一、安装堡垒机jumpserver
cd /mnt/
setenforce 0
systemctl stop iptables
systemctl stop firewalld
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG=zh_CN.UTF-8' >/etc/locale.conf
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure && make &&make install
cd /opt/
python3 -m venv py3
source /opt/py3/bin/activate
git clone git://github.com/kennethreitz/autoenv.git ~/.autoenv
echo 'source ~/.autoenv/activate.sh'>> ~/.bashrc
source ~/.bashrc
cd /opt/
git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver&& git checkout master
echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
cd /opt/jumpserver/requirements --会跳出提示,请直接回车
yum -y install $(cat rpm_requirements.txt)
pip install -r requirements.txt
yum -y install redis
systemctl start redis
yum -y install mariadb mariadb-devel mariadb-server
systemctl enable mariadb
systemctl start mariadb
请直接复制以下命令使用
mysql
create database jumpserver default character set 'utf8' collate utf8_general_ci;
grant all on jumpserver.* to'jumpserver'@'127.0.0.1' identified by 'somepassword';
grant all on jumpserver.* to'jumpserver'@'localhost' identified by 'somepassword';
exit
cd /opt/jumpserver --会跳出提示,请直接回车
AA=`cat -n config.py | grep DEBUG | grep True | awk '{print $1}'`
sed -i ''"$AA"'c DEBUG = True' config.py
sed -i ''"$AA"'s/^/ /' config.py
BB=`cat -n config.py | grep DB_PASSWORD | awk '{print $1}'`
sed -i "${BB}c DB_PASSWORD = 'somepassword'" config.py
sed -i ''"$BB"'s/^/ /' config.py
cd /opt/jumpserver/utils/ --会跳出提示,请直接回车
bash make_migrations.sh
cd /opt/jumpserver
./jms start all
再请浏览器访问 http://本机ip:8080/ 默认账号: admin 密码: admin
二、配置 Nginx 整合各组件
yum -y install nginx
vi /etc/nginx/nginx.conf --把server以及以下的内容全部删除 200dd(再把以下内容全部粘贴上去)
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
}
}
}
nginx -t /etc/nginx/nginx.conf
systemctl start nginx
systemctl enable nginx
./jms start all
再请浏览器访问 http://本机ip/ 默认账号: admin 密码: admin