0" }
django-cas-ng = { path = "/opt/django-cas-ng-4.3.2" }




# 最后安装项目的依赖模块
cd /opt/jumpserver-v3.9.3
pip3 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
poetry install

# 生成密钥
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

# 修改配置文件
cd /opt/jumpserver-v3.9.3
cp config_example.yml config.yml
vim config.yml

SECRET_KEY: BZX7MsGT3pekyO94R7lguc8ezTDoxAYCNgqwcOseIlD4lkxeXN # 通过命令生成的密钥
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: "Ctl20010227.."
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379

# 处理国际化
apt install gettext -y
rm -f apps/locale/zh/LC_MESSAGES/django.mo apps/locale/zh/LC_MESSAGES/djangojs.mo
python3 apps/manage.py compilemessages

# 启动 Core
./jms start -d

Lina 环境部署

cd /opt
wget https://github.com/jumpserver/lina/releases/download/v3.9.3/lina-v3.9.3.tar.gz
tar -xf lina-v3.9.3.tar.gz

Luna 环境部署

cd /opt
wget https://github.com/jumpserver/luna/releases/download/v3.9.3/luna-v3.9.3.tar.gz
tar -xf luna-v3.9.3.tar.gz

KoKo 环境部署

cd /opt
wget https://download.jumpserver.org/public/kubectl-linux-amd64.tar.gz -O kubectl.tar.gz
tar -xf kubectl.tar.gz
mv kubectl /usr/local/bin/rawkubectl
wget https://download.jumpserver.org/public/helm-v3.9.0-linux-amd64.tar.gz
tar -xf helm-v3.9.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/rawhelm
chmod 755 /usr/local/bin/rawkubectl /usr/local/bin/rawhelm
chown root:root /usr/local/bin/rawkubectl /usr/local/bin/rawhelm
rm -rf linux-amd64
wget https://github.com/jumpserver/koko/releases/download/v3.9.3/koko-v3.9.3-linux-amd64.tar.gz
tar -xf koko-v3.9.3-linux-amd64.tar.gz -C /opt
cd koko-v3.9.3-linux-amd64
mv kubectl /usr/local/bin/kubectl
cp config_example.yml config.yml
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:
# 启动 KoKo
nohup /opt/koko-v3.9.3-linux-amd64/koko &

Lion 环境部署

mkdir /opt/guacamole-v3.9.3
cd /opt/guacamole-v3.9.3
wget http://download.jumpserver.org/public/guacamole-server-1.4.0.tar.gz
tar -xzf guacamole-server-1.4.0.tar.gz
cd guacamole-server-1.4.0/

# 安装编译环境(根据实际报错安装对应的包)
apt -y install libpng-dev libjpeg-dev libcairo2-dev

# 构建 Guacd
./configure --with-init-dir=/etc/init.d
make && make install
ldconfig

# 下载 Lion
cd /opt
wget https://github.com/jumpserver/lion-release/releases/download/v3.9.3/lion-v3.9.3-linux-amd64.tar.gz
tar -xf lion-v3.9.3-linux-amd64.tar.gz
cd lion-v3.9.3-linux-amd64

# 修改配置文件
cp config_example.yml config.yml
vim config.yml

CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_DB_ROOM:

# 启动 Guacd
/etc/init.d/guacd start

# 启动 Lion
nohup /opt/lion-v3.9.3-linux-amd64/lion &

Magnus 环境部署

# 下载软件包
cd /opt
wget https://github.com/jumpserver/magnus-release/releases/download/v3.9.3/magnus-v3.9.3-linux-amd64.tar.gz
tar -xf magnus-v3.9.3-linux-amd64.tar.gz
cd magnus-v3.9.3-linux-amd64
wget https://github.com/jumpserver/wisp/releases/download/v0.1.16/wisp-v0.1.16-linux-amd64.tar.gz
tar -xf wisp-v0.1.16-linux-amd64.tar.gz
mv wisp-v0.1.16-linux-amd64/wisp /usr/local/bin/
chown root:root /usr/local/bin/wisp /opt/magnus-v3.9.3-linux-amd64/magnus
chmod 755 /usr/local/bin/wisp /opt/magnus-v3.9.3-linux-amd64/magnus

# 修改配置文件
cp config_example.yml config.yml
vim config.yml

CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
BIND_HOST: "0.0.0.0"
HTTP_PORT: 8080
MYSQL_PORT: 33060
MARIA_DB_PORT: 33062
POSTGRESQL_PORT: 54320
LOG_LEVEL: "info"
WISP_HOST: "localhost"
WISP_PORT: 9090

# 启动 Wisp
export CORE_HOST="http://127.0.0.1:8080"
echo 'export CORE_HOST="http://127.0.0.1:8080"' >> ~/.bashrc
export BOOTSTRAP_TOKEN=PGU4akstSR24Rcd1
echo 'export BOOTSTRAP_TOKEN=PGU4akstSR24Rcd1' >> ~/.bashrc
export WORK_DIR="/opt/magnus-v3.9.3-linux-amd64"
echo 'export WORK_DIR="/opt/magnus-v3.9.3-linux-amd64"' >> ~/.bashrc
export COMPONENT_NAME="magnus"
echo 'export COMPONENT_NAME="magnus"' >> ~/.bashrc
export EXECUTE_PROGRAM="/opt/magnus-v3.9.3-linux-amd64/magnus"
echo 'export EXECUTE_PROGRAM="/opt/magnus-v3.9.3-linux-amd64/magnus"' >> ~/.bashrc
nohup wisp &

安装Nginx

# 软件源的版本为1.18.0
apt -y install nginx

JumpServer 环境整合

# 先删除原有的配置
cd /etc/nginx
rm -rf sites-available/default
vim nginx.conf
include /etc/nginx/sites-enabled/*; # 删除这个
include /etc/nginx/conf.d/*.conf; # 保留这个

# 写入新的配置
vim /etc/nginx/conf.d/jumpserver.conf
server {
  listen 80;
  # server_name _;

  client_max_body_size 5000m; # 文件大小限制

  # 前端 Lina
  location /ui/ {
    try_files $uri / /index.html;
    alias /opt/lina-v3.9.3/;
    expires 24h;
  }

  # Luna 配置
  location /luna/ {
    try_files $uri / /index.html;
    alias /opt/luna-v3.9.3/;
    expires 24h;
  }

  # Core data 静态资源
  location /media/replay/ {
    add_header Content-Encoding gzip;
    root /opt/jumpserver-v3.9.3/data/;
  }

  location /static/ {
    root /opt/jumpserver-v3.9.3/data/;
    expires 24h;
  }

  # KoKo Lion 配置
  location /koko/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    # proxy_pass       http://127.0.0.1:5000;
    proxy_pass       http://koko:5000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  # lion 配置
  location /lion/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    # proxy_pass       http://127.0.0.1:8081;
    proxy_pass http://lion:8081;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_ignore_client_abort on;
    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 6000;
  }

  location /ws/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    # proxy_pass       http://127.0.0.1:8080;
    proxy_pass http://core:8080;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location ~ ^/(core|api|media)/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    # proxy_pass       http://127.0.0.1:8080;
    proxy_pass http://core:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location / {
    rewrite ^/(.*)$ /ui/$1 last;
  }
}
nginx -t
nginx -s reload
systemctl restart nginx

至此部署完成
访问地址:http://IP地址
默认账号密码均为admin

你可能感兴趣的:(服务器部署,运维,运维开发,ubuntu,服务器)