Centos7-JumpServer-v2.1.0部署
安装环境准备
curl -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
timedatectl set-timezone "Asia/Shanghai"
yum -y install chrony
vim /etc/chrony.conf
server ntp.aliyun.com iburst
systemctl enable chronyd && systemctl restart chronyd
chronyc sources
systemctl stop firewalld
systemctl disable firewalld
vim /etc/selinux/config
SELINUX=disabled
iptables -F
yum install -y bash-completion vim lrzsz wget expect net- tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
yum -y install git python-pip gcc automake autoconf python-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
部署mysql5.6
cd /opt
wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
mkdir mysql_rpm
mv MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar mysql_rpm/
cd mysql_rpm/
tar -xvf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
yum localinstall ./*
vim /etc/my.cnf
[mysqld_safe]
log-error=/var/log/mysql/mysql.log
pid-file=/var/run/mysql/mysql.pid
cat /root/.mysql_secret
systemctl enable mysql && systemctl start mysql
SET PASSWORD = PASSWORD('password');
update mysql.user set password=password('newpassword') where user='root';
flush privileges;
create database jumpserver default charset 'utf8' collate 'utf8_bin';
create user 'jumpserver'@'%' IDENTIFIED BY 'password';
flush privileges;
grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'password';
flush privileges;
部署python3.6.10
cd /opt
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz
tar -xvf Python-3.6.10.tgz
cd Python-3.6.10
./configure --prefix=/opt/python3-6-10/
make && make install
echo PATH="/opt/python3-6-10/bin:\$PATH" >> /etc/profile
source /etc/profile
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate
部署redis
yum install redis -y
systemctl enable redis && systemctl start redis
[root@jumpserver yum.repos.d]
127.0.0.1:6379> ping
PONG
127.0.0.1:6379>
部署jumeserver
cd /opt
wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz
tar -xvf jumpserver-v2.1.0.tar.gz
ln -s /opt/jumpserver-v2.1.0/ /opt/jumpserver
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
cd /opt/jumpserver/requirements
pip3 install wheel -i https://pypi.tuna.tsinghua.edu.cn/simple
pip3 install --upgrade pip setuptools -i https://pypi.tuna.tsinghua.edu.cn/simple
pip3 install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
cd /opt/jumpserver
cp config_example.yml config.yml
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
SECRET_KEY:
BOOTSTRAP_TOKEN:
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: "123456"
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
数据库迁移
python3 /opt/jumpserver/apps/manage.py makemigrations
python3 /opt/jumpserver/apps/manage.py migrate
启动jumpserver
cd /opt/jumpserver
./jms start -d
http://IP地址:8080
部署koko
cd /opt
wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz
tar -xvf koko-v2.1.0-linux-amd64.tar.gz
mv koko-v2.1.0-linux-amd64 koko
chown -R root:root koko
cd koko
cp config_example.yml config.yml
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN:
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:
./koko -d
部署Guacamole
cd /opt
tar -xvf guacamole-v2.1.0.tar.gz
mv docker-guacamole-2.1.0 guacamole
cd /opt/guacamole
tar -xf guacamole-server-1.2.0.tar.gz
tar -xf ssh-forward.tar.gz -C /bin/
chmod +x /bin/ssh-forward
cd /opt/guacamole/guacamole-server-1.2.0/
yum install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel -y
yum install freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp- devel -y
yum install epel-release -y
rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum install ffmpeg ffmpeg-devell -y
ffmpeg -version
cd /opt/guacamole/guacamole-server-1.2.0
./configure --with-init-dir=/etc/init.d
make && make install
yum install -y java-1.8.0-openjdk
mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive
chown daemon:daemon /config/guacamole/record /config/guacamole/drive
cd /opt
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.83/bin/apache-tomcat-9.0.83.tar.gz
tar -xvf apache-tomcat-9.0.83.tar.gz
mv apache-tomcat-9.0.83 tomcat9
rm -rf /opt/tomcat9/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /opt/tomcat9/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /opt/tomcat9/conf/logging.properties
ln -sf /opt/guacamole/guacamole-1.0.0.war /opt/tomcat9/webapps/ROOT.war
ln -sf /opt/guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
ln -sf /opt/guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
export BOOTSTRAP_TOKEN=
echo "export BOOTSTRAP_TOKEN=" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
/etc/init.d/guacd start
sh /opt/tomcat9/bin/startup.sh
部署Lina组件
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz
tar -xvf lina-v2.1.0.tar.gz
mv lina-v2.1.0 lina
部署luna
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.1.1/luna-v2.1.1.tar.gz
tar -xvf luna-v2.1.1.tar.gz
mv /opt/luna-v2.1.1 /opt/luna
chown -R root.root /opt/luna
部署nginx
yum install nginx -y
chown -R nginx:nginx /opt/lina
vim /etc/nginx/nginx.conf
vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m;
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
nginx -t
systemctl start nginx
nginx -s reload
http://IP地址:80
默认账号密码:admin