Centos7部署Jumpserver
关闭防火墙和SELinux
Centos7系统
#jumpserver是国人用Python开发的,所以要设置中文
[xiaobai@jumpserver] localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[xiaobai@jumpserver] export LC_ALL=zh_CN.UTF-8
[xiaobai@jumpserver] echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
#安装依赖包
[xiaobai@jumpserver] yum -y install wget vim lrzsz xz gcc git epel-release python-pip python-devel mysql-devel automake autoconf sqlite-devel zlib-devel openssl-devel sshpass readline-devel
#更换阿里源安装Python
[xiaobai@jumpserver] wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[xiaobai@jumpserver] yum -y install python36 python36-devel
#建立Python虚拟环境
[xiaobai@jumpserver] cd /opt
[xiaobai@jumpserver opt] python3.6 -m venv py3
[xiaobai@jumpserver opt] source /opt/py3/bin/activate
#以后运行 Jumpserver 都要先运行以上 source 命令
#下载git命令拉取项目,安装依赖
(py3)[xiaobai@jumpserver opt] git clone --depth=1 https://github.com/jumpserver/jumpserver.git
(py3)[xiaobai@jumpserver opt] cd jumpserver/requirements/
(py3)[xiaobai@jumpserver requirements] yum -y install $(cat rpm_requirements.txt)
#安装Python库
(py3)[xiaobai@jumpserver requirements] pip install --upgrade pip setuptools
(py3)[xiaobai@jumpserver requirements] pip install -r requirements.txt
#如果感觉网速慢就换下面的命令,使用阿里源
(py3)[xiaobai@jumpserver requirements] pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
(py3)[xiaobai@jumpserver requirements] pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
安装完成后界面
#安装Redis,用来做Jumpserver的缓存
(py3)[xiaobai@jumpserver requirements] cd
(py3)[xiaobai@jumpserver] yum -y install redis
(py3)[xiaobai@jumpserver] systemctl enable redis
(py3)[xiaobai@jumpserver] systemctl start redis
#安装Mysql,并且配置jumpserver的数据库
(py3)[xiaobai@jumpserver] yum -y install mariadb mariadb-devel mariadb-server
(py3)[xiaobai@jumpserver] systemctl enable mariadb
(py3)[xiaobai@jumpserver] systemctl start mariadb
(py3)[xiaobai@jumpserver] mysql -uroot
MariaDB[(none)]> create database jumpserver default charset 'utf8';
MariaDB[(none)]> grant all on jumpserver.* to 'jumpserveradm'@'127.0.0.1' identified by 'XiaoBai@123!';
MariaDB[(none)]> flush privileges;
MariaDB[(none)]> \q
#修改Jumpserver的配置文件
(py3)[xiaobai@jumpserver] cd /opt/jumpserver/
(py3)[xiaobai@jumpserver jumpserver] cp config_example.yml config.yml
#生成一个随机的key
(py3)[xiaobai@jumpserver jumpserver] SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3)[xiaobai@jumpserver jumpserver] echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3)[xiaobai@jumpserver jumpserver] BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3)[xiaobai@jumpserver jumpserver] echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3)[xiaobai@jumpserver jumpserver] sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3)[xiaobai@jumpserver jumpserver] sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3)[xiaobai@jumpserver jumpserver] sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3)[xiaobai@jumpserver jumpserver] sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3)[xiaobai@jumpserver jumpserver] sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3)[xiaobai@jumpserver jumpserver] vim config.yml
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserveradm
DB_PASSWORD: XiaoBai@123!
