centos7在线yum安装jumpsever2.2.2
#查看主机名
host=$(hostname)
# 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
#关闭防火墙
systemctl stop firewalld
systemctl status firewalld
systemctl disable firewalld
#关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
#优化文件描述符
at >>/etc/security/limits.conf<<-EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF ulimit -v unlimited
sleep 1 cat >>/etc/sysctl.conf<<-EOF
fs.file-max=65535
EOF /sbin/sysctl -p
sleep 1 . /etc/profile
/sbin/ldconfig
#设置主机名
sed -i "s/localhost4.localdomain4/localhost4.localdomain4 $host/g" /etc/hosts
sed -i "s/localhost6.localdomain6/localhost6.localdomain6 $host/g" /etc/hosts
#优化系统
echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf
echo 'vm.swappiness = 0' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog = 65536' >> /etc/sysctl.conf
echo 'net.core.netdev_max_backlog = 32768' >> /etc/sysctl.conf
echo 'net.core.somaxconn = 32768' >> /etc/sysctl.conf
echo 'net.core.wmem_default = 8388608' >> /etc/sysctl.conf
echo 'net.core.rmem_default = 8388608' >> /etc/sysctl.conf
echo 'net.core.rmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_timestamps = 0' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_tw_buckets = 6000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_mem = 94500000 915000000 927000000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_orphans = 3276800' >> /etc/sysctl.conf
echo 'net.ipv4.ip_local_port_range = 1024 65535' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_fin_timeout = 30' >> /etc/sysctl.conf
/sbin/sysctl -p
#yum源地址为aliyun
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
yum install lrzsz vim* git screen wget
yum -y update
yum -y install epel-release
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
yum clean all
yum makecache
#安装python
yum -y install python36 python36-devel
#安装redis
yum -y install redis jemalloc
systemctl enable redis
systemctl start redis
#安装mariadb
yum -y install mariadb-server mariadb-devel mariadb
systemctl enable mariadb
systemctl start mariadb
mysqladmin -u root password ‘你的免密’
cat > /tmp/mysql_sec_script<<EOF
drop database test;
use mysql;
create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
flush privileges;
EOF
mysql -u root -p你的密码 -h 127.0.0.1 < /tmp/mysql_sec_script
#创建 Python 虚拟环境
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate #部分系统可能会提示 source: not found, 可以使用 . 代替 source
. /opt/py3/bin/activate
#获取 JumpServer 代码
tar zvxf jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2 /opt/jumpserver
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
#pip插件
pip install wheel
pip install --upgrade pip setuptools
pip install -r requirements.txt
#生成随机SECRET_KEY SECRET_KEY=下面命令的key
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50
echo "source /opt/py3/bin/activate" >> ~/.bashrc
#运行 Jumpserver 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all # 后台运行使用 -d 参数./jms start all -d
cd /opt/jumpserver
./jms start
#正常部署 KoKo 组件
tar zvxf koko-v2.2.2-linux-amd64.tar.gz
mv koko-v2.2.2-linux-amd64 /opt/jumpserver/koko
cd /opt/jumpserver/koko
chown -R root:root koko
cd koko
mv kubectl /usr/local/bin/
##正常部署kubectl
tar zvxf kubectl.tar.gz
chmod 755 kubectl
mv kubectl /usr/local/bin/rawkubectl
cd /opt/koko
#生成随机BOOTSTRAP_TOKEN BOOTSTRAP_TOKEN=下面命令的key
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
#启动koko start|stop| 后台运行请执行./koko -d 参数 停止执行./koko -s stop
./koko start
#安装jdk
yum install -y java-1.8.0-openjdk
#安装el
yum -y localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
#安装guacamole
