jumpserver+Keepalived中一些配置
haproxy的配置
这里只代理了luna
coco的2222端口暂时没代理。后期有需求再改造
(py3) [root@dawn-jump-2 /app]# cat /etc/haproxy/haproxy.cfg
global
#设置日志
log 127.0.0.1 local3 info
chroot /var/lib/haproxy
#用户与用户组
user haproxy
group haproxy
#守护进程启动
daemon
#最大连接数
maxconn 100000
nbproc 1 #默认配置
defaults
log global
mode http
option http-keep-alive
maxconn 100000
retries 3 #连接后端服务器的失败重试次数
option httplog
option dontlognull #日志中不记录空连接,比如不记录健康检查的连接
option forwardfor #这里设置之后,下面的frontend和backend默认会继承它
timeout connect 10s
timeout client 20s
timeout server 30s
timeout check 5s #对后端服务器的检测超时时间 #设置管理页面,开启Haproxy Status状态监控,增加验证
listen admin_stats
bind *:9188
mode http
log 127.0.0.1 local3 err
stats refresh 30s
stats uri /my_haproxy_status
stats realm welcome login\ Haproxy
stats auth ha_admin:ha_admixxxx
stats hide-version
stats admin if TRUE #前端配置,http_front名称可自定义
frontend http_front_end
bind *:80
mode http
option httpclose #每次请求完毕后主动关闭http通道
default_backend http_back_end #后端配置,http_back名称可自定义
backend http_back_end
mode http
balance source
option httpchk HEAD /static/check.html HTTP/1.0 #设置健康检查页面
server node1 10.0.2.54:8181 check inter 2000 rise 3 fall 3 weight 6
server node2 10.0.2.55:8181 check inter 2000 rise 3 fall 3 weight 6
(py3) [root@dawn-jump-2 /app]#
nginx的配置
(py3) [root@dawn-jump-2 ~]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf; events {
worker_connections 1024;
} http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048; include /etc/nginx/mime.types;
default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf; server {
listen 8181;
root /usr/share/nginx/html; # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
} location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
} location /static/ {
root /opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改
} location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
client_max_body_size 1000m; # Windows 文件上传大小限制
} location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} error_page 404 /404.html;
location = /40x.html {
} error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
} (py3) [root@dawn-jump-2 ~]#
coco的配置
(py3) [root@dawn-jump-2 /opt/coco]# cat conf.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# import os BASE_DIR = os.path.dirname(__file__) class Config:
"""
Coco config file, coco also load config from server update setting below
"""
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
NAME = "coco" # Jumpserver项目的url, api请求注册会使用
CORE_HOST = 'http://127.0.0.1:8080' # 启动时绑定的ip, 默认 0.0.0.0
BIND_HOST = '0.0.0.0' # 监听的SSH端口号, 默认2222
SSHD_PORT = 2222 # 监听的HTTP/WS端口号,默认5000
HTTPD_PORT = 5000 # 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY = None # ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key') # 加密密钥
# SECRET_KEY = None # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
# LOG_LEVEL = 'INFO' # 日志存放的目录
# LOG_DIR = os.path.join(BASE_DIR, 'logs') # Session录像存放目录
# SESSION_DIR = os.path.join(BASE_DIR, 'sessions') # 资产显示排序方式, ['ip', 'hostname']
# ASSET_LIST_SORT_BY = 'ip' # 登录是否支持密码认证
# PASSWORD_AUTH = True # 登录是否支持秘钥认证
# PUBLIC_KEY_AUTH = True # 和Jumpserver 保持心跳时间间隔
# HEARTBEAT_INTERVAL = 5 # Admin的名字,出问题会提示给用户
# ADMINS = ''
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE = {
"TYPE": "server"
} config = Config()
(py3) [root@dawn-jump-2 /opt/coco]#
jumpserver+Keepalived中一些配置的更多相关文章
- LVS+Keepalived负载均衡配置
简介 lvs一般是和keepalived一起组合使用的,虽然也可以单独使用lvs,但配置比较繁琐,且可用性也没有前者高. lvs和keepalived组合使用后,配置lvs的VIP和负载均衡就都在ke ...
