安装JumpServer

参考 https://docs.jumpserver.org/zh/master/install/step_by_step/

配置要求

硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘（最低）
操作系统: Linux 发行版 x86_64

Python = 3.6.x
Mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis

安装python3

yum -y install python3
yum -y install python3-pip

安装 mysql

cd /etc/yum.repos.d
[root@localhost yum.repos.d]# cat mysql.repo 
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
# 安装mysql
yum install mysql-community-server  -y
# 启动mysql
systemctl  start mysqld

登录mysql

create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all privileges on `jumpserver`.* to 'jumpserver'@'%' identified by 'jumpserver';

安装redis

1.下载redis源码
wget http://download.redis.io/releases/redis-4.0.10.tar.gz
2.解压缩
tar -xf redis-4.0.10.tar.gz
3.切换redis源码目录
cd redis-4.0.10.tar.gz
4.编译源文件
make 
5.编译好后，src/目录下有编译好的redis指令
6.make install 安装到指定目录，默认在/usr/local/bin

　redis的配置文件

cat /etc/redis.conf
bind 192.168.13.232
port 20027
daemonize yes
requirepass xiangbo123456
dbfilename dump.rdb
dir /home/laso/data/redis/
logfile /home/laso/logs/redis/redis-server.log
save 900 1
save 300 10
save 60  10000
appendonly yes
appendfsync everysec

启动redis

redis-server /etc/redis.conf

创建python3 的虚拟环境

python3.6 -m venv /opt/py3
进入虚拟环境
source /opt/py3/bin/activate

 获取 JumpServer 代码

cd /opt && 
wget -O jumpserver.tar.gz https://github.com/jumpserver/jumpserver/archive/2.0.1.tar.gz
tar xf jumpserver.tar.gz
mv jumpserver-2.0.1 jumpserver

安装编译环境依赖

cd /opt/jumpserver/requirements
pip install wheel && 
pip install --upgrade pip setuptools && 
pip install -r requirements.txt

修改配置文件

cd /opt/jumpserver &&  
cp config_example.yml config.yml && 
vi config.yml

 配置文件的修改

[root@localhost jumpserver]# cat config.yml  | grep -v ^# | grep -v ^$
SECRET_KEY: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r
BOOTSTRAP_TOKEN: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r
DB_ENGINE: mysql
DB_HOST: 192.168.199.234
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: jumpserver 
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 192.168.199.234
REDIS_PORT: 20027
REDIS_PASSWORD: lulin123456

启动 JumpServer

cd /opt/jumpserver
./jms start

正常部署 KoKo 组件

cd /opt && 
wget https://github.com/jumpserver/koko/releases/download/2.0.1/koko-master-linux-amd64.tar.gz
tar -xf koko-master-linux-amd64.tar.gz && 
chown -R root:root kokodir && 
cd kokodir
cp config_example.yml config.yml && 
vi config.yml

修改配置文件

[root@localhost kokodir]# cat config.yml  | grep -v ^# | grep -v ^$
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r
REDIS_HOST: 192.168.199.234
REDIS_PORT: 20027
REDIS_PASSWORD: lulin123456
REDIS_CLUSTERS: 3
REDIS_DB_ROOM: 4

启动

./koko  

正常部署 Guacamole 组件

 yum -y install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
 yum -y install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel
 yum -y install libpng-devel libtool uuid-devel libjpeg-turbo-devel cairo-devel

cd /opt && 
wget -O /opt/guacamole.tar.gz https://github.com/jumpserver/docker-guacamole/archive/2.0.1.tar.gz
tar -xf guacamole.tar.gz && 
mv docker-guacamole-2.0.1 guacamole && 
cd /opt/guacamole && 
tar -xf guacamole-server-1.0.0.tar.gz && 
tar -xf ssh-forward.tar.gz -C /bin/ && 
chmod +x /bin/ssh-forward
cd /opt/guacamole/guacamole-server-1.0.0

autoreconf -fi && 
./configure --with-init-dir=/etc/init.d && 
make && 
make install

配置java环境

mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && 
chown daemon:daemon /config/guacamole/record /config/guacamole/drive && 
cd /config

下载java

wget  https://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.36/bin/apache-tomcat-9.0.36.tar.gz

tar -xf apache-tomcat-9.0.35.tar.gz && 
mv apache-tomcat-9.0.35 tomcat9 && 
rm -rf /config/tomcat9/webapps/* && 
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml && 
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties && 
ln -sf /opt/guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war && 
ln -sf /opt/guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar && 
ln -sf /opt/guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

 设置 Guacamole 环境

export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN
echo "export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

启动 Guacamole

/etc/init.d/guacd start
sh /config/tomcat9/bin/startup.sh

下载 Lina 组件

cd /opt
wget https://github.com/jumpserver/lina/releases/download/2.0.1/lina.tar.gz
tar -xf lina.tar.gz
chown -R nginx:nginx lina

下载 Luna 组件

cd /opt
wget https://github.com/jumpserver/luna/releases/download/2.0.1/luna.tar.gz
tar -xf luna.tar.gz
chown -R nginx:nginx luna 

配置 Nginx 整合各组件

echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
    listen 80;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /ui/ {
        try_files $uri / /index.html;
        alias /opt/lina/;
    }

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
        proxy_pass       http://localhost:5000;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /core/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        rewrite ^/(.*)$ /ui/$1 last;
    }
}