DB_NAME: jumpserver
#启动jumpserver,-d为后台运行
(py3)[xiaobai@jumpserver jumpserver] ./jms start -d
gunicorn is running: 45857
flower is running: 45868
daphne is running: 45872
celery_ansible is running: 45873
celery_default is running: 45875
celery_node_tree is running: 45879
check_asset_perm_expired is running: 45883
beat is running: 45892
#Centos可以配置systemctl启动
(py3)[xiaobai@jumpserver jumpserver] wget -O /usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service
(py3)[xiaobai@jumpserver jumpserver] chmod 755 /usr/lib/systemd/system/jms.service
(py3)[xiaobai@jumpserver jumpserver] systemctl enable jms
部署Koko
(py3)[xiaobai@jumpserver jumpserver] cd /opt
(py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/koko/releases/download/v2.4.0/koko-v2.4.0-linux-amd64.tar.gz
(py3)[xiaobai@jumpserver opt] tar xzvf koko-v2.4.0-linux-amd64.tar.gz
(py3)[xiaobai@jumpserver opt] mv koko-v2.4.0-linux-amd64 koko
(py3)[xiaobai@jumpserver opt] rm -rf koko-v2.4.0-linux-amd64.tar.gz
(py3)[xiaobai@jumpserver opt] chown -R root:root koko
(py3)[xiaobai@jumpserver opt] cd koko/
(py3)[xiaobai@jumpserver koko] mv kubectl /usr/local/bin/
(py3)[xiaobai@jumpserver koko] wget https://download.jumpserver.org/public/kubectl.tar.gz
(py3)[xiaobai@jumpserver koko] tar xzvf kubectl.tar.gz
(py3)[xiaobai@jumpserver koko] rm -rf kubectl.tar.gz
(py3)[xiaobai@jumpserver koko] chmod 755 kubectl
(py3)[xiaobai@jumpserver koko] mv kubectl /usr/local/bin/rawkubectl
(py3)[xiaobai@jumpserver koko] cp config_example.yml config.yml
(py3)[xiaobai@jumpserver koko] vim config.yml
#BOOTSTRAP_TOKEN要和/opt/jumpserver/config.yml里的BOOTSTRAP_TOKEN保证一致
BOOTSTRAP_TOKEN: wttyDYSu2yiNbvv6
#启动koko,-d为后台运行
(py3)[xiaobai@jumpserver koko] ./koko
部署Guacamole
(py3)[xiaobai@jumpserver koko] cd /opt
(py3)[xiaobai@jumpserver opt] mkdir /opt/docker-guacamole
(py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/docker-guacamole/archive/master.tar.gz
(py3)[xiaobai@jumpserver opt] tar xzvf master.tar.gz -C /opt/docker-guacamole --strip-components 1
(py3)[xiaobai@jumpserver opt] rm -rf master.tar.gz
(py3)[xiaobai@jumpserver opt] cd docker-guacamole/
(py3)[xiaobai@jumpserver docker-guacamole] wget http://download.jumpserver.org/public/guacamole-server-1.2.0.tar.gz
(py3)[xiaobai@jumpserver docker-guacamole] tar xzvf guacamole-server-1.2.0.tar.gz
(py3)[xiaobai@jumpserver docker-guacamole] wget http://download.jumpserver.org/public/ssh-forward.tar.gz
(py3)[xiaobai@jumpserver docker-guacamole] tar xzvf ssh-forward.tar.gz -C /bin/
(py3)[xiaobai@jumpserver docker-guacamole] chmod +x /bin/ssh-forward
(py3)[xiaobai@jumpserver docker-guacamole] cd /opt/docker-guacamole/guacamole-server-1.2.0
#下载依赖
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] yum install uuid uuid-devel
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] yum install cairo-devel
#cairo要单独多下几次就能成功,uuid要去官网下载安装包,我这里下载的zlib-1.2.10.tar.gz
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] tar xzvf zlib-1.2.10.tar.gz
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] cd zlib-1.2.10/
(py3)[xiaobai@jumpserver zlib-1.2.10] ./configure
(py3)[xiaobai@jumpserver zlib-1.2.10] make && make install
(py3)[xiaobai@jumpserver zlib-1.2.10] cd ..
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] yum install uuid uuid-devel
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] ./configure --with-init-dir=/etc/init.d
编译成功
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] make && make install
(py3)[xiaobai@jumpserver guacamole-server-1.2.0] cd
(py3)[xiaobai@jumpserver] mkdir -p /opt/java
(py3)[xiaobai@jumpserver] tar xzvf ~/jdk-8u111-linux-x64.tar.gz -C /opt/java/
(py3)[xiaobai@jumpserver] vim ~/.bash_profile
export JAVA_HOME=/opt/java/jdk1.8.0_111
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
export PATH=$PATH:$JAVA_HOME/bin
(py3)[xiaobai@jumpserver] source ~/.bash_profile
(py3)[xiaobai@jumpserver] mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive
(py3)[xiaobai@jumpserver] chown daemon:daemon /config/guacamole/record /config/guacamole/drive
(py3)[xiaobai@jumpserver] cd /config
(py3)[xiaobai@jumpserver config] wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.39/bin/apache-tomcat-9.0.39.tar.gz
#下载到本地的速度会快很多
(py3)[xiaobai@jumpserver config] tar xzvf apache-tomcat-9.0.39.tar.gz
(py3)[xiaobai@jumpserver config] mv apache-tomcat-9.0.39 tomcat9