yum -y install libtelnet libtelnet-devel libwebsockets libwebsockets-devel cairo cairo-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel uuid uuid-devel freerdp freerdp-devel pango pango-devel libtool ffmpeg ffmpeg-devel libssh2-devel libvncserver libvncserver-devel pulseaudio pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
mkdir /opt/docker-guacamole
tar zvxf docker-guacamole-v2.2.2.tar.gz -C /opt/docker-guacamole --strip-components 1
tar zvxf guacamole-server-1.2.0.tar.gz
tar zvxf ssh-forward.tar.gz -C /bin/
\cp $cur_dir/guacamole-server-1.2.0 /opt/docker-guacamole/guacamole-server-1.2.0
chmod +x /bin/ssh-forward cd /opt/docker-guacamole/guacamole-server-1.2.0
./configure --with-init-dir=/etc/init.d
make
make install mkdir -p /config/guacamole /config/guacamole/keys /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive /config/guacamole/lib /config/guacamole/data/log
chown daemon:daemon /config/guacamole/record /config/guacamole/drive
cd /config
#安装tomcat
tar zxvf apache-tomcat-8.5.57.tar.gz
mv apache-tomcat-8.5.57 /config/jumpserver
rm -rf /config/jumpserver/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/jumpserver/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/jumpserver/conf/logging.properties tar zxvf guacamole-client-v2.2.2.tar.gz
cp guacamole-client-v2.2.2/guacamole-*.war /config/jumpserver/webapps/ROOT.war
cp guacamole-client-v2.2.2/guacamole-*.jar /config/guacamole/extensions/
mv /opt/docker-guacamole/guacamole.properties /config/guacamole/
rm -rf /opt/docker-guacamole
#设置 Guacamole 环境
#JUMPSERVER_SERVER 指 core 访问地址
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc #JUMPSERVER_KEY_DIR 认证成功后 key 存放目录
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc #GUACAMOLE_HOME 为 guacamole.properties 配置文件所在目录
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc #GUACAMOLE_LOG_LEVEL 为生成日志的等级
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc #JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc #BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
#启动 Guacamole
/etc/init.d/guacd start
/bin/bash /config/jumpserver/bin/startup.sh
#正常部署Lina
tar zvxf lina-v2.2.2.tar.gz
mv lina-v2.2.2 /opt/lina tar -xf luna-v2.2.2.tar.gz
mv luna-v2.2.2 luna
vim nginx.conf [nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true cp nginx.repo /etc/yum.repos.d/nginx.repo
#安装nginx
yum install nginx
配置 Nginx 整合各组件
echo > /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
} location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
} location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
} location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
} location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
} location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
systemctl enable nginx
systemctl start nginx
chown -R nginx:nginx /opt/lina
chown -R nginx:nginx /opt/luna
#nginx: [error] invalid PID number in nginx.pid 的解决办法
nginx -c /etc/nginx/nginx.conf
nginx -s reload
centos7在线yum安装jumpsever2.2.2的更多相关文章
- centos7在线yum安装mysql时官方镜像下载过慢的解决方案
帮客户调试数据库,搭建一测试环境,centos7最小化安装后,在线安装mysql. 步骤: 1. wget -i http://dev.mysql.com/get/mysql57-community- ...
- centos7+ 在线yum安装docker-ce
yum install -y yum-utils //扩展yum功能 yum-config-manager --add-repo http://mirrors.aliyun.com/docker- ...
- 阿里云Centos7使用yum安装MySQL5.6的正确姿势
阿里云Centos7使用yum安装MySQL5.6 阿里云Centos7使用yum安装MySQL5.6 前言:由于某些不可抗力,我要在自己的阿里云服务器上搭建hadoop+hive+mysql+tom ...
- centos7通过yum安装nginx
centos7通过yum安装nginx nginx不支持centos7通过yum直接安装~~~ 1.查看操作系统位数[root@-jenkins ~]# rpm -aq|grep centos-rel ...
- <亲测>centos7通过yum安装JDK1.8(实际上是openjdk)
centos7通过yum安装JDK1.8 安装之前先检查一下系统有没有自带open-jdk 命令: rpm -qa |grep java rpm -qa |grep jdk rpm -qa |gr ...
