jumpserver-1.4.0.2
关闭防火墙和selinux
IP:192.168.199.115
一. 准备 Python3 和 Python 虚拟环境
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure && make && make install
cd /opt
python3 -m venv py3
source /opt/py3/bin/activate # 看到下面的提示符代表成功,以后运行 Jumpserver 都要先运行以上 source 命令,以下所有命令均在该虚拟环境中运行
(py3) [root@localhost py3]
二. 安装 Jumpserver 1.0.0
2.1 下载或 Clone 项目
项目提交较多 git clone 时较大,你可以选择去 Github 项目页面直接下载zip包,我是下载安装包之后安装
cd /opt/
#git clone --depth= https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master (从官网下载直接安装)
下载安装包之后把下载的jumpserver-master.zip上传到 /opt目录
unzip jumpserver-master.zip
mv jumpserver-master jumpserver
2.2 安装依赖 RPM 包
cd /opt/jumpserver/requirements
yum -y install $(cat rpm_requirements.txt) # 如果没有任何报错请继续
2.3 安装 Python 库依赖
pip install -r requirements.txt # 不要指定-i参数,因为镜像上可能没有最新的包,如果没有任何报错请继续
2.4 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
yum -y install redis
systemctl start redis
systemctl enable redis
2.5 安装 MySQL
yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb
systemctl start mariadb
systemctl enable mariadb
2.6 创建数据库 Jumpserver 并授权
$ mysql
> create database jumpserver default charset 'utf8';
> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jason_zhang';
2.7 修改 Jumpserver 配置文件
$ cd /opt/jumpserver
$ cp config_example.py config.py
$ vi config.py # 修改其中 DevelopmentConfig的配置,因为默认jumpserver是使用该配置,它继承自Config
(py3) [root@jason jumpserver]# cat config.py |grep -Ev '^$|^#'
"""
jumpserver.config
~~~~~~~~~~~~~~~~~
Jumpserver project setting file
:copyright: (c) - by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
class Config:
# Use it to encrypt or decrypt data
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
# Django security setting, if your disable debug model, you should setting that
ALLOWED_HOSTS = ['*']
# Development env open this, when error occur display the full process track, Production disable it
DEBUG = os.environ.get("DEBUG") or True
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'DEBUG'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Database setting, Support sqlite3, mysql, postgres ....
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# SQLite setting:
DB_ENGINE = 'sqlite3'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
# MySQL or postgres setting like:
# DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
# DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
# DB_PORT = os.environ.get("DB_PORT") or
# DB_USER = os.environ.get("DB_USER") or 'jumpserver'
# DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
# DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:
HTTP_BIND_HOST = '0.0.0.0'
HTTP_LISTEN_PORT =
# Use Redis as broker for celery and web socket
REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
REDIS_PORT = os.environ.get("REDIS_PORT") or
REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
REDIS_DB_CELERY = os.environ.get('REDIS_DB') or
REDIS_DB_CACHE = os.environ.get('REDIS_DB') or
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
DEBUG = True
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver'
DB_PASSWORD = 'jason_zhang'
DB_NAME = 'jumpserver'
class TestConfig(Config):
pass
class ProductionConfig(Config):
pass
config = DevelopmentConfig()
2.8 生成数据库表结构和初始化数据
cd /opt/jumpserver/utils
bash make_migrations.sh
2.9 运行 Jumpserver
cd /opt/jumpserver
python run_server.py all (这个xshell界面不能停止运行,另打开一个进行接下来的操作)
运行不报错,请浏览器访问 http://192.168.199.115:8080/
账号: admin 密码: admin
三. 安装 SSH Server 和 WebSocket Server: Coco
新开一个终端,运行Python3虚拟环境
source /opt/py3/bin/activate
3.1 下载或 Clone 项目
cd /opt
git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
3.2 安装依赖
cd /opt/coco/requirements
yum -y install $(cat rpm_requirements.txt)
pip install -r requirements.txt
3.3 查看配置文件并运行
cd /opt/coco
cp conf_example.py conf.py
python run_server.py
这时需要去 Jumpserver 管理后台-会话管理-终端管理,(http://192.168.199.115:8080/terminal/terminal/)接受 Coco 的注册
四. 安装 Web Terminal 前端: Luna
另开一个终端,运行Python3虚拟环境
Luna 已改为纯前端,需要 Nginx 来运行访问
访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包,放在/opt目录下,直接解压,不需要编译
4.1 解压 Luna
tar xvf luna.tar.gz
五. 安装 Windows 支持组件
因为手动安装 guacamole 组件比较复杂,这里提供打包好的 docker 使用, 启动 guacamole
yum install docker -y
systemctl start docker
systemctl enable docker
docker run --name jms_guacamole -d \
-p : -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://192.168.199.115:8080 \
registry.jumpserver.org/public/guacamole:latest
这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义一下。
再次强调:修改 JUMPSERVER_SERVER 环境变量的配置,填上 Jumpserver 的内网地址, 这时 去 Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册
六. 配置 Nginx 整合各组件
6.1 安装 Nginx 根据喜好选择安装方式和版本
yum -y install nginx
systemctl start nginx
systemctl enable nginx
6.2 准备配置文件 /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# Load configuration files for the default server block.