(py3)[xiaobai@jumpserver config] rm -rf /config/tomcat9/webapps/*
(py3)[xiaobai@jumpserver config] rm -rf apache-tomcat-9.0.39.tar.gz
(py3)[xiaobai@jumpserver config] sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml
(py3)[xiaobai@jumpserver config] echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties
(py3)[xiaobai@jumpserver config] wget http://download.jumpserver.org/release/v2.4.0/guacamole-client-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver config] tar xzvf guacamole-client-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver config] rm -rf guacamole-client-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver config] cp guacamole-client-v2.4.0/guacamole-1.2.0.war /config/tomcat9/webapps/ROOT.war
(py3)[xiaobai@jumpserver config] cp guacamole-client-v2.4.0/guacamole-auth-jumpserver-1.2.0.jar /config/guacamole/extensions/
(py3)[xiaobai@jumpserver config] mv /opt/docker-guacamole/guacamole.properties /config/guacamole/
(py3)[xiaobai@jumpserver config] rm -rf /opt/docker-guacamole
#配置Guacamole环境
(py3)[xiaobai@jumpserver config] export JUMPSERVER_SERVER=http://127.0.0.1:8080
(py3)[xiaobai@jumpserver config] echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
(py3)[xiaobai@jumpserver config] echo $BOOTSTRAP_TOKEN
wttyDYSu2yiNbvv6
(py3)[xiaobai@jumpserver config] export BOOTSTRAP_TOKEN=wttyDYSu2yiNbvv6
(py3)[xiaobai@jumpserver config] echo "export BOOTSTRAP_TOKEN=wttyDYSu2yiNbvv6" >> ~/.bashrc
(py3)[xiaobai@jumpserver config] export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys
(py3)[xiaobai@jumpserver config] echo "export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys" >> ~/.bashrc
(py3)[xiaobai@jumpserver config] export GUACAMOLE_HOME=/config/guacamole
(py3)[xiaobai@jumpserver config] echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
(py3)[xiaobai@jumpserver config] export GUACAMOLE_LOG_LEVEL=ERROR
(py3)[xiaobai@jumpserver config] echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
(py3)[xiaobai@jumpserver config] export JUMPSERVER_ENABLE_DRIVE=true
(py3)[xiaobai@jumpserver config] echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
(py3)[xiaobai@jumpserver config] /etc/init.d/guacd start
Starting guacd: guacd[55270]: INFO: Guacamole proxy daemon (guacd) version 1.2.0 started
SUCCESS
(py3)[xiaobai@jumpserver config] sh /config/tomcat9/bin/startup.sh
Using CATALINA_BASE: /config/tomcat9
Using CATALINA_HOME: /config/tomcat9
Using CATALINA_TMPDIR: /config/tomcat9/temp
Using JRE_HOME: /opt/java/jdk1.8.0_111
Using CLASSPATH: /config/tomcat9/bin/bootstrap.jar:/config/tomcat9/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Tomcat started.
部署Lina
(py3)[xiaobai@jumpserver config] cd /opt
(py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/lina/releases/download/v2.4.0/lina-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver opt] tar xzvf lina-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver opt] mv lina-v2.4.0 lina
(py3)[xiaobai@jumpserver opt] yum -y install nginx #提前将nginx下载下来
(py3)[xiaobai@jumpserver opt] chown -R nginx:nginx lina
(py3)[xiaobai@jumpserver opt] rm -rf lina-v2.4.0.tar.gz
部署Luna
(py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/luna/releases/download/v2.4.0/luna-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver opt] tar xzvf luna-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver opt] mv luna-v2.4.0 luna
(py3)[xiaobai@jumpserver opt] chown -R nginx:nginx luna
(py3)[xiaobai@jumpserver opt] rm -rf luna-v2.4.0.tar.gz
(py3)[xiaobai@jumpserver opt] ll
total 8
drwxr-xr-x. 3 root root 26 Oct 21 15:58 java
drwxr-xr-x. 11 root root 4096 Oct 21 13:31 jumpserver
drwxr-xr-x. 6 root root 142 Oct 21 13:49 koko
drwxr-xr-x. 3 nginx nginx 57 Oct 15 16:08 lina
drwxr-xr-x. 5 nginx nginx 4096 Oct 15 16:08 luna
drwxr-xr-x. 7 root root 133 Oct 21 12:58 py3
部署Nginx
(py3)[xiaobai@jumpserver opt] vim /etc/nginx/default.d/jumpserver.conf
client_max_body_size 500M; #录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; #luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; #录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; #静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
(py3)[xiaobai@jumpserver opt] nginx -t
(py3)[xiaobai@jumpserver opt] systemctl start nginx
#如果已经启动了不想重启执行下面命令
(py3)[xiaobai@jumpserver opt] nginx -s reload
==访问ip+80端口就可以看到
初始用户密码都为admin,第一次登录会让你修改密码