一、安装mysql5.7
1.下载mysql5.7包
wget http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm
2.安装MySQL源
rpm -Uvh mysql57-community-release-el7-10.noarch.rpm
3.安装MySQL
yum install mysql-server mysql-client -y
4.配置mysql基础配置创建jumpserver库和账号
vim /etc/my.cnf
# 添加取消dns解析
skip-name-resolve
进入mysql数据库创建库及账号并授权
# 查看初始密码
cat /var/log/mysqld.log | grep "generated for root@localhost:" | awk '{print $NF}'
mysql -uroot -p<初始密码>
# 修改默认密码
# 因为MySQL的密码规则需要很复杂,我们一般自己设置的不会设置成这样,所以我们全局修改一下
mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=1;
#这时候我们就可以自己设置想要的密码了
ALTER USER 'root'@'localhost' IDENTIFIED BY 'yourpassword';
# 创建jumpserver库和账号
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jumpserver';
flush privileges;
二、安装redis、python3
yum install python3 python3-devel redis -y
systemctl enable redis
cd /opt
# 创建虚拟环境
python3.6 -m venv /opt/py3
# 激活虚拟环境
source /opt/py3/bin/activate
# 设置pip阿里源并升级pip
mkdir ~/.pip
cat >~/.pip/pip.conf <<EOF
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
EOF
pip install --upgrade pip
# 配置redis配置文件设置密码
/etc/redis.conf第480行
...
requirepass Ediapofe893safe
...
systemctl restart redis
三、安装docker
点击查看☞☞☞☞ 阿里云docker安装教程
yum install -y yum-utils device-mapper-persistent-data lvm2;
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo;
yum makecache fast;
yum -y install docker-ce;
service docker start
systemctl enable docker
# 将jumpserver得koko组件和Guacamole组件镜像pull下来
docker pull jumpserver/jms_guacamole:2.0.2
docker pull jumpserver/jms_koko:2.0.2
四、安装nginx
yum install yum-utils
# 设置nginx源
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
#安装nginx
yum install nginx -y
五、下载jumpserver和Lina、Luna组件
wget https://github.com/jumpserver/jumpserver/releases/download/v2.0.2/jumpserver-v2.0.2.tar.gz
wget -O /opt/lina-v2.0.2.tar.gz https://github.com/jumpserver/lina/releases/download/v2.0.2/lina-v2.0.2.tar.gz
wget -O /opt/luna-v2.0.2.tar.gzhttps://github.com/jumpserver/luna/releases/download/v2.0.2/luna-v2.0.2.tar.gz
六、开始部署jumpserver
# 解压压缩包
tar -xf jumpserver-v2.0.2.tar.gz
tar -xf luna-v2.0.2.tar.gz
tar -xf lina-v2.0.2.tar.gz
mv jumpserver-v2.0.2 jumpserver
mv lina-v2.0.2 lina
chown -R nginx:nginx lina
mv luna-v2.0.2 luna
chown -R nginx:nginx luna
# 安装jumpserver相关依赖包
yum install -y $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
pip install wheel && pip install -r /opt/jumpserver/requirements/requirements.txt
# 随机生成2段字符
# 给jumpserver配置文件的SECRET_KEY:
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo;echo
oaR4OWw1yjdlTJBb4mMWuHoRurV1cZ84pZzrKBUSpNw02uwB2
# 给jump server配置文件的BOOTSTRAP_TOKEN:
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24;echo;echo
OmSmja8dSIg5Sk9vM4WAAaGO
配置文件参考
# SECURITY WARNING: keep the secret key used in production secret!
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成
# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
SECRET_KEY: oaR4OWw1yjdlTJBb4mMWuHoRurV1cZ84pZzrKBUSpNw02uwB2
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
BOOTSTRAP_TOKEN: OmSmja8dSIg5Sk9vM4WAAaGO
# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
DEBUG: false
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志级别
LOG_LEVEL: ERROR
# LOG_DIR:
# Session expiration setting, Default 24 hour, Also set expired on on browser close
# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期
# SESSION_COOKIE_AGE: 86400
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: jumpserver
DB_NAME: jumpserver
# 运行时绑定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD: Ediapofe893safe # redis的密码
# REDIS_DB_CELERY: 3
# REDIS_DB_CACHE: 4
# Windows 登录跳过手动输入密码
WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True
启动jumpserver
cd /opt/jumpserver
./jms start -d
开启刚刚下载的两个jumpserver的docker组件
# 接口ens192名称根据实际输入
localip=$(ip add show ens192 | grep inet | grep -v inet6 | awk '{print $2}' | awk -F'/' '{print $1}')
BOOTSTRAP_TOKEN="OmSmja8dSIg5Sk9vM4WAAaGO"
docker run --name jms_koko -d \
-p 2222:2222 \
-p 127.0.0.1:5000:5000 \
-e CORE_HOST=http://${localip}:8080 \
-e BOOTSTRAP_TOKEN=${BOOTSTRAP_TOKEN} \
-e LOG_LEVEL=ERROR \
--restart=always \
jumpserver/jms_koko:2.0.2
docker run --name jms_guacamole -d \
-p 127.0.0.1:8081:8080 \
-e JUMPSERVER_SERVER=http://${localip}:8080 \
-e BOOTSTRAP_TOKEN=${BOOTSTRAP_TOKEN} \
-e GUACAMOLE_LOG_LEVEL=ERROR \
jumpserver/jms_guacamole:2.0.2
配置nginx
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
nginx -t
nginx -reload
最后关闭seliunx和防火墙
# 永久关闭selinux去修改配置文件即可,这里不做演示
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
1058
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