- [转]LVS+Keepalived负载均衡配置
简介 来源:https://www.cnblogs.com/MacoLee/p/5858995.html lvs一般是和keepalived一起组合使用的,虽然也可以单独使用lvs,但配置比较繁琐,且 ...
- Keepalived的全局配置
Keepalived的全局配置 默认配置文件如下: ! Configuration File for keepalived global_defs { notification_email { aca ...
- keepalived 安装和配置
第一步:安装 yum -y install keepalived 第二步:配置 /etc/keepalived/keepalived.conf ! Configuration File for kee ...
- Keepalived + HAProxy 搭建【第二篇】Keepalived 安装与配置
第一步:准备 1. 简介 本文搭建的是利用 Keepalived 实现 HAProxy 的热备方案,即两台主机上的 HAProxy 实例同时运行,其中全总较高的实例为 MASTER,MASTER出现异 ...
- Keepalived部署与配置详解
Keepalive详解 工作原理 Keepalived本质就是为ipvs服务的,它也不需要共享存储.IPVS其实就是一些规则,Keepalived主要的任务就是去调用ipvsadm命令,来生成规则,并 ...
- keepalived 安装及配置
简介 Keepalived是一个基于VRRP协议来实现的服务高可用方案,可以利用其来避免IP单点故障,类似的工具还有heartbeat.corosync.pacemaker. 但是它一般不会单独出现, ...
- Keepalived详解(二):Keepalived安装与配置【转】
一.Keepalived安装与配置: 1.Keepalived的安装过程: Keepalived的安装非常简单,本实例以源码安装讲解: Keepalived的官方网址:http://www.keepa ...
- Linux下Keepalived安装与配置
一.简介 负载平衡是一种在真实服务器集群中分配IP流量的方法,可提供一个或多个高度可用的虚拟服务.在设计负载均衡拓扑时,重要的是要考虑负载均衡器本身的可用性以及它背后的真实服务器.用C编写的类似于la ...
随机推荐
- Java虚拟机学习-对象的创建
虚拟机遇到一条new指令时,首先将去检查这个指令的参数是否能在常量池中定位到一个类的符号引用,并且检查这个符号引用代表的类是否已经被加载.解析和初始化过.如果没有,必须先执行相应类的加载过程. 类加载 ...
- JS之代理模式
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...
- 七月在线爬虫班学习笔记(五)——scrapy spider的几种爬取方式
第五课主要内容有: Scrapy框架结构,组件及工作方式 单页爬取-julyedu.com 拼URL爬取-博客园 循环下页方式爬取-toscrape.com Scrapy项目相关命令-QQ新闻 1.S ...
- 问题1:Oracle数据库监听启动失败(重启监听,提示The listener supports no services)
编辑监听文件:/home/DB/oracle/11gR2/db/network/admin/listener.ora 在文件内添加静态监听实例,如下内容: SID_LIST_LISTENER =(SI ...
- win10安装java
java安装还比较顺利,贴两篇亲测可行的教程 1.开发环境安装:https://www.cnblogs.com/shirley-0021/p/8510051.html 2.开发工具安装(Eclipse ...
- python爬虫基础_requests和bs4
这些都是笔记,还缺少详细整理,后续会更新. 下面这种方式,属于入门阶段,手动成分比较多. 首先安装必要组件: pip3 install requests pip3 install beautifuls ...
- Prime ring problem,递归,广搜,回溯法枚举,很好的题
题目描述: A ring is compose of n circles as shown in diagram. Put natural number 1, 2, ..., n into each ...
- 精进之路之volatile
volatile 首先了解下Java 内存模型中的可见性.原子性和有序性. 可见性: 可见性是一种复杂的属性,因为可见性中的错误总是会违背我们的直觉.通常,我们无法确保执行读操作的线程能适时地看到其他 ...
- HTTP Status 500 - Error instantiating servlet class cn.it.bd.S011
HTTP Status 500 - Error instantiating servlet class cn.it.bd.S011 出现此报错的很大可能是因为 <servlet-class> ...
- Prime31
https://prime31.com/plugins