1.环境配置
[root@xmj ~]# getenforce
Permissive
[root@xmj ~]# systemctl stop firewalld 关闭防火墙
修改字符集,否则可能报in put/out put error的问题,因为日志里打印了中文
[root@localhost ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@localhost ~]# export LC_ALL=zh_CN.UTF-8
[root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
修改完字符集后,安装一些必须要的环境:
[root@localhost ~]# yum install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git -y
[root@xmj ~]# wget https://www.python.org/ftp/python/3.6.1/python-3.6.1.tar.xz
[root@xmj ~]# tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
这里必须执行编译安装,否则会在安装python依赖库时会有麻烦
![](https://img-blog.csdnimg.cn/img_convert/bcb4f16e529032f1913038d5e93e52bf.png)
[root@xmj Python-3.6.1]# cd /opt
[root@xmj opt]# python3 -m venv py3
[root@xmj opt]# source /opt/py3/bin/activate
(py3) [root@xmj opt]# git clone git://github.com/kennethreitz/autoenv.git
![](https://img-blog.csdnimg.cn/img_convert/4a6e70cf1758d531ae103c55a21b6e4a.png)
(py3) [root@xmj opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
(py3) [root@xmj ~]# source ./.bashrc
2.下载jumpserver安装包
(py3) [root@xmj opt]# git clone https://github.com/jumpserver/jumpserver.git
![](https://img-blog.csdnimg.cn/img_convert/88001bc78c91486dcd0a01e63b271fc5.png)
(py3) [root@xmj opt]# cd jumpserver
(py3) [root@xmj jumpserver]# git checkout master
![](https://img-blog.csdnimg.cn/img_convert/9fc1fb99793b9b213b767d227061c640.png)
3.安装所需要的 python modules
(py3) [root@xmj jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
(py3) [root@xmj jumpserver]# cd requirements/
![](https://img-blog.csdnimg.cn/img_convert/677761d125e984136a4202132051c3a7.png)
选择y
(py3) [root@xmj requirements]# yum install $(cat rpm_requirements.txt) -y
(py3) [root@xmj requirements]# pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
![](https://img-blog.csdnimg.cn/img_convert/3206953c386c05be99cf8c4e1cd5b10e.png)
(py3) [root@xmj requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
![](https://img-blog.csdnimg.cn/img_convert/44534af857e38b8e36b9e636f99d43c9.png)
4.安装redis
(py3) [root@xmj requirements]# yum install redis -y 安装
(py3) [root@xmj requirements]# systemctl enable redis 设为开机自启
(py3) [root@xmj requirements]# systemctl start redis
5.安装mysql服务
(py3) [root@xmj requirements]# yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@xmj requirements]# systemctl enable mariadb
(py3) [root@xmj requirements]# systemctl start mariadb
进入mariadb数据库
![](https://img-blog.csdnimg.cn/img_convert/063d725c12f1b156401566f7244d14eb.png)
MariaDB [(none)]> create database jumpserver default charset 'utf8'; 创建名为jumpserver 的数据库,默认使用utf8字符集
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd'; 给数据库授权
MariaDB [(none)]> flush privileges; 刷新下数据库
![](https://img-blog.csdnimg.cn/img_convert/f240718266700b487308f9be12f53a90.png)
6.配置jumpserver
(py3) [root@xmj requirements]# pwd 确认下路径
/opt/jumpserver/requirements
(py3) [root@xmj requirements]# cd .. 返回到上一级目录
(py3) [root@xmj jumpserver]# cp config_example.yml config.yml 复制一下配置文件
(py3) [root@xmj jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` 随机生成一个包含大a到大z,小a到小z的 0-9 的50位数
![](https://img-blog.csdnimg.cn/img_convert/b062749b1a65893009dee66640c168f1.png)
确认是否生成
(py3) [root@xmj jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc 写入到bash.rc里面
(py3) [root@xmj jumpserver]# cd 切换到家目录看看,确认内容是否追加
![](https://img-blog.csdnimg.cn/img_convert/f22c60794b3daa8eeb0ec8d357d61d2e.png)
(py3) [root@xmj ~]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 16`
