centos7在线yum安装jumpsever2.2.2
#查看主机名
host=$(hostname)
# 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
#关闭防火墙
systemctl stop firewalld
systemctl status firewalld
systemctl disable firewalld
#关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
#优化文件描述符
at >>/etc/security/limits.conf<<-EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF ulimit -v unlimited
sleep 1 cat >>/etc/sysctl.conf<<-EOF
fs.file-max=65535
EOF /sbin/sysctl -p
sleep 1 . /etc/profile
/sbin/ldconfig
#设置主机名
sed -i "s/localhost4.localdomain4/localhost4.localdomain4 $host/g" /etc/hosts
sed -i "s/localhost6.localdomain6/localhost6.localdomain6 $host/g" /etc/hosts
#优化系统
echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf
echo 'vm.swappiness = 0' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog = 65536' >> /etc/sysctl.conf
echo 'net.core.netdev_max_backlog = 32768' >> /etc/sysctl.conf
echo 'net.core.somaxconn = 32768' >> /etc/sysctl.conf
echo 'net.core.wmem_default = 8388608' >> /etc/sysctl.conf
echo 'net.core.rmem_default = 8388608' >> /etc/sysctl.conf
echo 'net.core.rmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_timestamps = 0' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_tw_buckets = 6000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_mem = 94500000 915000000 927000000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_orphans = 3276800' >> /etc/sysctl.conf
echo 'net.ipv4.ip_local_port_range = 1024 65535' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_fin_timeout = 30' >> /etc/sysctl.conf
/sbin/sysctl -p
#yum源地址为aliyun
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
yum install lrzsz vim* git screen wget
yum -y update
yum -y install epel-release
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
yum clean all
yum makecache
#安装python
yum -y install python36 python36-devel
#安装redis
yum -y install redis jemalloc
systemctl enable redis
systemctl start redis
#安装mariadb
yum -y install mariadb-server mariadb-devel mariadb
systemctl enable mariadb
systemctl start mariadb
mysqladmin -u root password ‘你的免密’
cat > /tmp/mysql_sec_script<<EOF
drop database test;
use mysql;
create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
flush privileges;
EOF
mysql -u root -p你的密码 -h 127.0.0.1 < /tmp/mysql_sec_script
#创建 Python 虚拟环境
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate #部分系统可能会提示 source: not found, 可以使用 . 代替 source
. /opt/py3/bin/activate
#获取 JumpServer 代码
tar zvxf jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2 /opt/jumpserver
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
#pip插件
pip install wheel
pip install --upgrade pip setuptools
pip install -r requirements.txt
#生成随机SECRET_KEY SECRET_KEY=下面命令的key
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50
echo "source /opt/py3/bin/activate" >> ~/.bashrc
#运行 Jumpserver 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all # 后台运行使用 -d 参数./jms start all -d
cd /opt/jumpserver
./jms start
#正常部署 KoKo 组件
tar zvxf koko-v2.2.2-linux-amd64.tar.gz
mv koko-v2.2.2-linux-amd64 /opt/jumpserver/koko
cd /opt/jumpserver/koko
chown -R root:root koko
cd koko
mv kubectl /usr/local/bin/
##正常部署kubectl
tar zvxf kubectl.tar.gz
chmod 755 kubectl
mv kubectl /usr/local/bin/rawkubectl
cd /opt/koko
#生成随机BOOTSTRAP_TOKEN BOOTSTRAP_TOKEN=下面命令的key
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
#启动koko start|stop| 后台运行请执行./koko -d 参数 停止执行./koko -s stop
./koko start
#安装jdk
yum install -y java-1.8.0-openjdk
#安装el
yum -y localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
#安装guacamole
yum -y install libtelnet libtelnet-devel libwebsockets libwebsockets-devel cairo cairo-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel uuid uuid-devel freerdp freerdp-devel pango pango-devel libtool ffmpeg ffmpeg-devel libssh2-devel libvncserver libvncserver-devel pulseaudio pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
mkdir /opt/docker-guacamole
tar zvxf docker-guacamole-v2.2.2.tar.gz -C /opt/docker-guacamole --strip-components 1
tar zvxf guacamole-server-1.2.0.tar.gz
tar zvxf ssh-forward.tar.gz -C /bin/
\cp $cur_dir/guacamole-server-1.2.0 /opt/docker-guacamole/guacamole-server-1.2.0
chmod +x /bin/ssh-forward cd /opt/docker-guacamole/guacamole-server-1.2.0
./configure --with-init-dir=/etc/init.d
make
make install mkdir -p /config/guacamole /config/guacamole/keys /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive /config/guacamole/lib /config/guacamole/data/log
chown daemon:daemon /config/guacamole/record /config/guacamole/drive
cd /config
#安装tomcat
tar zxvf apache-tomcat-8.5.57.tar.gz
mv apache-tomcat-8.5.57 /config/jumpserver
rm -rf /config/jumpserver/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/jumpserver/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/jumpserver/conf/logging.properties tar zxvf guacamole-client-v2.2.2.tar.gz
cp guacamole-client-v2.2.2/guacamole-*.war /config/jumpserver/webapps/ROOT.war
cp guacamole-client-v2.2.2/guacamole-*.jar /config/guacamole/extensions/
mv /opt/docker-guacamole/guacamole.properties /config/guacamole/
rm -rf /opt/docker-guacamole
#设置 Guacamole 环境
#JUMPSERVER_SERVER 指 core 访问地址
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc #JUMPSERVER_KEY_DIR 认证成功后 key 存放目录
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc #GUACAMOLE_HOME 为 guacamole.properties 配置文件所在目录
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc #GUACAMOLE_LOG_LEVEL 为生成日志的等级
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc #JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc #BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
#启动 Guacamole
/etc/init.d/guacd start
/bin/bash /config/jumpserver/bin/startup.sh
#正常部署Lina
tar zvxf lina-v2.2.2.tar.gz
mv lina-v2.2.2 /opt/lina tar -xf luna-v2.2.2.tar.gz
mv luna-v2.2.2 luna
vim nginx.conf [nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true cp nginx.repo /etc/yum.repos.d/nginx.repo
#安装nginx
yum install nginx
配置 Nginx 整合各组件
echo > /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
} location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
} location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
} location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
} location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
} location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
} location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
systemctl enable nginx
systemctl start nginx
chown -R nginx:nginx /opt/lina
chown -R nginx:nginx /opt/luna
#nginx: [error] invalid PID number in nginx.pid 的解决办法
nginx -c /etc/nginx/nginx.conf
nginx -s reload
centos7在线yum安装jumpsever2.2.2的更多相关文章
- centos7在线yum安装mysql时官方镜像下载过慢的解决方案
帮客户调试数据库,搭建一测试环境,centos7最小化安装后,在线安装mysql. 步骤: 1. wget -i http://dev.mysql.com/get/mysql57-community- ...
