centos7在线yum安装jumpsever2.2.2
#查看主机名
host=$(hostname)
# 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
#关闭防火墙
systemctl stop firewalld
systemctl status firewalld
systemctl disable firewalld
#关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
#优化文件描述符
at >>/etc/security/limits.conf<<-EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF ulimit -v unlimited
sleep 1 cat >>/etc/sysctl.conf<<-EOF
fs.file-max=65535
EOF /sbin/sysctl -p
sleep 1 . /etc/profile
/sbin/ldconfig
#设置主机名
sed -i "s/localhost4.localdomain4/localhost4.localdomain4 $host/g" /etc/hosts
sed -i "s/localhost6.localdomain6/localhost6.localdomain6 $host/g" /etc/hosts
#优化系统
echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf
echo 'vm.swappiness = 0' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog = 65536' >> /etc/sysctl.conf
echo 'net.core.netdev_max_backlog = 32768' >> /etc/sysctl.conf
echo 'net.core.somaxconn = 32768' >> /etc/sysctl.conf
echo 'net.core.wmem_default = 8388608' >> /etc/sysctl.conf
echo 'net.core.rmem_default = 8388608' >> /etc/sysctl.conf
echo 'net.core.rmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_timestamps = 0' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_tw_buckets = 6000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_mem = 94500000 915000000 927000000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_orphans = 3276800' >> /etc/sysctl.conf
echo 'net.ipv4.ip_local_port_range = 1024 65535' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_fin_timeout = 30' >> /etc/sysctl.conf
/sbin/sysctl -p
#yum源地址为aliyun
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
yum install lrzsz vim* git screen wget
yum -y update
yum -y install epel-release
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
yum clean all
yum makecache
#安装python
yum -y install python36 python36-devel
#安装redis
yum -y install redis jemalloc
systemctl enable redis
systemctl start redis
#安装mariadb
yum -y install mariadb-server mariadb-devel mariadb
systemctl enable mariadb
systemctl start mariadb
mysqladmin -u root password ‘你的免密’
cat > /tmp/mysql_sec_script<<EOF
drop database test;
use mysql;
create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
flush privileges;
EOF
mysql -u root -p你的密码 -h 127.0.0.1 < /tmp/mysql_sec_script
#创建 Python 虚拟环境
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate #部分系统可能会提示 source: not found, 可以使用 . 代替 source
. /opt/py3/bin/activate
#获取 JumpServer 代码
tar zvxf jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2 /opt/jumpserver
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
#pip插件
pip install wheel
pip install --upgrade pip setuptools
pip install -r requirements.txt
#生成随机SECRET_KEY SECRET_KEY=下面命令的key
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50
echo "source /opt/py3/bin/activate" >> ~/.bashrc
#运行 Jumpserver 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all # 后台运行使用 -d 参数./jms start all -d
cd /opt/jumpserver
./jms start
#正常部署 KoKo 组件
tar zvxf koko-v2.2.2-linux-amd64.tar.gz
mv koko-v2.2.2-linux-amd64 /opt/jumpserver/koko
cd /opt/jumpserver/koko
chown -R root:root koko
cd koko
mv kubectl /usr/local/bin/
##正常部署kubectl
tar zvxf kubectl.tar.gz
chmod 755 kubectl
mv kubectl /usr/local/bin/rawkubectl
cd /opt/koko
#生成随机BOOTSTRAP_TOKEN BOOTSTRAP_TOKEN=下面命令的key
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
#启动koko start|stop| 后台运行请执行./koko -d 参数 停止执行./koko -s stop
./koko start
#安装jdk
yum install -y java-1.8.0-openjdk
#安装el
yum -y localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
#安装guacamole
yum -y install libtelnet libtelnet-devel libwebsockets libwebsockets-devel cairo cairo-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel uuid uuid-devel freerdp freerdp-devel pango pango-devel libtool ffmpeg ffmpeg-devel libssh2-devel libvncserver libvncserver-devel pulseaudio pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
mkdir /opt/docker-guacamole
tar zvxf docker-guacamole-v2.2.2.tar.gz -C /opt/docker-guacamole --strip-components 1
tar zvxf guacamole-server-1.2.0.tar.gz
tar zvxf ssh-forward.tar.gz -C /bin/
\cp $cur_dir/guacamole-server-1.2.0 /opt/docker-guacamole/guacamole-server-1.2.0
chmod +x /bin/ssh-forward cd /opt/docker-guacamole/guacamole-server-1.2.0
./configure --with-init-dir=/etc/init.d
make
make install mkdir -p /config/guacamole /config/guacamole/keys /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive /config/guacamole/lib /config/guacamole/data/log
chown daemon:daemon /config/guacamole/record /config/guacamole/drive
cd /config
#安装tomcat
tar zxvf apache-tomcat-8.5.57.tar.gz
mv apache-tomcat-8.5.57 /config/jumpserver
rm -rf /config/jumpserver/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/jumpserver/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/jumpserver/conf/logging.properties tar zxvf guacamole-client-v2.2.2.tar.gz
cp guacamole-client-v2.2.2/guacamole-*.war /config/jumpserver/webapps/ROOT.war
cp guacamole-client-v2.2.2/guacamole-*.jar /config/guacamole/extensions/
mv /opt/docker-guacamole/guacamole.properties /config/guacamole/
rm -rf /opt/docker-guacamole
#设置 Guacamole 环境
#JUMPSERVER_SERVER 指 core 访问地址
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc #JUMPSERVER_KEY_DIR 认证成功后 key 存放目录
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc #GUACAMOLE_HOME 为 guacamole.properties 配置文件所在目录
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc #GUACAMOLE_LOG_LEVEL 为生成日志的等级
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc #JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc #BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
#启动 Guacamole
/etc/init.d/guacd start
/bin/bash /config/jumpserver/bin/startup.sh
#正常部署Lina
tar zvxf lina-v2.2.2.tar.gz
mv lina-v2.2.2 /opt/lina tar -xf luna-v2.2.2.tar.gz
mv luna-v2.2.2 luna
vim nginx.conf [nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true cp nginx.repo /etc/yum.repos.d/nginx.repo
#安装nginx
yum install nginx
配置 Nginx 整合各组件
echo > /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
} location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
} location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
} location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
} location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
} location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
systemctl enable nginx
systemctl start nginx
chown -R nginx:nginx /opt/lina
chown -R nginx:nginx /opt/luna
#nginx: [error] invalid PID number in nginx.pid 的解决办法
nginx -c /etc/nginx/nginx.conf
nginx -s reload
centos7在线yum安装jumpsever2.2.2的更多相关文章
- centos7在线yum安装mysql时官方镜像下载过慢的解决方案
帮客户调试数据库,搭建一测试环境,centos7最小化安装后,在线安装mysql. 步骤: 1. wget -i http://dev.mysql.com/get/mysql57-community- ...
