2. it技术
  3. Jumpserver跳板机本地部署(Centos7系统)

Jumpserver跳板机本地部署(Centos7系统)

it2024-05-10  45

Centos7部署Jumpserver

关闭防火墙和SELinux Centos7系统

#jumpserver是国人用Python开发的,所以要设置中文 [xiaobai@jumpserver] localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 [xiaobai@jumpserver] export LC_ALL=zh_CN.UTF-8 [xiaobai@jumpserver] echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf #安装依赖包 [xiaobai@jumpserver] yum -y install wget vim lrzsz xz gcc git epel-release python-pip python-devel mysql-devel automake autoconf sqlite-devel zlib-devel openssl-devel sshpass readline-devel #更换阿里源安装Python [xiaobai@jumpserver] wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [xiaobai@jumpserver] yum -y install python36 python36-devel #建立Python虚拟环境 [xiaobai@jumpserver] cd /opt [xiaobai@jumpserver opt] python3.6 -m venv py3 [xiaobai@jumpserver opt] source /opt/py3/bin/activate #以后运行 Jumpserver 都要先运行以上 source 命令 #下载git命令拉取项目,安装依赖 (py3)[xiaobai@jumpserver opt] git clone --depth=1 https://github.com/jumpserver/jumpserver.git (py3)[xiaobai@jumpserver opt] cd jumpserver/requirements/ (py3)[xiaobai@jumpserver requirements] yum -y install $(cat rpm_requirements.txt) #安装Python库 (py3)[xiaobai@jumpserver requirements] pip install --upgrade pip setuptools (py3)[xiaobai@jumpserver requirements] pip install -r requirements.txt #如果感觉网速慢就换下面的命令,使用阿里源 (py3)[xiaobai@jumpserver requirements] pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/ (py3)[xiaobai@jumpserver requirements] pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

安装完成后界面

#安装Redis,用来做Jumpserver的缓存 (py3)[xiaobai@jumpserver requirements] cd (py3)[xiaobai@jumpserver] yum -y install redis (py3)[xiaobai@jumpserver] systemctl enable redis (py3)[xiaobai@jumpserver] systemctl start redis #安装Mysql,并且配置jumpserver的数据库 (py3)[xiaobai@jumpserver] yum -y install mariadb mariadb-devel mariadb-server (py3)[xiaobai@jumpserver] systemctl enable mariadb (py3)[xiaobai@jumpserver] systemctl start mariadb (py3)[xiaobai@jumpserver] mysql -uroot MariaDB[(none)]> create database jumpserver default charset 'utf8'; MariaDB[(none)]> grant all on jumpserver.* to 'jumpserveradm'@'127.0.0.1' identified by 'XiaoBai@123!'; MariaDB[(none)]> flush privileges; MariaDB[(none)]> \q #修改Jumpserver的配置文件 (py3)[xiaobai@jumpserver] cd /opt/jumpserver/ (py3)[xiaobai@jumpserver jumpserver] cp config_example.yml config.yml #生成一个随机的key (py3)[xiaobai@jumpserver jumpserver] SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` (py3)[xiaobai@jumpserver jumpserver] echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc (py3)[xiaobai@jumpserver jumpserver] BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` (py3)[xiaobai@jumpserver jumpserver] echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc (py3)[xiaobai@jumpserver jumpserver] sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml (py3)[xiaobai@jumpserver jumpserver] sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml (py3)[xiaobai@jumpserver jumpserver] sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml (py3)[xiaobai@jumpserver jumpserver] sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml (py3)[xiaobai@jumpserver jumpserver] sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml (py3)[xiaobai@jumpserver jumpserver] vim config.yml DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserveradm DB_PASSWORD: XiaoBai@123! DB_NAME: jumpserver #启动jumpserver,-d为后台运行 (py3)[xiaobai@jumpserver jumpserver] ./jms start -d gunicorn is running: 45857 flower is running: 45868 daphne is running: 45872 celery_ansible is running: 45873 celery_default is running: 45875 celery_node_tree is running: 45879 check_asset_perm_expired is running: 45883 beat is running: 45892 #Centos可以配置systemctl启动 (py3)[xiaobai@jumpserver jumpserver] wget -O /usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service (py3)[xiaobai@jumpserver jumpserver] chmod 755 /usr/lib/systemd/system/jms.service (py3)[xiaobai@jumpserver jumpserver] systemctl enable jms

