Article directory
Preface
JumpServer is a popular open source bastion host and a professional operation and maintenance security audit system that complies with 4A specifications. JumpServer helps enterprises control and log in all types of assets in a more secure manner, achieve prior authorization, in-process supervision, and post-event auditing, and meet the compliance requirements of Class A guarantees.
The following describes how to use simple settings to enable the local jump server to combine with cpolar intranet penetration to achieve remote access to the jump server management interface.
1. Install Jump server
This article builds a jump server as a demonstration. Through the Linux installation method on the jump server official website, we need to install the environment first. You can refer to the official website's instructions to install the required environment:
Official website installation method: https://docs.jumpserver.org/zh/v3/installation/setup_linux_standalone/requirements/
After installing the environment, use the one-click installation command, install it with one click, and then wait for the installation. Here is a brief introduction to the online installation method.
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
After the installation is successful, we can see that all components start normally. The web access
local access address is shown below. The port number is port 80. At the same time, we can see the default user name: admin and the default password: admin.
2. Access the jump server locally
Through the local access address seen above, we open the browser and access it through the above LAN address in the LAN environment. Port 80. This machine directly uses the local address to access. Here we use the local address to access. After accessing, we successfully see Jump server is the login interface. Enter the default username and password to log in. The local access test is ok. Next, install the cpolar intranet penetration tool in Linux to achieve remote access.
3. Install cpolar intranet penetration software
Above we installed and started the jump server service in local Linux, and the local access was ok. Next, we installed the cpolar intranet penetration tool in Linux. Through the http public network address of cpolar, we can easily access the jump server remotely, and There is no need to register a domain name and purchase a cloud server yourself. Here are the steps to install cpolar
cpolar official website address: https://www.cpolar.com
- Use one-click script installation command
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
- Add services to the system
sudo systemctl enable cpolar
- Start cpolar service
sudo systemctl start cpolar
After cpolar is successfully installed, access the 9200 port of Linux on the browser: [http://LAN ip:9200], log in with the cpolar account, and after logging in, you can see the cpolar web configuration interface, and configure it in the web interface. Can
4. Configure Jump server public network access address
Click Tunnel Management - Create Tunnel on the left dashboard to create a port 80 tunnel for our http access method above!
- Tunnel name: You can customize the name. Be careful not to duplicate the existing tunnel name.
- Protocol: Select http
- Local address: 80 (default port)
- Domain name type: Choose a random domain name for free
- Region: Select China vip
Click创建
After the tunnel is successfully created, click the status on the left - online tunnel list to view the generated public network address. There are two access methods, one is http and https, both methods can be accessed.
5. Remote access to Jump server via public network
We use the above http public network address to access, and we can successfully see our Jump server service login management interface. Such a public network address that can be accessed remotely has been created. To access a new address, you may need to log in again.
6. Fixed Jump server public network address
Since the tunnel created using cpolar above uses a random public network address, it will change randomly within 24 hours, which is not conducive to long-term remote access. Therefore, we can configure a second-level subdomain name for it. This address is a fixed address and will not change randomly [ps: cpolar.cn has been filed]
Note that you need to upgrade the cpolar package to a basic package or above, and the bandwidth corresponding to each package is different. [cpolar.cn has been registered]
Log in to the cpolar official website , click Reserve on the left, select to reserve the second-level subdomain name, set a second-level subdomain name, click Reserve, and copy the reserved second-level subdomain name after the reservation is successful.
After the reservation is successful, copy the name of the second-level subdomain name that was successfully reserved.
Log in to the cpolar web UI management interface, click Tunnel Management - Tunnel List on the left dashboard, find the jump server tunnel you want to configure, and click Edit on the right
Modify the tunnel information and configure the successfully reserved second-level subdomain name into the tunnel.
- Domain name type: Select a second-level subdomain name
- Sub Domain: Fill in the successfully reserved second-level subdomain name
Click 更新
(note, click once to update, no need to submit again)
After the update is completed, open the online tunnel list. At this time, you can see that the public network address has changed and the address name has become a fixed second-level subdomain name.
Finally, we use a fixed public network address to access the jump server service. You can see that the login interface appears, indicating that the access is successful. In this way, a fixed and permanent public network address is set.