- centos7+ 在线yum安装docker-ce
yum install -y yum-utils //扩展yum功能 yum-config-manager --add-repo http://mirrors.aliyun.com/docker- ...
- 阿里云Centos7使用yum安装MySQL5.6的正确姿势
阿里云Centos7使用yum安装MySQL5.6 阿里云Centos7使用yum安装MySQL5.6 前言:由于某些不可抗力,我要在自己的阿里云服务器上搭建hadoop+hive+mysql+tom ...
- centos7通过yum安装nginx
centos7通过yum安装nginx nginx不支持centos7通过yum直接安装~~~ 1.查看操作系统位数[root@-jenkins ~]# rpm -aq|grep centos-rel ...
- <亲测>centos7通过yum安装JDK1.8(实际上是openjdk)
centos7通过yum安装JDK1.8 安装之前先检查一下系统有没有自带open-jdk 命令: rpm -qa |grep java rpm -qa |grep jdk rpm -qa |gr ...
- centos7.0 yum 安装php服务器
https://blog.csdn.net/jiaoshenmo/article/details/50923900 首先收一下:centos7.0用yum直接安装apache.php他们的默认版本是a ...
- CentOS7使用yum安装LNMP环境以后无法打开php页面
CentOS7使用yum安装LNMP环境以后无法打开php页面 页面提示为File not found 查看nginx错误日志/var/log/nginx/error.log提示如下 原因分析 ngi ...
- CentOS7通过 yum安装路径查询方法
CentOS7通过 yum安装路径查询方法 rpm -qa 然后执行 rpm -ql 软件名称 就可以显示软件的安装路径. 原文博客的链接地址:https://cnblogs.com/qzf/
- centos7 下 yum 安装Nginx
centos7 下 yum 安装和配置 Nginx 添加yum源 Nginx不在默认的yum源中,可以使用epel或者官网的yum源,这里使用官网的yum源 rpm -ivh http://nginx ...
随机推荐
- C#LeetCode刷题-蓄水池抽样
蓄水池抽样篇 # 题名 刷题 通过率 难度 382 链表随机节点 47.0% 中等 398 随机数索引 41.6% 中等
- C#LeetCode刷题之#496-下一个更大元素 I(Next Greater Element I)
问题 该文章的最新版本已迁移至个人博客[比特飞],单击链接 https://www.byteflying.com/archives/4026 访问. 给定两个没有重复元素的数组 nums1 和 num ...
- C#算法设计排序篇之03-直接插入排序(附带动画演示程序)
直接插入排序(Straight Insertion Sort) 该文章的最新版本已迁移至个人博客[比特飞],单击链接 https://www.byteflying.com/archives/679 访 ...
- 利用C#实现OPC-UA服务端
前言 最近接手了一个项目,做一个 OPC-UA 服务端?刚听到这个消息我是一脸懵,发自灵魂的三问“OPC-UA是什么?”.“要怎么做?”.“有什么用?”.我之前都是做互联网相关的东西,这种物联网的还真 ...
- github Repository not found 解决办法
git pull的时候遇到下面的报错. remote: Repository not found fatal: repository 'https://github.com/MyRepo/projec ...
- Vue源码分析之数据驱动
响应式特点 数据响应式 修改数据时,视图自动更新,避免繁琐Dom操作,提高开发效率 双向绑定 数据改变,视图随之改变.视图改变,数据随之改变 数据驱动 开发时仅需要关注数据本身,不需要关心数据如何渲染 ...
- maatwebsite lost precision when export long integer data
Maatwebsite would lost precision when export long integer data, no matter string or int storaged in ...
- map[string]interface{} demo
package main import ( "encoding/json" "fmt" "reflect" ) func demo1() { ...
- ovs 删除流表 指定 actions 中字段
例: ovs-ofctl del-flows br-int in_port=100,out_group=100 -O openflow13 ovs-ofctl del-flows br-int in_ ...
- SQL语句组合查询 UNION
1.使用UNION UNION 可以涉及编写多条SELECT语句,首先看看单条语句 第一条SELECT语句把Illinois,Indiana,Michigan等州的缩写传递给IN子句,检索出这些州的所 ...