• 安装jumpserver 2.1.2版本遇到的坑


    官方文档地址:https://docs.jumpserver.org/zh/master/install/step_by_step/

    Jumpserver 对外需要开放 80 和 2222 端口,如果你配置了 ssl 还需要开放 443 端口, 8080 端口开放给 koko 和 guacamole 组件访问
    安全组放行端口:80,443,2222

    1. 安装依赖报错的坑
      在文档中的5. 安装编译环境依赖这一步,安装依赖时有可能会报错,有些依赖包安装不了
      解决办法:yum -y install python36-devel

    因为当初在安装python3环境的时候,使用的是如下的安装方式:yum -y install python36,安装的是3.6.8的版本。

    为了避免出现安装依赖报错的问题,可以直接这样做:

    yum -y install python36 python36-devel
    
    1. 使用docker方式安装KoKo 组件和Guacamole 组件,在web界面里的会话管理-终端管理中不显示的问题
      这是因为在config.yml文件中配置的监听地址HTTP_BIND_HOST是127.0.0.1,同时呢,使用docker安装这俩组件时配置的CORE_HOST地址也是127.0.0.1,才导致这俩组件无法注册的

    解决办法:
    1.先停止jms,然后修改config.yml文件中配置的监听地址HTTP_BIND_HOST填写0.0.0.0 (或者填写私网ip),然后再启动 (地址绝不能是127.0.0.1)
    2.在docker管理中停止并删除这俩组件,然后修改docker安装这俩组件时配置的CORE_HOST地址填写公网IP或私网IP,然后再启动 (地址绝不能是127.0.0.1)

    地址对应关系如下

    1. nginx代理访问

    注意:使用的端口号根据自己的实际情况来定

    vim /etc/nginx/conf.d/jumpserver.conf

    server {
        listen 80;
        server_name demo.jumpserver.org;  # 自行修改成你的域名
        client_max_body_size 100m;  # 录像及文件上传大小限制
    
        location /ui/ {
            try_files $uri / /index.html;
            alias /opt/lina/;
        }
    
        location /luna/ {
            try_files $uri / /index.html;
            alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
        }
    
        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
        }
    
        location /static/ {
            root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
        }
    
        location /koko/ {
            proxy_pass       http://localhost:5000;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /guacamole/ {
            proxy_pass       http://localhost:8081/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /ws/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8070;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    
        location /api/ {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    
        location /core/ {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    
        location / {
            rewrite ^/(.*)$ /ui/$1 last;
        }
    }
    
    

    nginx ssl访问

    server {
        listen 80;
        server_name demo.jumpserver.org;  # 自行修改成你的域名
        return 301 https://$server_name$request_uri;
    }
    
    server {
        listen 443 ssl;
        server_name demo.jumpserver.org;  # 自行修改成你的域名
        ssl_certificate   /etc/nginx/sslkey/1_jumpserver.org_bundle.crt;  # 自行设置证书
        ssl_certificate_key  /etc/nginx/sslkey/2_jumpserver.org.key;  # 自行设置证书
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  # 自行替换成你证书支持的加密套件
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  # 支持的协议
        ssl_prefer_server_ciphers on;
    
        client_max_body_size 100m;  # 录像及文件上传大小限制
    
        location /ui/ {
            try_files $uri / /index.html;
            alias /opt/lina/;
        }
    
        location /luna/ {
            try_files $uri / /index.html;
            alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
        }
    
        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
        }
    
        location /static/ {
            root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
        }
    
        location /koko/ {
            proxy_pass       http://localhost:5000;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /guacamole/ {
            proxy_pass       http://localhost:8081/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /ws/ {
            proxy_pass http://localhost:8070;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /api/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8080;
        }
        location /core/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8080;
        }
        location / {
            rewrite ^/(.*)$ /ui/$1 last;
        }
    }
    
    
  • 相关阅读:
    linux中公钥和私钥的区别以及关系
    PAM
    57 容器(十一)——Collections容器工具类
    56 容器(十)——Iterator迭代器遍历容器
    55 重载需要注意的地方
    54 容器(九)——HashSet
    53 容器(八)——TreeMap 红黑树
    52 权限修饰符
    51 方法重写需要注意的地方
    50 多态,为什么总是要用父类引用指向子类对象?
  • 原文地址:https://www.cnblogs.com/sanduzxcvbnm/p/13535715.html
Copyright © 2020-2023  润新知