环境介绍
系统:Centos6.8
IP:192.168.66.131
关闭selinux和防火墙
修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 export LC_ALL=zh_CN.UTF-8 echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n
准备 Python3 和 Python 虚拟环境
安装依赖包
yum -y install wget gcc epel-release git zlib* openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++ openssl-devel numactl
安装 Python3.6
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tgz tar zxvf Python-3.6.1.tgz cd Python-3.6.1 #ModuleNotFoundError: No module named '_ssl' 模块问题,将下面文件 209~212 取消注释 vim Modules/Setup.dist 209 SSL=/usr/local/ssl 210 _ssl _ssl.c \ 211 -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ 212 -L$(SSL)/lib -lssl -lcrypto ./configure make && make install
替换原本系统自带的 Python 2.6
#查看当前版本 python -V #将默认版本更名为旧版本 mv /usr/bin/python /usr/bin/python2.6.6 #创建新的软链接 ln -s /usr/local/bin/python3.6 /usr/bin/python #此时在查看python的版本 python -V #升级python后yum会无法使用,直接用sed替换,注意旧的版本号 sed -i '1s/python/python2.6.6/' /usr/bin/yum
建立 Python 虚拟环境
cd /usr/local python3.6 -m venv py3 source /usr/local/py3/bin/activate
安装 Jumpserver
下载Jumpserver项目
cd /usr/local/ git clone https://github.com/jumpserver/jumpserver.git mkdir /opt/jumpserver echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
安装依赖 RPM 包
cd /usr/local/jumpserver/requirements yum -y install $(cat rpm_requirements.txt)
安装 Python 库依赖
pip install --upgrade pip setuptools pip install -r requirements.txt
安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
yum -y install redis chkconfig redis on service redis start
安装 MySQL 5.7
centos6自带的mysql5.1不支持,请安装高版本的mysql或在其他服务器上创建jumpserver数据库连接
rpm -ivh http://repo.mysql.com/mysql-community-release-el6.rpm #修改/etc/yum.repos.d/mysql-community.repo文件,将5.5的enabled改为1;5.6的enabled改为0 # Enable to use MySQL 5.5 [mysql55-community] name=MySQL 5.5 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/ enabled=0 gpgcheck=1 gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql # Enable to use MySQL 5.6 [mysql56-community] name=MySQL 5.6 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/ enabled=1 gpgcheck=1 gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql yum -y install mysql-community-client mysql-community-devel mysql-community-server
创建数据库 Jumpserver 并授权
create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456' flush privileges; quit
修改 Jumpserver 配置文件
cd /usr/local/jumpserver cp -a config_example.yml config.yml #生成SECRET_KEY值 cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo #生成BOOTSTRAP_TOKEN值 cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 vim config.yml SECRET_KEY: YUQQIWfS7wLLkaAXpM0LLtGn2ItHL0xN6nJpIN805skTwiPDd BOOTSTRAP_TOKEN: NdLLJWUz7ZCQvyzA # 使用Mysql作为数据 DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: '!!0x50J!!' DB_NAME: jumpserver # 运行时绑定端口 HTTP_BIND_HOST: 0.0.0.0 HTTP_LISTEN_PORT: 8080 # Redis配置 REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379gg
生成数据库表结构和初始化数据
cd /usr/local/jumpserver/utils sh make_migrations.sh
运行 Jumpserver
cd /usr/local/jumpserver ./jms start all -d
新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数
安装 SSH Server 和 WebSocket Server: Coco
下载 coco 项目
cd /usr/local source /usr/local/py3/bin/activate git clone https://github.com/jumpserver/coco.git echo "source /opt/py3/bin/activate" > /opt/coco/.env
安装依赖
cd /usr/local/coco/requirements yum -y install $(cat rpm_requirements.txt) pip install -r requirements.txt
修改配置文件并运行
cd /usr/local/coco mkdir keys logs cp -a config_example.yml config.yml vim config.yml BOOTSTRAP_TOKEN: NdLLJWUz7ZCQvyzA ./cocod start -d
新版本更新了运行脚本,使用方式./cocod start|stop|status|restart 后台运行请添加 -d 参数
启动成功后去Jumpserver 会话管理-终端管理(http://192.168.0.1:8080/terminal/terminal/)接受coco的注册
安装 Web Terminal 前端: Luna
下载Luna并解压
cd /usr/local wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz tar zxvf luna.tar.gz chown -R root:root luna
配置 Nginx 整合各组件
安装 Nginx
yum -y install nginx
准备配置文件 编写/etc/nginx/conf.d/jumpserver.conf
server { listen 80; # 代理端口,以后将通过此端口进行访问,不再通过8080端口 server_name demo.jumpserver.org; # 修改成你的域名 client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改 } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器,请填写它的ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
运行 Nginx
service nginx start chkconfig nginx on
访问 Web 端
http://<localhost>
默认账号密码:admin