jumpserver安装部署学习
花了三天,把jumpserver2版本整个部署了一遍,中间也出现了很多问题,幸好都自己解决了,感兴趣的可以看下,jumpserver还是比较好用的,具体的包我就不提供了,压缩包太大了{:301_972:} ,链接都在文档中# jumpserver环境搭建
## 介绍
## 搭建
### 环境
- Centos7
- 2cpu
- 4g内存
- 50g存储
- mysql
- 版本>=5.6
- redis
- yum
- 替换阿里云yum源
- python
- python2
- python3
### CentOs7
使用桥接方式配置虚拟机网络
服务器配置:
-
1. 配置文件修改
```shell
# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=dhcp #改为static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=2a11b8f4-0022-4a54-b228-0e4c8e1156e7 #可使用uuidgen 命令重新获取后覆盖
DEVICE=eno16777736
ONBOOT=no #改为yes
IPADDR=192.168.2.200 #增加项,与当前主机使用ip保持同一网段
NETMASK=255.255.255.0 #增加项,子网掩码
GETWAY=192.168.2.1 #增加项,网关
DNS1=192.168.2.1 #增加项,与主机网络适配器保持一致,没有就写网关地址
# vim /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes #增加项
GATEWAY=192.168.2.1 #增加项,与网关一致
# vim /etc/resolv.conf
nameserver 192.168.2.1 #增加项,与网关一致
#重启网卡
# service network restart
#查看网络地址
# ipp a
#可与本机进行互ping,或ping www.baidu.com
```
2. 关闭防火墙
```shell
# iptables -F
# systemctl disable firewalld
# systemctl stop firewalld
#查看状态
# systemctl status firewalld
#更改配置文件修改防火墙
# vi /etc/selinux/config
SELINUX=disabled #更改状态为disabled
```
3. 配置yum源
```shell
# cd /etc/yum.repos.d/
#安装wget命令
# yum install -y wget
#备份原文件
# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#清空yum缓存,重新生成yum缓存
# yum cleann all
# yum makecache
```
4. 安装系统所需的软件
```shell
#yum安装
#系统初始化需要的软件
# yum install -y bash-completion vim lrzsz expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel gcc
#jumpserver运行环境需要软件
# yum install -y git python-pip gcc automake autoconf pytho-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel
```
5. 修改系统字符集
```shell
# localedef -c -f UTF-8 -i zh_CNzh_CN.UTF-8
# export LC_ALL=zh_CN.UTF-8
#修改字符集命令,写入配置文件
# echo 'LANG="zh_CN.UTF-8"'> /etc/locale.conf
#查看系统字符集
# locale
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=zh_CN.UTF-8
```
### mysql
- 5.6
```shell
#新建mysl文件夹
# mkdir /data/mysql
# 获取mysql 安装包
# wget https://cdn.mysql.com/Downloads/MySQL-5.7/MySQL-5.7.49-1.el7.x86_64.rpm-bundle.tar
#https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
#解压缩
# tar -xf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
# mkdir mysql_rpm
# mv ./*.rpm mysql_rpm/
#yum localinstall 安装
# yum localinstall ./*
#卸载命令
#rpm -qa | grep -i mysql
#yum remove -y mysql-community-server-5.6.36-2.el7.x86_64
#yum remove -y mysql-community-server-5.7.26-1.el7.x86_64 mysql-community-test-5.7.26-1.el7.x86_64 mysql-community-common-5.7.26-1.el7.x86_64 mysql-community-client-5.7.26-1.el7.x86_64 mysql-community-devel-5.7.26-1.el7.x86_64 mysql-community-embedded-devel-5.7.26-1.el7.x86_64 mysql-community-libs-compat-5.7.26-1.el7.x86_64 mysql-community-libs-5.7.26-1.el7.x86_64 mysql-community-embedded-5.7.26-1.el7.x86_64 mysql-community-embedded-compat-5.7.26-1.el7.x86_64
#安装完毕,检查mysql配置文件,做如下修改
# vi /etc/my.cnf
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
log-error=/var/log/mariadb/mariadb.log #修改mariadb为mysql
pid-file=/var/run/mariadb/mariadb.pid#修改mariadb为mysql
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
#启动mysql服务端
# systemctl start mysql
#初始化mysql,mysql安装后默认生成密码
# cat ~/.mysql_secret
#修改密码
# mysqladmin -uroot -po3ObQ0qUPOkVd6rN password 111111
#该方式会在history记录中展示密码,可进入mysql客户端后对密码进行更改
mysql>update mysql.user set password=password('111111') where user='root';
#创建jumpserver需要的用户信息
#创建数据库
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';
Query OK, 1 row affected (0.00 sec)
#创建用户+密码
mysql> create user 'jumpserver'@'%' IDENTIFIED BY '111111';
Query OK, 0 rows affected (0.00 sec)
#数据库访问权限授予
mysql> grant all privileges on jumpserver .* to 'jumpserver'@'%' identified by '111111';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