部署Koko

(py3)[xiaobai@jumpserver jumpserver] cd /opt (py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/koko/releases/download/v2.4.0/koko-v2.4.0-linux-amd64.tar.gz (py3)[xiaobai@jumpserver opt] tar xzvf koko-v2.4.0-linux-amd64.tar.gz (py3)[xiaobai@jumpserver opt] mv koko-v2.4.0-linux-amd64 koko (py3)[xiaobai@jumpserver opt] rm -rf koko-v2.4.0-linux-amd64.tar.gz (py3)[xiaobai@jumpserver opt] chown -R root:root koko (py3)[xiaobai@jumpserver opt] cd koko/ (py3)[xiaobai@jumpserver koko] mv kubectl /usr/local/bin/ (py3)[xiaobai@jumpserver koko] wget https://download.jumpserver.org/public/kubectl.tar.gz (py3)[xiaobai@jumpserver koko] tar xzvf kubectl.tar.gz (py3)[xiaobai@jumpserver koko] rm -rf kubectl.tar.gz (py3)[xiaobai@jumpserver koko] chmod 755 kubectl (py3)[xiaobai@jumpserver koko] mv kubectl /usr/local/bin/rawkubectl (py3)[xiaobai@jumpserver koko] cp config_example.yml config.yml (py3)[xiaobai@jumpserver koko] vim config.yml #BOOTSTRAP_TOKEN要和/opt/jumpserver/config.yml里的BOOTSTRAP_TOKEN保证一致 BOOTSTRAP_TOKEN: wttyDYSu2yiNbvv6 #启动koko,-d为后台运行 (py3)[xiaobai@jumpserver koko] ./koko

部署Guacamole

(py3)[xiaobai@jumpserver koko] cd /opt (py3)[xiaobai@jumpserver opt] mkdir /opt/docker-guacamole (py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/docker-guacamole/archive/master.tar.gz (py3)[xiaobai@jumpserver opt] tar xzvf master.tar.gz -C /opt/docker-guacamole --strip-components 1 (py3)[xiaobai@jumpserver opt] rm -rf master.tar.gz (py3)[xiaobai@jumpserver opt] cd docker-guacamole/ (py3)[xiaobai@jumpserver docker-guacamole] wget http://download.jumpserver.org/public/guacamole-server-1.2.0.tar.gz (py3)[xiaobai@jumpserver docker-guacamole] tar xzvf guacamole-server-1.2.0.tar.gz (py3)[xiaobai@jumpserver docker-guacamole] wget http://download.jumpserver.org/public/ssh-forward.tar.gz (py3)[xiaobai@jumpserver docker-guacamole] tar xzvf ssh-forward.tar.gz -C /bin/ (py3)[xiaobai@jumpserver docker-guacamole] chmod +x /bin/ssh-forward (py3)[xiaobai@jumpserver docker-guacamole] cd /opt/docker-guacamole/guacamole-server-1.2.0 #下载依赖 (py3)[xiaobai@jumpserver guacamole-server-1.2.0] yum install uuid uuid-devel (py3)[xiaobai@jumpserver guacamole-server-1.2.0] yum install cairo-devel #cairo要单独多下几次就能成功,uuid要去官网下载安装包,我这里下载的zlib-1.2.10.tar.gz

UUID下载地址

(py3)[xiaobai@jumpserver guacamole-server-1.2.0] tar xzvf zlib-1.2.10.tar.gz (py3)[xiaobai@jumpserver guacamole-server-1.2.0] cd zlib-1.2.10/ (py3)[xiaobai@jumpserver zlib-1.2.10] ./configure (py3)[xiaobai@jumpserver zlib-1.2.10] make && make install (py3)[xiaobai@jumpserver zlib-1.2.10] cd .. (py3)[xiaobai@jumpserver guacamole-server-1.2.0] yum install uuid uuid-devel (py3)[xiaobai@jumpserver guacamole-server-1.2.0] ./configure --with-init-dir=/etc/init.d

