• 安装JumpServer


    参考 https://docs.jumpserver.org/zh/master/install/step_by_step/

    配置要求

    硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
    操作系统: Linux 发行版 x86_64
    
    Python = 3.6.x
    Mysql Server ≥ 5.6
    Mariadb Server ≥ 5.5.56
    Redis
    

    安装python3

    yum -y install python3
    yum -y install python3-pip

    安装 mysql

    cd /etc/yum.repos.d
    [root@localhost yum.repos.d]# cat mysql.repo 
    [mysql57-community]
    name=MySQL 5.7 Community Server
    baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
    enabled=1
    gpgcheck=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
    # 安装mysql
    yum install mysql-community-server  -y
    # 启动mysql
    systemctl  start mysqld

    登录mysql

    create database jumpserver default charset 'utf8' collate 'utf8_bin';
    grant all privileges on `jumpserver`.* to 'jumpserver'@'%' identified by 'jumpserver';

    安装redis

    1.下载redis源码
    wget http://download.redis.io/releases/redis-4.0.10.tar.gz
    2.解压缩
    tar -xf redis-4.0.10.tar.gz
    3.切换redis源码目录
    cd redis-4.0.10.tar.gz
    4.编译源文件
    make 
    5.编译好后,src/目录下有编译好的redis指令
    6.make install 安装到指定目录,默认在/usr/local/bin
    

     redis的配置文件

    cat /etc/redis.conf
    bind 192.168.13.232
    port 20027
    daemonize yes
    requirepass xiangbo123456
    dbfilename dump.rdb
    dir /home/laso/data/redis/
    logfile /home/laso/logs/redis/redis-server.log
    save 900 1
    save 300 10
    save 60  10000
    appendonly yes
    appendfsync everysec

    启动redis

    redis-server /etc/redis.conf

    创建python3 的虚拟环境

    python3.6 -m venv /opt/py3
    进入虚拟环境
    source /opt/py3/bin/activate

     获取 JumpServer 代码

    cd /opt && 
    wget -O jumpserver.tar.gz https://github.com/jumpserver/jumpserver/archive/2.0.1.tar.gz
    tar xf jumpserver.tar.gz
    mv jumpserver-2.0.1 jumpserver

    安装编译环境依赖

    cd /opt/jumpserver/requirements
    pip install wheel && 
    pip install --upgrade pip setuptools && 
    pip install -r requirements.txt

    修改配置文件

    cd /opt/jumpserver &&  
    cp config_example.yml config.yml &&
    vi config.yml

     配置文件的修改

    [root@localhost jumpserver]# cat config.yml  | grep -v ^# | grep -v ^$
    SECRET_KEY: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r
    BOOTSTRAP_TOKEN: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r
    DB_ENGINE: mysql
    DB_HOST: 192.168.199.234
    DB_PORT: 3306
    DB_USER: jumpserver
    DB_PASSWORD: jumpserver 
    DB_NAME: jumpserver
    HTTP_BIND_HOST: 0.0.0.0
    HTTP_LISTEN_PORT: 8080
    WS_LISTEN_PORT: 8070
    REDIS_HOST: 192.168.199.234
    REDIS_PORT: 20027
    REDIS_PASSWORD: lulin123456

    启动 JumpServer

    cd /opt/jumpserver
    ./jms start

    正常部署 KoKo 组件

    cd /opt && 
    wget https://github.com/jumpserver/koko/releases/download/2.0.1/koko-master-linux-amd64.tar.gz
    tar -xf koko-master-linux-amd64.tar.gz && 
    chown -R root:root kokodir && 
    cd kokodir
    cp config_example.yml config.yml && 
    vi config.yml

    修改配置文件

    [root@localhost kokodir]# cat config.yml  | grep -v ^# | grep -v ^$
    CORE_HOST: http://127.0.0.1:8080
    BOOTSTRAP_TOKEN: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r
    REDIS_HOST: 192.168.199.234
    REDIS_PORT: 20027
    REDIS_PASSWORD: lulin123456
    REDIS_CLUSTERS: 3
    REDIS_DB_ROOM: 4