- 5.7
```shell
#新建mysl文件夹
# mkdir /data/mysql
# 获取mysql 安装包
# wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
#解压缩
# tar -xf MySQL-5.7.26.el7.x86_64.rpm-bundle.tar
# mkdir mysql_rpm
# mv ./*.rpm mysql_rpm/
#yum localinstall 安装
# yum localinstall ./*
#卸载命令
#rpm -qa | grep -i mysql
#yum remove -y mysql-community-server-5.7.26.el7.x86_64
#yum remove -y mysql-community-server-5.7.26-1.el7.x86_64 mysql-community-test-5.7.26-1.el7.x86_64 mysql-community-common-5.7.26-1.el7.x86_64 mysql-community-client-5.7.26-1.el7.x86_64 mysql-community-devel-5.7.26-1.el7.x86_64 mysql-community-embedded-devel-5.7.26-1.el7.x86_64 mysql-community-libs-compat-5.7.26-1.el7.x86_64 mysql-community-libs-5.7.26-1.el7.x86_64 mysql-community-embedded-5.7.26-1.el7.x86_64 mysql-community-embedded-compat-5.7.26-1.el7.x86_64
#注:所有信息必须完全删除,否则会导致新服务无法正常启动
#安装完毕,检查mysql配置文件,做如下修改
# vi /etc/my.cnf
validate-password=OFF //在模块内添加,将validate_password插件关闭
#启动mysql服务端
# systemctl start mysqld
#初始化mysql,mysql安装后默认生成密码
# grep "password" /var/log/mysqld.log
#修改密码
mysql>alter user 'root'@'%' identified by '111111';
#创建jumpserver需要的用户信息
#创建数据库
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';
Query OK, 1 row affected (0.00 sec)
#创建用户+密码
mysql> create user 'jumpserver'@'%' IDENTIFIED BY '111111';
Query OK, 0 rows affected (0.00 sec)
#数据库访问权限授予
mysql> grant all privileges on jumpserver .* to 'jumpserver'@'%' identified by '111111';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
```
### python环境
```shell
#解释器下载
#cd /data/pdir && \
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz
#解压缩
# tar -zxf Python-3.6.10.tgz
#cd Python-3.6.10
#./configure --prefix=/data/pdir/python3.6.10
# make && make install
#环境变量设置
# vim /etc/profile
#--profile指定的python路径
PATH="/data/pdir/python3.6.10/bin:$PATH"
#创建python3虚拟环境
#更改pip源地址,默认pip源下载很慢
# mkdir ~/.pip
# touch ~/.pip/pip.conf
# vim ~/.pip/pip.conf
index-url = https://mirrors.aliyun.com/pypi/simple/
#下载安装虚拟环境工具
# pip3 install virtualenv
#使用虚拟环境工具创建新的python3解释器
# virtualenv --python=python3 p_env
#本体是/data/pdir/python3.6.10/bin/python3
#虚拟解释器路径是/data/pdir/p_env/bin/python3
#激活虚拟环境
# source /data/pdir/p_env/bin/activate
#此时默认修改了环境变量,且虚拟环境目录下路径处于本地解释器路径之前
(p_env) # echo $PATH
/data/pdir/p_env/bin:/data/pdir/python3.6.10/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#退出后环境环境变量恢复
(p_env) # deactivate
```
### Redis
redis安装方式:
- rpm包安装,需要解决依赖问题
- yum安装,自动解决依赖问题
- 源代码编译安装
```shell
#yum 安装
# yum install -y redis
#启动
# systemctl start redis
#查看端口占用
# netstat -nultp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 52211/redis-server
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1316/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3302/master
tcp6 0 0 :::3306 :::* LISTEN 11569/mysqld
tcp6 0 0 :::22 :::* LISTEN 1316/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3302/master
#启动redis客户端
# redis-cli
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> set a 1
OK
```
### jumpserver部署
```shell
#获取jumpserver代码
# wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz
#解压缩源码,安装系统所以来的功能组件
# tar -zxf jumpserver-v2.1.0.tar.gz
#设置软链接
# ln -s jumpserver-v2.1.0 jumpserver
#安装运行需要的依赖,需要先激活虚拟环境
# source /data/pdir/p_env/bin/activate
#安装
(p_env) # pip3 install -r /data/pdir/jumpserver/requirements/requirements.txt
#配置文件备份修改
#备份
(p_env) # cp config_example.yml config.yml
#查看,排除无必要的信息
(p_env) # grep -Ev '^#|^$' config.yml
SECRET_KEY:
BOOTSTRAP_TOKEN:
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD:
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
#修改
#生成SECRET_KEY和BOOTSTRAP_TOKEN