(py3) [root@xmj ~]# echo $BOOTSTRAP_TOKEN
48hmOImYsCWRqqn0
(py3) [root@xmj ~]# echo "BOOTSTRAP_TOKEN= $BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@xmj ~]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"你的SECRET_KEY是 24AybD8hm1XtVMC1F1TnQTAY6088q8UmeETKvL6mumvt5FItuC
(py3) [root@xmj ~]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
你的BOOTSTRAP_TOKEN是 48hmOImYsCWRqqn0
(py3) [root@xmj ~]# cd /opt/jumpserver/
(py3) [root@xmj jumpserver]# vim config.yml 修改如下内容
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserveradmin
DB_PASSWORD: jumpserverpwd
DB_NAME: jumpserver
7.启动/关闭jumpserver
(py3) [root@xmj jumpserver]# pwd
/opt/jumpserver
(py3) [root@xmj jumpserver]# ./jms start 启动
(py3) [root@xmj jumpserver]# ./jms stop 停止
Stop service
gunicorn is stopped
celery_ansible is stopped
celery_default is stopped
beat is stopped
(py3) [root@xmj jumpserver]# ./jms start -d 放在后台启动
(四)、安装 docker 部署coco与guacamole
1、安装Docker
yum install -y yum-utils device-mapper-persistent-data lvm2
# 安装相关依赖
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 配置Docker源
yum makecache fast
# 重新生成缓存
rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
yum -y install docker-ce
# 安装Docker-ce
mkdir -p /etc/docker
wget -O /etc/docker/daemon.json http://demo.jumpserver.org/download/docker/daemon.json
# 下载相关文件
systemctl restart docker && systemctl enable docker
# 启动docker并设置开机自启
8.部署koko
(py3) [root@xmj ~]# Server_IP=192.168.6.189
(py3) [root@xmj ~]# BOOTSTRAP_TOKEN=48hmOImYsCWRqqn0
(py3) [root@xmj ~]# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP-TOKEN jumpserver/jms_koko:1.5.5
![](https://img-blog.csdnimg.cn/img_convert/ba18a3d7bf409d6b0131b0512bb6f07d.png)
(py3) [root@xmj ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jumpserver/jms_koko 1.5.5 17cf3f220213 9 months ago 41.4MB
手工部署koko(coco目前已经被koko取代)
9.部署guacamole
![](https://img-blog.csdnimg.cn/img_convert/2efebebf66e1fe9e4346397c4e2b191d.png)
(py3) [root@xmj ~]# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP-TOKEN jumpserver/jms_guacamole:1.5.5
![](https://img-blog.csdnimg.cn/img_convert/c920ba1bc6fd90093f7f843086b1c45c.png)
![](https://img-blog.csdnimg.cn/img_convert/78621ffb92f341cd7e00f036e337cd7e.png)
[root@xmj opt]# cd /opt
[root@xmj opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz
[root@xmj opt]# tar xvf luna.tar.gz
[root@xmj opt]# chown -R root:root luna
11.配置nginx下载nginx的源码包
[root@xmj ~]# tar xvf nginx-1.14.2.tar.gz 解压
[root@xmj ~]# cd nginx-1.14.2/
[root@xmj nginx-1.14.2]#./configure --prefix=/usr/local/nginx
[root@xmj nginx-1.14.2]# make && make install
[root@xmj nginx-1.14.2]# cd /usr/local/nginx/conf/
[root@xmj conf]# mkdir conf.d
[root@xmj conf]# cd conf.d/
[root@xmj conf.d]# vim jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
[root@xmj conf.d]# /usr/local/nginx/sbin/nginx -t 检测下nginx配置文件
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xmj conf.d]# pwd
/usr/local/nginx/conf/conf.d
[root@xmj conf.d]# cd ..
[root@xmj conf]# cp nginx.conf nginx.conf.bak
[root@xmj conf]# grep -Pv "^($| *#)" nginx.conf 去掉注释行
[root@xmj conf]# vim nginx.conf 以下内容是过滤好的,可直接清空nginx.conf后在粘贴进去
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;include /usr/local/nginx/conf/conf.d/*.conf;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@xmj conf]# /usr/local/nginx/sbin/nginx -t 再次检查
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xmj bin]# /usr/local/nginx/sbin/nginx 启动nginx
访问ip