CentOS Linux release 7.7.1908 (Core) 3.10.0-1062.4.1.el7.x86_64
The Initialize () { yum Update - Y systemctl Start firewalld Firewall -cmd = --zone public --add-Port = 80 / TCP - Permanent Nginx port # Firewall -cmd = --zone public --add-Port = 2222 / tcp --permanent # SSH user login port Coco - permanent permanent Firewall -cmd - reload rule # reload the setenforce 0 Sed -i " S / = enforcing the SELINUX / the SELINUX = Disabled / G " / etc / SELinux / config } install_redis () { # install Redis, Jumpserver make use Redis cache and celery broke yum -Y GCC epel- the install wget Release Git yum - Y Redis the install systemctl enable Redis systemctl Start Redis } install_mariadb () { # installed MySQL, if no correlation can be skipped using Mysql Mysql installation and configuration, support sqlite3, mysql, postgres like yum -Y-devel the install MariaDB MariaDB MariaDB-Server MariaDB- Shared systemctl enable MariaDB systemctl Start MariaDB DB_PASSWORD = `CAT / dev / urandom | TR -dc A-Za-z0- 9 | head -c 24- ` echo -e "\ 033 [31m Your password database is DB_PASSWORD $ \ 033 [0m " # create the database and authorize Jumpserver MySQL -uroot--e " the Create Database jumpserver default charset 'utf8'; Grant * All ON jumpserver to 'J. } Install_nginx () { # install Nginx, with as proxy server consolidation Jumpserver respective components yum - Y the install Nginx systemctl enable Nginx CAT > << /etc/nginx/nginx.conf the EOF User Nginx; worker_processes Auto; the error_log / var / log / Nginx / the error.log; PID / RUN / nginx.pid; the include / usr / Share / Nginx / modules / * .conf; Events { worker_connections 1024; } HTTP { log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; } EOF } install_python36 () { yum the install python36 python36 -Y devel- CD / opt # Python3 virtual environment loaded and configured python3.6 -m venv py3 # py3 virtual environment name, customizable source / opt / py3 / bin / activate # exit the virtual environment can use the deactivate command } ## see the following prompt on behalf of success, they have to run after run Jumpserver above source command, by default all of the following commands after loading the environment are # (Py3) [root @ localhost Py3] install_jumpserver () { CD / opt / Git clone https://github.com/jumpserver/jumpserver.git CD / opt / jumpserver Git Checkout 1.5.2 yum the install $ -Y (CAT /opt/jumpserver/requirements/rpm_requirements.txt) # install Python library dependencies pip3 install --upgrade pip setuptools PIP3 the install -R & lt /opt/jumpserver/requirements/requirements.txt } jumpserver_config () { # 修改 Jumpserver 配置文件 cd /opt/jumpserver cp config_example.yml config.yml # SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc # BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/ju sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" cd /opt/jumpserver ./jms start -d } install_docker(){ yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum makecache fast rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg yum -y install docker-ce systemctl enable docker curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io systemctl restart docker firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port pr firewall-cmd --reload } run_docker(){ Server_IP="192.168.31.25" echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m" docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOT docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOT } install_luna(){ cd /opt wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz lOCATION / static / { tar xf luna.tar.gz chown -R root:root luna } Jumpsever_nginx_config () { RM -rf /etc/nginx/conf.d/default.conf CAT> << /etc/nginx/conf.d/jumpserver.conf the EOF Server { the listen 80; client_max_body_size 100m; # video file upload and size limit LOCATION / Luna / { try_files \ $ URI / /index.html; Alias / opt / Luna /; # Luna path, if you modify the installation directory, where the need to modify } LOCATION / Media / { the add_header the Content-Encoding the gzip; the root / opt / jumpserver / data /; # video position, if you modify the installation directory, where you need to modify } root / opt / jumpserver / data /; # static resources, if you modify the installation directory, where you need to modify } lOCATION /socket.io / { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection \$http_connection; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; } } EOF } enable_start(){ #jumpserver cat > /usr/lib/systemd/system/jms.service <<EOF [Unit] Description=jms After=network.target mariadb.service redis.service docker.service Wants=mariadb.service redis.service docker.service [Service] Type=forking Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" ExecStart=/opt/jumpserver/jms start all -d ExecReload= ExecStop=/opt/jumpserver/jms stop [Install] WantedBy=multi-user.target EOF #start cat > /opt/start_jms.sh <<EOF #!/bin/bash set -e export LANG=zh_CN.UTF-8 systemctl start jms docker start jms_coco docker start jms_guacamole exit 0 EOF #stop cat >/opt/stop_jms.sh <<EOF #!/bin/bash set -e export LANG=zh_CN.UTF-8 docker stop jms_coco docker stop jms_guacamole systemctl stop jms exit 0 EOF chmod +x /etc/rc.d/rc.local if [ "$(cat /etc/rc.local | grep start_jms.sh)" == "" ]; then echo "sh /opt/start_jms.sh" >> /etc/rc.local fi } main(){ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc Initialize install_redis install_mariadb install_nginx install_python36 install_jumpserver jumpserver_config install_docker install_luna jumpsever_nginx_config run_docker enable_start nginx -t systemctl start nginx }
https://jumpserver.readthedocs.io/zh/latest/setup_by_centos7.html official documents