Refer to the official Jumpserver document for the installation process: http://docs.jumpserver.org/zh/docs/step_by_step.html
1. System related
VMware virtual machine: 2G memory, dual-core processor, 20G hard disk, bridge mode, the system uses centos7.2, minimal installation
IP address: 172.16.0.38/24
1. Set up SElinux and firewall, character encoding
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --reload
setenforce 0
sed -i "s/enforcing/disabled/g" /etc/selinux/config
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
2. Prepare the environment
1. Install dependent packages and python3.6 and python3.6, compile related software needed
yum install autoconf automake libtool -y
yum -y install wget gcc epel-release git
yum -y install python36 python36-devel
2. Create a python virtual environment and load python virtual environment variables
2.1 Manual loading
cd /opt/
python3.6 -m venv py3
source /opt/py3/bin/activate
2.2 Automatic loading
cd /opt/
git clone https://github.com/kennethreitz/autoenv.git
echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
source ~/.bashrc
Three. Install Jumpserver
1. Download or clone source files
cd /opt/
git clone https://github.com/jumpserver/jumpserver.git
echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
2. Installation dependency RPM package and python library dependency
cd /opt/jumpserver/requirements
The first time you enter, there will be a prompt, which is normal.
yum -y install $(cat rpm_requirements.txt)
pip install --upgrade pip setuptools
pip install -r requirements.txt
3. Install Redis, Jumpserver uses Redis as cache and celery broke
yum -y install redis
systemctl enable redis
systemctl start redis
4. Install mysql (mariadb in centos) and configure
yum -y install mariadb mariadb-devel mariadb-server
systemctl enable mariadb
systemctl start mariadb
mysql -u root
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'pwd';
5. Modify the configuration file of Jumpserver
cd /opt/jumpserver/
cp config_example.py config.py
vim config.py //编写过程中不要tab,使用空格对齐
32 SECRET_KEY = 'keystring'
36 BOOTSTRAP_TOKEN = 'presharetoken'
40 DEBUG = True
46 LOG_LEVEL = 'ERROR'
47 LOG_DIR = os.path.join(BASE_DIR,'logs')
52 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
65 DB_ENGINE = 'mysql'
66 DB_HOST = '127.0.0.1'
67 DB_PORT = 3306
68 DB_USER = 'jumpserver'
69 DB_PASSWORD = 'pwd' //数据库密码
70 DB_NAME = 'jumpserver'
6. Run Jumpserver
cd /opt/jumpserver/
./jms start all //后面加-d 可以后台运行
4. Install SSH Server and WebSocket Server (Coco)
1. Download or clone source files
如果之前运行jumpserver不是后台运行,需要新建一个终端继续
在/opt目录下
source /opt/py3/bin/activate
git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
echo "source /opt/py3/bin/activate" > /opt/coco/.env
2. Install dependent packages
cd /opt/coco/requirements/
yum -y install $(cat rpm_requirements.txt)
pip install -r requirements.txt -ihttps://pypi.org/simple
If the following picture is displayed, just re-pip install. . . . I don't understand why yet
3. Run after modifying the configuration file
cd /opt/coco/
cp conf_example.py conf.py
vim conf.py //注意对齐不要用tab,使用空格
16 NAME = "COCO"
19 CORE_HOST = 'http://127.0.0.1:8080'
23 BOOTSTRAP_TOPKEN = 'presharetoken'
45 LOG_LEVEL = 'ERROR'
注释掉cocod文件的25行和38行
./cocod start -d
5. Install the Web Terminal front end (Luna)
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
6. Install windows support components (if you don’t have windows assets, don’t install it)
1. Install dependencies, compile and install guacamole service
cd /opt
yum install cairo-devel libjpeg-devel libpng-devel uuid-devel
yum install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
git clone https://github.com/jumpserver/docker-guacamole.git
cd /opt/docker-guacamole/
tar -xf guacamole-server-0.9.14.tar.gz
cd guacamole-server-0.9.14
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make && make install
cd ..
rm -rf guacamole-server-0.9.14
ldconfig
2. Configure tomcat
mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions
ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
cd /config/
wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.35/bin/apache-tomcat-8.5.35.tar.gz
tar xf apache-tomcat-8.5.35.tar.gz
rm -rf apache-tomcat-8.5.35.tar.gz
mv apache-tomcat-8.5.35 tomcat8
rm -rf /config/tomcat8/webapps/*
ln -sf /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat8/conf/server.xml
sed -i 's/FINE/WARNING/g' /config/tomcat8/conf/logging.properties
cd /config
wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
tar xf linux-amd64.tar.gz -C /bin/
chmod +x /bin/ssh-forward
3. Configure environment variables and start Guacamole
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
export BOOTSTRAP_TOKEN=presharetoken
echo "export BOOTSTRAP_TOKEN=presharetoken" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
/etc/init.d/guacd start
sh /config/tomcat8/bin/startup.sh
Seven. Configure Nginx to integrate components
1. Install Nginx
vim /etc/yum.repos.d/nginx.repo
写入下面5行内容
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
yum install -y nginx
rm -rf /etc/nginx/conf.d/default.conf
systemctl enable nginx
2. Write a configuration file
vim /etc/nginx/conf.d/jumpserver.conf
配置文件参考:
server {
listen 80;
client_max_body_size 100m;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
3. Use "nginx -t" to check the configuration file, and if there is no error as shown in the figure below, it is ok
4. Turn on nginx service
systemctl start nginx
systemctl enable nginx
8. The installation is complete, you can use it through the browser, the effect is as shown below
The default username and password are both admin