    启动

    ./koko  

    正常部署 Guacamole 组件

     yum -y install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
     yum -y install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel
     yum -y install libpng-devel libtool uuid-devel libjpeg-turbo-devel cairo-devel
    cd /opt && 
    wget -O /opt/guacamole.tar.gz https://github.com/jumpserver/docker-guacamole/archive/2.0.1.tar.gz
    tar -xf guacamole.tar.gz && 
    mv docker-guacamole-2.0.1 guacamole && 
    cd /opt/guacamole && 
    tar -xf guacamole-server-1.0.0.tar.gz && 
    tar -xf ssh-forward.tar.gz -C /bin/ && 
    chmod +x /bin/ssh-forward
    cd /opt/guacamole/guacamole-server-1.0.0
    autoreconf -fi && 
    ./configure --with-init-dir=/etc/init.d && 
    make && 
    make install

    配置java环境

    mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && 
    chown daemon:daemon /config/guacamole/record /config/guacamole/drive && 
    cd /config

    下载java

    wget  https://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.36/bin/apache-tomcat-9.0.36.tar.gz
    tar -xf apache-tomcat-9.0.35.tar.gz && 
    mv apache-tomcat-9.0.35 tomcat9 && 
    rm -rf /config/tomcat9/webapps/* && 
    sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml && 
    echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties && 
    ln -sf /opt/guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war && 
    ln -sf /opt/guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar && 
    ln -sf /opt/guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

     设置 Guacamole 环境

    export JUMPSERVER_SERVER=http://127.0.0.1:8080
    echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
    export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN
    echo "export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN" >> ~/.bashrc
    export JUMPSERVER_KEY_DIR=/config/guacamole/keys
    echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
    export GUACAMOLE_HOME=/config/guacamole
    echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
    export GUACAMOLE_LOG_LEVEL=ERROR
    echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
    export JUMPSERVER_ENABLE_DRIVE=true
    echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

    启动 Guacamole

    /etc/init.d/guacd start
    sh /config/tomcat9/bin/startup.sh

    下载 Lina 组件

    cd /opt
    wget https://github.com/jumpserver/lina/releases/download/2.0.1/lina.tar.gz
    tar -xf lina.tar.gz
    chown -R nginx:nginx lina

    下载 Luna 组件

    cd /opt
    wget https://github.com/jumpserver/luna/releases/download/2.0.1/luna.tar.gz
    tar -xf luna.tar.gz
    chown -R nginx:nginx luna 

    配置 Nginx 整合各组件

    echo > /etc/nginx/conf.d/default.conf
    vi /etc/nginx/conf.d/jumpserver.conf
    server {
        listen 80;
    
        client_max_body_size 100m;  # 录像及文件上传大小限制
    
        location /ui/ {
            try_files $uri / /index.html;
            alias /opt/lina/;
        }
    
        location /luna/ {
            try_files $uri / /index.html;
            alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
        }
    
        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
        }
    
        location /static/ {
            root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
        }
    
        location /koko/ {
            proxy_pass       http://localhost:5000;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /guacamole/ {
            proxy_pass       http://localhost:8081/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /ws/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8070;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    
        location /api/ {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    
        location /core/ {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    
        location / {
            rewrite ^/(.*)$ /ui/$1 last;
        }
    }

     

  • 相关阅读:
    【转】java线程池ThreadPoolExecutor使用介绍
    java的类加载机制
    java面试问题分类
    ConcurrentHashMap总结
    ffmpeg对视频封装和分离
    SSM的整合
    单例模式的七种写法
    SecureCRT的快捷键
    linux下mysql常用命令
    maven操作
  • 原文地址:https://www.cnblogs.com/lulin9501/p/13221231.html
Copyright © 2020-2023  润新知