Centos7-JumpServer-v2.1.0部署

安装环境准备

# 换源（阿里）
curl -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo   
yum clean all
yum makecache

# 修改时区并设置时间同步
timedatectl set-timezone "Asia/Shanghai"
yum -y install chrony
vim /etc/chrony.conf
# 所有server行删除，并添加如下时间服务器
server  ntp.aliyun.com  iburst
# 重启chrony服务
systemctl enable chronyd && systemctl restart chronyd
# 检查是否同步成功
chronyc sources

# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

# 关闭selinux
vim /etc/selinux/config
SELINUX=disabled

# 清空防火墙规则
iptables -F

# 安装系统初始化软件
yum install -y bash-completion vim lrzsz wget expect net- tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate  openldap-devel

# 安装jumpserver所需依赖环境
yum -y install git python-pip  gcc automake autoconf python-devel vim sshpass lrzsz readline-devel  zlib zlib-devel openssl openssl-devel

# 修改系统字符集
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8

# 写入配置文件，永久生效
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

部署mysql5.6

# 获取mysql5.6软件包
cd /opt
wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar

# 解压缩包
mkdir mysql_rpm
mv MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar mysql_rpm/
cd mysql_rpm/
tar -xvf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar

# yum批量安装
yum localinstall ./*

# 修改mysql配置文件(把mariadb改为mysql)
vim /etc/my.cnf
[mysqld_safe]
log-error=/var/log/mysql/mysql.log
pid-file=/var/run/mysql/mysql.pid

# 查看初始化密码
cat /root/.mysql_secret

# 启动mysql
systemctl enable mysql && systemctl start mysql

# 修改mysql密码
SET PASSWORD = PASSWORD('password'); # 第一次修改密码必须先执行这条语句
update mysql.user set password=password('newpassword') where user='root';
flush privileges;

# 创建jumpserver数据库，修改字符集
create database jumpserver default charset 'utf8' collate 'utf8_bin';

# 创建jumpserver用户
create user 'jumpserver'@'%' IDENTIFIED BY 'password';
flush privileges;

# 给jumpserver用户授权
grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'password';
flush privileges;

部署python3.6.10

# 下载源代码
cd /opt
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz

# 解压安装报
tar -xvf Python-3.6.10.tgz
cd Python-3.6.10

# 编译安装
./configure --prefix=/opt/python3-6-10/
make && make install

# 配置环境变量
echo PATH="/opt/python3-6-10/bin:\$PATH" >> /etc/profile
source /etc/profile

# 创建虚拟环境
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate

部署redis

yum install redis -y
systemctl enable redis && systemctl start redis

[root@jumpserver yum.repos.d]# redis-cli 
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> 

部署jumeserver

# 下载程序
cd /opt
wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz

# 解压
tar -xvf jumpserver-v2.1.0.tar.gz

# 创建链接文件
ln -s /opt/jumpserver-v2.1.0/ /opt/jumpserver

# 安装依赖关系
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate  openldap-devel

# 安装python模块（先激活虚拟环境）
cd /opt/jumpserver/requirements
pip3 install wheel -i https://pypi.tuna.tsinghua.edu.cn/simple
pip3 install --upgrade pip setuptools -i https://pypi.tuna.tsinghua.edu.cn/simple
pip3 install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple

# 修改jumeserver配置文件
cd /opt/jumpserver
cp config_example.yml config.yml

# 生成密钥
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

# 生成token密钥
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

# 修改写入config.yml
SECRET_KEY: # 通过命令生成的密钥
BOOTSTRAP_TOKEN: # 通过命令生成的token密钥
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: "123456" # 数据库jumpserver用户的密码
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379

数据库迁移

# 激活虚拟环境
python3 /opt/jumpserver/apps/manage.py makemigrations
python3 /opt/jumpserver/apps/manage.py migrate

启动jumpserver

cd /opt/jumpserver
./jms start -d

# 验证是否启动成功
http://IP地址:8080

部署koko

# 下载源代码
cd /opt
wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz

# 解压缩配置
tar -xvf koko-v2.1.0-linux-amd64.tar.gz
mv koko-v2.1.0-linux-amd64 koko
chown -R root:root koko
cd koko

# 修改配置文件
cp config_example.yml config.yml
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: # 通过命令生成的token密钥
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:

# 运行koko
./koko -d

部署Guacamole

# 下载源代码包（GitHub没有下载链接）


# 解压缩包
cd /opt
tar -xvf guacamole-v2.1.0.tar.gz
mv docker-guacamole-2.1.0 guacamole

# 继续解压缩
cd /opt/guacamole
tar -xf guacamole-server-1.2.0.tar.gz
tar -xf ssh-forward.tar.gz -C /bin/
chmod +x /bin/ssh-forward

# 编译安装
cd /opt/guacamole/guacamole-server-1.2.0/

# 安装编译所需安装环境
# 官网链接：https://guacamole.apache.org/doc/gug/installing-guacamole.html
yum install cairo-devel libjpeg-turbo-devel  libjpeg-devel libpng-devel libtool uuid-devel -y
yum install  freerdp-devel pango-devel  libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp- devel -y

# 安装FFmpeg工具
yum install epel-release -y
rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum install ffmpeg ffmpeg-devell -y

# 检查FFmpeg是否安装成功
ffmpeg -version

# 编译安装guacamole
cd /opt/guacamole/guacamole-server-1.2.0
./configure --with-init-dir=/etc/init.d
make && make install

# 部署java环境
yum install -y java-1.8.0-openjdk

# 创建guacamole所需文件夹
mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive 
chown daemon:daemon /config/guacamole/record /config/guacamole/drive

# 下载tomcat工具
cd /opt 
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.83/bin/apache-tomcat-9.0.83.tar.gz

# 部署guacamole和tomcat工具的结合
tar -xvf apache-tomcat-9.0.83.tar.gz
mv apache-tomcat-9.0.83 tomcat9
rm -rf /opt/tomcat9/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /opt/tomcat9/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /opt/tomcat9/conf/logging.properties
ln -sf /opt/guacamole/guacamole-1.0.0.war /opt/tomcat9/webapps/ROOT.war
ln -sf /opt/guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
ln -sf /opt/guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

# 设置Guacamole运行环境变量
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

export BOOTSTRAP_TOKEN= #通过命令生成的token密钥
echo "export BOOTSTRAP_TOKEN=" >> ~/.bashrc

export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc

export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc

export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

# 启动服务
/etc/init.d/guacd start
sh /opt/tomcat9/bin/startup.sh

部署Lina组件

# 获取代码
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz

# 解压缩
tar -xvf lina-v2.1.0.tar.gz
mv lina-v2.1.0 lina

部署luna

# 下载源代码
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.1.1/luna-v2.1.1.tar.gz

# 解压缩
tar -xvf luna-v2.1.1.tar.gz
mv /opt/luna-v2.1.1 /opt/luna
chown -R root.root /opt/luna

部署nginx

# 安装nginx
yum install nginx -y

# 修改Lina文件权限
chown -R nginx:nginx /opt/lina

# 修改nginxp配置文件
# 把原有的server{}删除
vim /etc/nginx/nginx.conf

# 写入新的配置
vim /etc/nginx/conf.d/jumpserver.conf

server {
  listen 80;
  client_max_body_size 100m; #录像文件上传大小限制
  location /ui/ {
    try_files $uri / /index.html;
    alias /opt/lina/;
  }
  location /luna/ {
    try_files $uri / /index.html;
    alias /opt/luna/; # luna路径
  }
  location /media/ {
    add_header Content-Encoding gzip;
    root /opt/jumpserver/data/; # 录像位置
  }
  location /static/ {
    root /opt/jumpserver/data/; # 静态资源
  }
  location /koko/ {
    proxy_pass       http://localhost:5000;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    access_log off;
  }
  location /guacamole/ {
    proxy_pass       http://localhost:8081/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    access_log off;
  }
  location /ws/ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8070;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  location /api/ {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
  }
  location /core/ {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location / {
    rewrite ^/(.*)$ /ui/$1 last;
  }
}

# 启动nginx服务
nginx -t
systemctl start nginx
nginx -s reload

http://IP地址:80
默认账号密码：admin