环境:
CentOS Linux release 7.8.2003 (Core)
一、安装Python3.6和虚拟环境
yum -y install wget lrzsz xz gcc git epel-release python-pip python-devel mysql-devel automake autoconf sqlite-devel zlib-devel openssl-devel sshpass readline-devel
1.安装python
yum -y install python36 python36-devel
1.1.建立 Python 虚拟环境
cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
二、安装jumpserver
1.在Github上下载jumpserver项目
git clone --depth=1 https://github.com/jumpserver/jumpserver.git
2.安装依赖
cd /opt/jumpserver/requirements
yum -y install $(cat rpm_requirements.txt)
3.安装Python依赖
pip install --upgrade pip setuptools
pip install -r requirements.txt
推荐使用阿里云源下载
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
出现了无法安装错误怎么解决!!!
出现以上问题vim修改requirements.txt文件,把报错无法安装的文件都注释掉,然后手动pip这些依赖,也可以把注释去掉再次执行。
4、安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
yum -y install redis
systemctl start redis
5、安装 MySQL
yum -y install mariadb mariadb-devel mariadb-server
systemctl start mariadb
6、创建数据库 Jumpserver 并授权
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
7、修改 Jumpserver 配置文件
cd /opt/jumpserver/
cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
8、运行 Jumpserver
cd /opt/jumpserver
./jms start all -d
Docker 部署 KoKo 组件
docker run --name jms_koko -d \
-p 2222:2222 \
-p 127.0.0.1:5000:5000 \
-e CORE_HOST=http://192.168.59.137:8080 \
-e BOOTSTRAP_TOKEN=99a0hu9pqc5U9qBN \
-e LOG_LEVEL=ERROR \
--privileged=true \
--restart=always \
jumpserver/jms_koko:v2.4.0
Docker部署Guacamole 组件
docker run --name jms_guacamole -d \
-p 127.0.0.1:8081:8080 \
-e JUMPSERVER_SERVER=http://192.168.59.137:8080 \
-e BOOTSTRAP_TOKEN=abcdefg1234 \
-e GUACAMOLE_LOG_LEVEL=ERROR \
jumpserver/jms_guacamole:v2.4.0
下载 Lina 组件
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.4.0/lina-v2.4.0.tar.gz
tar -xf lina-v2.4.0.tar.gz
mv lina-v2.4.0 lina
chown -R nginx:nginx lina
下载 Luna 组件
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.4.0/luna-v2.4.0.tar.gz
tar -xf luna-v2.4.0.tar.gz
mv luna-v2.4.0 luna
chown -R nginx:nginx luna
配置 Nginx 整合各组件
yum -y install nginx
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
删除nginx.conf配置文件中的server模块
systemctl start nginx
nginx -t
nginx -s reload
开始使用 JumpServer
检查应用是否已经正常运行
服务全部启动后, 访问 JumpServer 服务器 nginx 代理的 80 端口, 不要通过8080端口访问 默认账号: admin 密码: admin