编译成功

(py3)[xiaobai@jumpserver guacamole-server-1.2.0] make && make install (py3)[xiaobai@jumpserver guacamole-server-1.2.0] cd (py3)[xiaobai@jumpserver] mkdir -p /opt/java (py3)[xiaobai@jumpserver] tar xzvf ~/jdk-8u111-linux-x64.tar.gz -C /opt/java/ (py3)[xiaobai@jumpserver] vim ~/.bash_profile export JAVA_HOME=/opt/java/jdk1.8.0_111 export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar export PATH=$PATH:$JAVA_HOME/bin (py3)[xiaobai@jumpserver] source ~/.bash_profile (py3)[xiaobai@jumpserver] mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive (py3)[xiaobai@jumpserver] chown daemon:daemon /config/guacamole/record /config/guacamole/drive (py3)[xiaobai@jumpserver] cd /config (py3)[xiaobai@jumpserver config] wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.39/bin/apache-tomcat-9.0.39.tar.gz #下载到本地的速度会快很多 (py3)[xiaobai@jumpserver config] tar xzvf apache-tomcat-9.0.39.tar.gz (py3)[xiaobai@jumpserver config] mv apache-tomcat-9.0.39 tomcat9 (py3)[xiaobai@jumpserver config] rm -rf /config/tomcat9/webapps/* (py3)[xiaobai@jumpserver config] rm -rf apache-tomcat-9.0.39.tar.gz (py3)[xiaobai@jumpserver config] sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml (py3)[xiaobai@jumpserver config] echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties (py3)[xiaobai@jumpserver config] wget http://download.jumpserver.org/release/v2.4.0/guacamole-client-v2.4.0.tar.gz (py3)[xiaobai@jumpserver config] tar xzvf guacamole-client-v2.4.0.tar.gz (py3)[xiaobai@jumpserver config] rm -rf guacamole-client-v2.4.0.tar.gz (py3)[xiaobai@jumpserver config] cp guacamole-client-v2.4.0/guacamole-1.2.0.war /config/tomcat9/webapps/ROOT.war (py3)[xiaobai@jumpserver config] cp guacamole-client-v2.4.0/guacamole-auth-jumpserver-1.2.0.jar /config/guacamole/extensions/ (py3)[xiaobai@jumpserver config] mv /opt/docker-guacamole/guacamole.properties /config/guacamole/ (py3)[xiaobai@jumpserver config] rm -rf /opt/docker-guacamole #配置Guacamole环境 (py3)[xiaobai@jumpserver config] export JUMPSERVER_SERVER=http://127.0.0.1:8080 (py3)[xiaobai@jumpserver config] echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc (py3)[xiaobai@jumpserver config] echo $BOOTSTRAP_TOKEN wttyDYSu2yiNbvv6 (py3)[xiaobai@jumpserver config] export BOOTSTRAP_TOKEN=wttyDYSu2yiNbvv6 (py3)[xiaobai@jumpserver config] echo "export BOOTSTRAP_TOKEN=wttyDYSu2yiNbvv6" >> ~/.bashrc (py3)[xiaobai@jumpserver config] export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys (py3)[xiaobai@jumpserver config] echo "export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys" >> ~/.bashrc (py3)[xiaobai@jumpserver config] export GUACAMOLE_HOME=/config/guacamole (py3)[xiaobai@jumpserver config] echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc (py3)[xiaobai@jumpserver config] export GUACAMOLE_LOG_LEVEL=ERROR (py3)[xiaobai@jumpserver config] echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc (py3)[xiaobai@jumpserver config] export JUMPSERVER_ENABLE_DRIVE=true (py3)[xiaobai@jumpserver config] echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc (py3)[xiaobai@jumpserver config] /etc/init.d/guacd start Starting guacd: guacd[55270]: INFO: Guacamole proxy daemon (guacd) version 1.2.0 started SUCCESS (py3)[xiaobai@jumpserver config] sh /config/tomcat9/bin/startup.sh Using CATALINA_BASE: /config/tomcat9 Using CATALINA_HOME: /config/tomcat9 Using CATALINA_TMPDIR: /config/tomcat9/temp Using JRE_HOME: /opt/java/jdk1.8.0_111 Using CLASSPATH: /config/tomcat9/bin/bootstrap.jar:/config/tomcat9/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started.

部署Lina

(py3)[xiaobai@jumpserver config] cd /opt (py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/lina/releases/download/v2.4.0/lina-v2.4.0.tar.gz (py3)[xiaobai@jumpserver opt] tar xzvf lina-v2.4.0.tar.gz (py3)[xiaobai@jumpserver opt] mv lina-v2.4.0 lina (py3)[xiaobai@jumpserver opt] yum -y install nginx #提前将nginx下载下来 (py3)[xiaobai@jumpserver opt] chown -R nginx:nginx lina (py3)[xiaobai@jumpserver opt] rm -rf lina-v2.4.0.tar.gz

部署Luna

(py3)[xiaobai@jumpserver opt] wget https://github.com/jumpserver/luna/releases/download/v2.4.0/luna-v2.4.0.tar.gz (py3)[xiaobai@jumpserver opt] tar xzvf luna-v2.4.0.tar.gz (py3)[xiaobai@jumpserver opt] mv luna-v2.4.0 luna (py3)[xiaobai@jumpserver opt] chown -R nginx:nginx luna (py3)[xiaobai@jumpserver opt] rm -rf luna-v2.4.0.tar.gz (py3)[xiaobai@jumpserver opt] ll total 8 drwxr-xr-x. 3 root root 26 Oct 21 15:58 java drwxr-xr-x. 11 root root 4096 Oct 21 13:31 jumpserver drwxr-xr-x. 6 root root 142 Oct 21 13:49 koko drwxr-xr-x. 3 nginx nginx 57 Oct 15 16:08 lina drwxr-xr-x. 5 nginx nginx 4096 Oct 15 16:08 luna drwxr-xr-x. 7 root root 133 Oct 21 12:58 py3

部署Nginx

(py3)[xiaobai@jumpserver opt] vim /etc/nginx/default.d/jumpserver.conf client_max_body_size 500M; #录像及文件上传大小限制 location /ui/ { try_files $uri / /index.html; alias /opt/lina/; } location /luna/ { try_files $uri / /index.html; alias /opt/luna/; #luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; #录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; #静态资源, 如果修改安装目录, 此处需要修改 } location /koko/ { proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /ws/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /core/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location / { rewrite ^/(.*)$ /ui/$1 last; } (py3)[xiaobai@jumpserver opt] nginx -t (py3)[xiaobai@jumpserver opt] systemctl start nginx #如果已经启动了不想重启执行下面命令 (py3)[xiaobai@jumpserver opt] nginx -s reload

==访问ip+80端口就可以看到 初始用户密码都为admin,第一次登录会让你修改密码

文章总览分类目录 @小白

最新回复(0)