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
}
}
}
nginx -t (检测配置文件是否正确)
nginx -s reload
http://192.168.199.115/
开机自动运行Python3虚拟环境和jumpserver
vim /etc/rc.d/rc.local
cd /opt
source /opt/py3/bin/activate
cd /opt/jumpserver
./jms start
chmod +x rc.local
参考:https://jumpserver.readthedocs.io/zh/latest/step_by_step.html
jumpserver-1.4.0.2的更多相关文章
- jumpserver V0.4.0 在CentOs7上的安装
基于 CentOS 7 一步一步安装 Jumpserver 0.4.0 环境 系统: CentOS 7 IP: 192.168.226.128 一. 准备Python3和Python虚拟环境 1.1 ...
- jumpserver v0.4.0 基于 CenOS7 的安装详解
标签(linux): jumpserver 笔者Q:972581034 交流群:605799367.有任何疑问可与笔者或加群交流 笔者已经弃用Jumpserver,并自已开发了shell跳板机. sh ...
- Centos 7.6 部署 Jumpserver 1.5.0
1.基础设置 # 版本说明 操作系统:centos7. jumpserver: # 升级所有包同时也升级软件和系统内核 yum update -y # selinux配置 setenforce sed ...
- jumpserver部署1.0版本
A. jumpserver概述 跳板机概述: 跳板机就是一台服务器,开发或运维人员在维护过程中首先要统一登录到这台服务器,然后再登录到目标设备进行维护和操作: 跳板机缺点:没有实现对运维人员操作行为的 ...
- jumpserver v0.5.0 创建用户和管理机器
用户管理-创建用户 data 用户详情 如下 创建用户组 data 资产列表添加资产 jumpserver 的 root 公钥需保持到 后端服务器的 authorized_keys 里, 然后测 ...
- CentOS7 开源跳板机(堡垒机) Jumpserver
开源跳板机(堡垒机)Jumpserver 环境 CentOS 7 x64 关闭 selinux firewalld jumpserver: 172.24.0.14 testserve ...
- JumpServer1.0 服务搭建
JumpServer1.0 服务搭建 系统环境配置 setenforce 0 systemctl stop iptables.service systemctl stop firewalld.serv ...
- 【转】jumpserver 堡垒机环境搭建(图文详解)
jumpserver 堡垒机环境搭建(图文详解) 摘要: Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能.基于ssh协议来管理,客户端无需安装ag ...
- Jumpserver堡垒机搭建(脚本自动化)
#!/bin/bash # coding: utf- # Copyright (c) set -e #返回值为非0时,退出脚本 echo "0. 系统的一些配置" setenfor ...
- 用 Docker 来构建 Jumpserver
说明: 项目从 [ Jumpserver 官方 ] fork 而来. 主要更新: OS: ubuntu:18.04 优化了 Dockerfile Jumpserver 版本: 1.4.0 redis ...
随机推荐
- java -version 问题 : C:\ProgramData\Oracle\Java\javapath;
我把 JAVA_HOME 从8改成了 7 , 为什么还是 显示的8啊 ! E:\sv0\jars>java -version java version "1.8.0_111" ...
- ELK测试安装
https://blog.csdn.net/guyan0319/article/details/78749639 https://www.cnblogs.com/frankdeng/p/9139035 ...
- 34. Win7_x64安装oracle11g出现DIM-00019
Win7_x64安装oracle11g出现如下异常处理方式 DIM-00019:创建服务时出错. O/S-ERROR:(OS 1726)远程过程调用失败. 点击弹出的错误框上的确定按钮后,继续弹出错误 ...
- Chrome(谷歌浏览器)和Firefox浏览器flash的swf文件发黑不透明问题解决方法
一直以来看到各大网站的FLASH都是黑框框的,很好奇,难道他们不知道flash是可以设成透明的?于是用IE Tab插件浏览了下,发现人家的网页又正常,这样一来我就开始怀疑是我的Chrome有问题,于是 ...
- JsonConvert
///"{'jsonParam' : " + jsonText + "}" /* Dictionary<string, object> tmp = ...
- react-navigation,StackNavigator,TabNavigator 导航使用
StackNavigator 参考这里 TabNavigator 参考这里 是一个组合,我把这2个写在一起了 代码: import React, { Component } from 'react ...
- CSS样式学习-2
一.大小 ①width宽:height高. !注释:<a><span>无法使用该方法调整大小 控制元素的大小:宽高.下例是宽高分别100像素的div标签. <div st ...
- 微信小程序实例源码大全下载
小程序QQ交流群:131894955 小程序开发直播腾讯课堂: https://edu.csdn.net/course/detail/6743 微信小程序实例源码大全下载 微信小应用示例代码(p ...
- subprocess.Popen模块
该类用于在一个新的进程中执行一个子程序.subprocess模块底层的进程创建和管理是由Popen类来处理的. 1.subprocess.Popen的构造函数 class subprocess.Pop ...
- Cause: java.sql.SQLException: The user specified as a definer ('root'@'%') does not exist
权限问题,授权 给 root 所有sql 权限 mysql> grant all privileges on *.* to root@"%" identified by &q ...