- centos7.0 yum 安装php服务器
https://blog.csdn.net/jiaoshenmo/article/details/50923900 首先收一下:centos7.0用yum直接安装apache.php他们的默认版本是a ...
- CentOS7使用yum安装LNMP环境以后无法打开php页面
CentOS7使用yum安装LNMP环境以后无法打开php页面 页面提示为File not found 查看nginx错误日志/var/log/nginx/error.log提示如下 原因分析 ngi ...
- CentOS7通过 yum安装路径查询方法
CentOS7通过 yum安装路径查询方法 rpm -qa 然后执行 rpm -ql 软件名称 就可以显示软件的安装路径. 原文博客的链接地址:https://cnblogs.com/qzf/
- centos7 下 yum 安装Nginx
centos7 下 yum 安装和配置 Nginx 添加yum源 Nginx不在默认的yum源中,可以使用epel或者官网的yum源,这里使用官网的yum源 rpm -ivh http://nginx ...
随机推荐
- 2020重新出发,JAVA语言,什么是JAVA?
@ 目录 什么是 java? JAVA三大体系 Java SE Java EE JavaME java的主要特性和优势 1. 面向对象 2. 平台无关性 3. 可移植性 4. 简单性 5. 解释执行 ...
- Java 开发者的编程噩梦,为什么你的代码总有 bug🐛?
文章已经收录在 Github.com/niumoo/JavaNotes ,更有 Java 程序员所需要掌握的核心知识,欢迎Star和指教. 欢迎关注我的公众号,文章每周更新. 很多 Java 初学者在 ...
- 怎么写简历,简历才不会被丢到非洲🌍
前言 只有光头才能变强. 文本已收录至我的GitHub精选文章,欢迎Star:https://github.com/ZhongFuCheng3y/3y 最近的三歪朋友圈可以看到很多的字节.腾讯的同学都 ...
- K8S 创建管理员账号
一.生成管理员证书 cat > admin-csr.json <<EOF { "CN": "admin", "hosts" ...
- day 10 面向对象(=)
1.魔法对象 __str _(self) 使用print(对象)输出的时候,自动调用该方法 return语句 返回一个值 class 类名: del _str ...
- vue调起微信JSDK 扫一扫,相册等需要注意的事项
在VUE里面需要注意的第一个问题就是路由得设置成 2:第二个就是 跳转路由的时候 不要用this.$router.push 或者this.$router.replace 前者在ios 和安卓端都调不 ...
- java+opencv人脸识别程序2.0
由于第一次写的太粗糙了,所以又修改了一下,详细的更改如下: @ 目录 更改 窗口问题 识别问题 相似度对比 仍然存在的问题 人脸信息显示 图片质量 更改 优化了一下界面风格 窗口问题 原来是在主界面外 ...
- eclipse及idea使用问题记录(为了方便github同步,重新用Markdown写了一篇)
使用eclipse或idea的时候会遇到各式各样的小问题,解决方案其实网上也大都搜得到,但是下次遇到的时候总是想不起来如何解决,还要花费时间再次查资料.所以以后把遇到的问题都记录一下. @ 目录 Ec ...
- CSP-J2019 NOIP普及组初赛真题(选择题部分)
NOIP初赛考试提纲 时间:10月的第2/3个星期六下午14:30~16:30 分数及形式:满分100分,形式为笔试(今年可能上机) 1.单项选择题,共15题,每题2分,共30分 2.阅读程序题,共3 ...
- Reinforcement Learning Using a Continuous Time Actor-Critic Framework with Spiking Neurons
郑重声明:原文参见标题,如有侵权,请联系作者,将会撤销发布! Abstract 动物会重复奖励的行为,但基于奖励的学习的生理基础仅得到了部分阐明.一方面,实验证据表明神经调节剂多巴胺携带有关奖励的信息 ...