Article Directory
foreword
JumpServer is a popular open source bastion host and a professional operation and maintenance security audit system that complies with 4A specifications. JumpServer helps enterprises manage, control and log in all types of assets in a more secure way, realize pre-authorization, in-process monitoring, and post-event auditing, and meet security compliance requirements.
The following describes how to use simple settings to enable the local jump server to combine with cpolar intranet penetration to realize remote access to the jump server management interface.
1. Install Jump server
This article builds a jump server as a demonstration. Through the Linux installation method on the jump server official website, we need to start with the installation environment. You can refer to the official website instructions to install the required environment:
Official website installation method: https://docs.jumpserver.org/zh/v3/installation/setup_linux_standalone/requirements/
After installing the environment. Use the one-click installation command, one-click installation, and then wait for the installation. Here is a brief introduction to the online installation method
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
After the installation is successful, we can see that all the building prompts start normally, web access
the address of local access is shown below, the port number is port 80, and the default user name: admin and the default password; admin
2. Local access to the jump server
Through the local access address seen above, we open the browser and access it through the above LAN address in the LAN environment, port 80, the machine directly uses the local address to access, here uses the local address to access, and successfully sees it after accessing Jump server is the login interface. Enter the default username and password to log in. The local access test is ok. Next, install the cpolar intranet penetration tool in Linux to realize remote access.
3. Install cpolar intranet penetration software
Above we installed and started the jump server service in the local Linux, and the local access is ok. Next, we install the cpolar intranet penetration tool in Linux. Through the http public network address of cpolar, we can easily access the jump server remotely. There is no need to register a domain name to buy a cloud server. The following are the steps to install cpolar
cpolar official website address: https://www.cpolar.com
- Install commands using one-click scripts
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
- Add a service to the system
sudo systemctl enable cpolar
- Start the cpolar service
sudo systemctl start cpolar
After the successful installation of cpolar, visit the port 9200 of Linux on the browser: [http://LAN ip:9200], log in with the cpolar account, and you can see the cpolar web configuration interface after logging in, and then configure it in the web interface Can
4. Configure the public network access address of the Jump server
Click Tunnel Management on the left dashboard - Create Tunnel, and create a port 80 tunnel for our http access method above!
- Tunnel name: you can customize the name, be careful not to duplicate the existing tunnel name
- Protocol: select http
- Local address: 80 (default port)
- Domain name type: choose a random domain name for free
- Region: Select China VIP
click创建
After the tunnel is successfully created, click on the status on the left - online tunnel list, and view the generated public network address. There are two access methods, one is http and https, both of which can be accessed
5. Access the Jump server remotely from the public network
We use the above http public network address to access, and we can successfully see our Jump server service login management interface. Such a public network address and remote access are created. New address access may require re-login.
6. Fixed Jump server public network address
Since the above tunnel created by using cpolar uses a random public network address, it will change randomly within 24 hours, which is not conducive to long-term remote access. Therefore, we can configure a second-level subdomain name for it, which is a fixed address and will not change randomly [ps: cpolar.cn has been filed]
Note that the cpolar package needs to be upgraded to the basic package or above, and the bandwidth corresponding to each package is different. [cpolar.cn has been filed]
Log in to the cpolar official website , click Reserve on the left, choose to reserve the second-level subdomain name, set a second-level subdomain name, click Reserve, and copy the reserved second-level subdomain name after the reservation is successful
After the reservation is successful, copy the name of the reserved second-level subdomain name
Log in to the cpolar web UI management interface, click Tunnel Management on the left dashboard - Tunnel List, find the jump server tunnel to be configured, and click Edit on the right
Modify the tunnel information, and configure the successfully reserved second-level subdomain name into the tunnel
- Domain name type: select a second-level subdomain name
- Sub Domain: Fill in the reserved sub-domain name
Click 更新
(note, click once to update, no need to submit repeatedly)
After the update is complete, open the online tunnel list. At this time, you can see that the public network address has changed, and the address name has also become a fixed second-level subdomain name.
Finally, we use a fixed public network address to access the jump server service. You can see the login interface, indicating that the access is successful. Such a fixed and permanent public network address is set.