haproxy的配置
这里只代理了luna
coco的2222端口暂时没代理。后期有需求再改造
(py3) [root@dawn-jump-2 /app]# cat /etc/haproxy/haproxy.cfg
global
#设置日志
log 127.0.0.1 local3 info
chroot /var/lib/haproxy
#用户与用户组
user haproxy
group haproxy
#守护进程启动
daemon
#最大连接数
maxconn 100000
nbproc 1
#默认配置
defaults
log global
mode http
option http-keep-alive
maxconn 100000
retries 3 #连接后端服务器的失败重试次数
option httplog
option dontlognull #日志中不记录空连接,比如不记录健康检查的连接
option forwardfor #这里设置之后,下面的frontend和backend默认会继承它
timeout connect 10s
timeout client 20s
timeout server 30s
timeout check 5s #对后端服务器的检测超时时间
#设置管理页面,开启Haproxy Status状态监控,增加验证
listen admin_stats
bind *:9188
mode http
log 127.0.0.1 local3 err
stats refresh 30s
stats uri /my_haproxy_status
stats realm welcome login Haproxy
stats auth ha_admin:ha_admixxxx
stats hide-version
stats admin if TRUE
#前端配置,http_front名称可自定义
frontend http_front_end
bind *:80
mode http
option httpclose #每次请求完毕后主动关闭http通道
default_backend http_back_end
#后端配置,http_back名称可自定义
backend http_back_end
mode http
balance source
option httpchk HEAD /static/check.html HTTP/1.0 #设置健康检查页面
server node1 10.0.2.54:8181 check inter 2000 rise 3 fall 3 weight 6
server node2 10.0.2.55:8181 check inter 2000 rise 3 fall 3 weight 6
(py3) [root@dawn-jump-2 /app]#
nginx的配置
(py3) [root@dawn-jump-2 ~]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 8181;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
client_max_body_size 1000m; # Windows 文件上传大小限制
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
(py3) [root@dawn-jump-2 ~]#
coco的配置
(py3) [root@dawn-jump-2 /opt/coco]# cat conf.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
import os
BASE_DIR = os.path.dirname(__file__)
class Config:
"""
Coco config file, coco also load config from server update setting below
"""
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
NAME = "coco"
# Jumpserver项目的url, api请求注册会使用
CORE_HOST = 'http://127.0.0.1:8080'
# 启动时绑定的ip, 默认 0.0.0.0
BIND_HOST = '0.0.0.0'
# 监听的SSH端口号, 默认2222
SSHD_PORT = 2222
# 监听的HTTP/WS端口号,默认5000
HTTPD_PORT = 5000
# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY = None
# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
# 加密密钥
# SECRET_KEY = None
# 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
# LOG_LEVEL = 'INFO'
# 日志存放的目录
# LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Session录像存放目录
# SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
# 资产显示排序方式, ['ip', 'hostname']
# ASSET_LIST_SORT_BY = 'ip'
# 登录是否支持密码认证
# PASSWORD_AUTH = True
# 登录是否支持秘钥认证
# PUBLIC_KEY_AUTH = True
# 和Jumpserver 保持心跳时间间隔
# HEARTBEAT_INTERVAL = 5
# Admin的名字,出问题会提示给用户
# ADMINS = ''
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE = {
"TYPE": "server"
}
config = Config()
(py3) [root@dawn-jump-2 /opt/coco]#