参考 https://docs.jumpserver.org/zh/master/install/step_by_step/
配置要求
硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低) 操作系统: Linux 发行版 x86_64 Python = 3.6.x Mysql Server ≥ 5.6 Mariadb Server ≥ 5.5.56 Redis
安装python3
yum -y install python3 yum -y install python3-pip
安装 mysql
cd /etc/yum.repos.d [root@localhost yum.repos.d]# cat mysql.repo [mysql57-community] name=MySQL 5.7 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/ enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql # 安装mysql yum install mysql-community-server -y # 启动mysql systemctl start mysqld
登录mysql
create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all privileges on `jumpserver`.* to 'jumpserver'@'%' identified by 'jumpserver';
安装redis
1.下载redis源码 wget http://download.redis.io/releases/redis-4.0.10.tar.gz 2.解压缩 tar -xf redis-4.0.10.tar.gz 3.切换redis源码目录 cd redis-4.0.10.tar.gz 4.编译源文件 make 5.编译好后,src/目录下有编译好的redis指令 6.make install 安装到指定目录,默认在/usr/local/bin
redis的配置文件
cat /etc/redis.conf bind 192.168.13.232 port 20027 daemonize yes requirepass xiangbo123456 dbfilename dump.rdb dir /home/laso/data/redis/ logfile /home/laso/logs/redis/redis-server.log save 900 1 save 300 10 save 60 10000 appendonly yes appendfsync everysec
启动redis
redis-server /etc/redis.conf
创建python3 的虚拟环境
python3.6 -m venv /opt/py3 进入虚拟环境 source /opt/py3/bin/activate
获取 JumpServer 代码
cd /opt && wget -O jumpserver.tar.gz https://github.com/jumpserver/jumpserver/archive/2.0.1.tar.gz
tar xf jumpserver.tar.gz
mv jumpserver-2.0.1 jumpserver
安装编译环境依赖
cd /opt/jumpserver/requirements pip install wheel && pip install --upgrade pip setuptools && pip install -r requirements.txt
修改配置文件
cd /opt/jumpserver &&
cp config_example.yml config.yml &&
vi config.yml
配置文件的修改
[root@localhost jumpserver]# cat config.yml | grep -v ^# | grep -v ^$ SECRET_KEY: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r BOOTSTRAP_TOKEN: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r DB_ENGINE: mysql DB_HOST: 192.168.199.234 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: jumpserver DB_NAME: jumpserver HTTP_BIND_HOST: 0.0.0.0 HTTP_LISTEN_PORT: 8080 WS_LISTEN_PORT: 8070 REDIS_HOST: 192.168.199.234 REDIS_PORT: 20027 REDIS_PASSWORD: lulin123456
启动 JumpServer
cd /opt/jumpserver
./jms start
正常部署 KoKo 组件
cd /opt && wget https://github.com/jumpserver/koko/releases/download/2.0.1/koko-master-linux-amd64.tar.gz tar -xf koko-master-linux-amd64.tar.gz && chown -R root:root kokodir && cd kokodir cp config_example.yml config.yml && vi config.yml
修改配置文件
[root@localhost kokodir]# cat config.yml | grep -v ^# | grep -v ^$ CORE_HOST: http://127.0.0.1:8080 BOOTSTRAP_TOKEN: 1HQG6hcdtki0C74Wng0JMyhiJUqIPape3cYdTvysFzwCOCF9r REDIS_HOST: 192.168.199.234 REDIS_PORT: 20027 REDIS_PASSWORD: lulin123456 REDIS_CLUSTERS: 3 REDIS_DB_ROOM: 4
启动
./koko
正常部署 Guacamole 组件
yum -y install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel yum -y install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel yum -y install libpng-devel libtool uuid-devel libjpeg-turbo-devel cairo-devel
cd /opt && wget -O /opt/guacamole.tar.gz https://github.com/jumpserver/docker-guacamole/archive/2.0.1.tar.gz tar -xf guacamole.tar.gz && mv docker-guacamole-2.0.1 guacamole && cd /opt/guacamole && tar -xf guacamole-server-1.0.0.tar.gz && tar -xf ssh-forward.tar.gz -C /bin/ && chmod +x /bin/ssh-forward cd /opt/guacamole/guacamole-server-1.0.0
autoreconf -fi && ./configure --with-init-dir=/etc/init.d && make && make install
配置java环境
mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && chown daemon:daemon /config/guacamole/record /config/guacamole/drive && cd /config
下载java
wget https://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.36/bin/apache-tomcat-9.0.36.tar.gz
tar -xf apache-tomcat-9.0.35.tar.gz && mv apache-tomcat-9.0.35 tomcat9 && rm -rf /config/tomcat9/webapps/* && sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml && echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties && ln -sf /opt/guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war && ln -sf /opt/guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar && ln -sf /opt/guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
设置 Guacamole 环境
export JUMPSERVER_SERVER=http://127.0.0.1:8080 echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN echo "export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN" >> ~/.bashrc export JUMPSERVER_KEY_DIR=/config/guacamole/keys echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc export GUACAMOLE_HOME=/config/guacamole echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc export GUACAMOLE_LOG_LEVEL=ERROR echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc export JUMPSERVER_ENABLE_DRIVE=true echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
启动 Guacamole
/etc/init.d/guacd start sh /config/tomcat9/bin/startup.sh
下载 Lina 组件
cd /opt wget https://github.com/jumpserver/lina/releases/download/2.0.1/lina.tar.gz tar -xf lina.tar.gz chown -R nginx:nginx lina
下载 Luna 组件
cd /opt wget https://github.com/jumpserver/luna/releases/download/2.0.1/luna.tar.gz tar -xf luna.tar.gz chown -R nginx:nginx luna
配置 Nginx 整合各组件
echo > /etc/nginx/conf.d/default.conf vi /etc/nginx/conf.d/jumpserver.conf server { listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /ui/ { try_files $uri / /index.html; alias /opt/lina/; } location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /koko/ { proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /ws/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /core/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location / { rewrite ^/(.*)$ /ui/$1 last; } }