- centos7+ 在线yum安装docker-ce
yum install -y yum-utils //扩展yum功能 yum-config-manager --add-repo http://mirrors.aliyun.com/docker- ...
- 阿里云Centos7使用yum安装MySQL5.6的正确姿势
阿里云Centos7使用yum安装MySQL5.6 阿里云Centos7使用yum安装MySQL5.6 前言:由于某些不可抗力,我要在自己的阿里云服务器上搭建hadoop+hive+mysql+tom ...
- centos7通过yum安装nginx
centos7通过yum安装nginx nginx不支持centos7通过yum直接安装~~~ 1.查看操作系统位数[root@-jenkins ~]# rpm -aq|grep centos-rel ...
- <亲测>centos7通过yum安装JDK1.8(实际上是openjdk)
centos7通过yum安装JDK1.8 安装之前先检查一下系统有没有自带open-jdk 命令: rpm -qa |grep java rpm -qa |grep jdk rpm -qa |gr ...
- centos7.0 yum 安装php服务器
https://blog.csdn.net/jiaoshenmo/article/details/50923900 首先收一下:centos7.0用yum直接安装apache.php他们的默认版本是a ...
- CentOS7使用yum安装LNMP环境以后无法打开php页面
CentOS7使用yum安装LNMP环境以后无法打开php页面 页面提示为File not found 查看nginx错误日志/var/log/nginx/error.log提示如下 原因分析 ngi ...
- CentOS7通过 yum安装路径查询方法
CentOS7通过 yum安装路径查询方法 rpm -qa 然后执行 rpm -ql 软件名称 就可以显示软件的安装路径. 原文博客的链接地址:https://cnblogs.com/qzf/
- centos7 下 yum 安装Nginx
centos7 下 yum 安装和配置 Nginx 添加yum源 Nginx不在默认的yum源中,可以使用epel或者官网的yum源,这里使用官网的yum源 rpm -ivh http://nginx ...
随机推荐
- 在虚拟机中安装Mysql
目录 下载Mysql 安装 配置mysql允许远程访问 下载Mysql 下载地址:http://dev.mysql.com/downloads/mysql 我这里下载的是安装版本 安装 配置mysql ...
- 关于vector的自我补充
insert()函数,选择性插入. insert(v.begin()+i,x)意思就是把x插入vector数组v的第i位置上(也是迭代器的位置上),其后面的数字都会自动后移.注意i是从0开始的! er ...
- linux 命令行安装谷歌浏览器
wget https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm 2. yum install -y ls ...
- 笔记:Xshell、更新源、安装软件
一.Xshell首次连接kali系统中的ssh 1.Xshell :帮助我们去连接各种服务平台,方便管理服务器,链路可以加密处理(ssh/vsftp). 2.步骤: step1:开启kali中的ssh ...
- Jmeter 常用函数(16)- 详解 __split
如果你想查看更多 Jmeter 常用函数可以在这篇文章找找哦 https://www.cnblogs.com/poloyy/p/13291704.htm 作用 根据分隔符分割传递给它的字符串 语法格式 ...
- 多线程系列(二)之Thread类
在上一遍文章中讲到多线程基础,在此篇文章中我们来学习C#里面Thread类.Thread类是在.net framework1.0版本中推出的API.如果对线程的概念还不太清楚 的小伙伴请阅读我的上一遍 ...
- ubuntu 本地源搭建
1.软件包放在 deps 目录下: dpkg-scanpackages deps /dev/null |gzip > deps/Packages.gz -r 2.更新 sources.list ...
- 第四篇Scrum冲刺博客--Interesting-Corps
第四篇Scrum冲刺博客 站立式会议 1.会议照片 2.队友完成情况 团队成员 昨日完成 今日计划 鲍鱼铭 搜索页面跳转.设计及布局实现 音乐详情页面跳转.设计及布局实现设计 叶学涛 编写设置页面 编 ...
- Newbe.Claptrap 框架入门,第三步 —— 定义 Claptrap,管理商品库存
接上一篇 Newbe.Claptrap 框架入门,第二步 —— 简单业务,清空购物车 ,我们继续要了解一下如何使用 Newbe.Claptrap 框架开发业务.通过本篇阅读,您便可以开始学会添加一个全 ...
- 快醒醒,C# 9 中又来了一堆关键词 init,record,with
一:背景 1. 讲故事 .NET5 终于在 2020-08-25 也就是前天发布了第八个预览版,这么多的预览版搞得我都麻木了,接踵而来的就是更多的新特性加入到了 C# 9 中,既然还想呆在这条船上,得 ...