(p_env) # if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
NVL1RO2peOxkpCeY6owkLyOyHtD1Wluly3C7l07yUClW8UsklS
(p_env) # if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
yPLumD5bW9wGSr13
```
#### 数据库迁移
jumpserver是使用python的web框架django进行开发的,必须先进行数据库迁移,生成对应库表信息后,才能运行程序
```shell
#运行 manage.py文件
(p_env) # cd apps/
#运行,生成数据库表
(p_env) # python3 /data/pdir/jumpserver/apps/manage.py makemigrations
#备注:如果mysql密码为纯数字,数字必须要加上'',不然会报 TypeError: connect() argument 3 must be str, not int
Migrations for 'tickets':
apps/tickets/migrations/0002_auto_20230305_2125.py
- Alter field type on ticket
(p_env) # python3 /data/pdir/jumpserver/apps/manage.py migrate
#注意:jumpserver高版本进行数据迁移要求mysql版>=5.7,否则会报错
```
#### 启动服务 jms
```shell
#后台运行jms服务,jms为jumpserver封装的启动文件
(p_env) # /data/pdir/jumpserver/jms start -d
2023-03-05 21:29:56 Sun Mar5 21:29:56 2023
2023-03-05 21:29:56 Jumpserver version v2.1.0, more see https://www.jumpserver.org
- Start Gunicorn WSGI HTTP Server
2023-03-05 21:29:56 Check database connection ...
users
0001_initial
0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
0020_auto_20190612_1825
0021_auto_20190625_1104
0022_auto_20190625_1105
0023_auto_20190724_1525
0024_auto_20191118_1612
0025_auto_20200206_1216
0026_auto_20200508_2105
0027_auto_20200616_1503
2023-03-05 21:30:00 Database connect success
2023-03-05 21:30:00 Check database structure change ...
2023-03-05 21:30:00 Migrate model change to database ...
Operations to perform:
Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
No migrations to apply.
2023-03-05 21:30:05 Collect static files
2023-03-05 21:30:08 Collect static files done
- Start Celery as Distributed Task Queue: Ansible
- Start Celery as Distributed Task Queue: Celery
- Start Beat as Periodic Task Scheduler
- Start Flower as Task Monitor
- Start Daphne ASGI WS Server
gunicorn is running: 55159
celery_ansible is running: 55170
celery_default is running: 55174
beat is running: 55178
flower is running: 55187
daphne is running: 55193
#此时证明服务正常启动
#可通过命令查看端口占用
(p_env) # netstat -nultp
#http://192.168.2.201:8080/
```
#### koko组件安装
koko 是使用golang语言进行开发的一个组件,相对比pytho开发的,性能、系统资源利用率更高
```shell
(p_env) # wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz
(p_env) # tar -zxf koko-v2.1.0-linux-amd64\ \(1\).tar.gz
(p_env) # ln -s koko-v2.1.0-linux-amd64/ koko
(p_env) # cd koko
(p_env) # cp config_example.yml config.yml
(p_env) # vim config.yml
# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://127.0.0.1:8080
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN #改为jumpserver对应数据
# 设置日志级别
LOG_LEVEL: INFO #打开日志
# Redis配置
REDIS_HOST: 127.0.0.1 #打开redis配置
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:
#启动程序
(p_env) #/data/pdir/koko/koko -d
(p_env) # ps -ef | grep koko
#保证BOOTSTRAP_TOKEN 值的一致,否则keko启动失败, {"detail":"身份认证信息未提供。"}
(p_env) # cat data/logs/koko.log
2023-03-06 00:41:04 POST http://127.0.0.1:8080/api/v2/terminal/terminal-registrations/ failed, get code: 401, {"detail":"身份认证信息未提供。"} #此时BOOTSTRAP_TOKEN值未获取,启动失败
2023-03-06 00:41:04 register access key failed
2023-03-06 00:46:39 Exchange share room type: local
2023-03-06 00:46:40 Start SSH server at 0.0.0.0:2222
2023-03-06 00:46:40 Start HTTP server at 0.0.0.0:5000
```
#### Guacomole
```shell
#下载源码
https://guacamole.apache.org/releases/1.2.0/
#解压缩
(p_env) # tar -zxf guacamole-server-1.2.0.tar.gz
#安装依赖的软件包
#参照文档https://guacamole.apache.org/doc/gug/installing-guacamole.html
(p_env) # yum install -y cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel
#可选择安装的软件包
yum install -y freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
#安装ffmpeg工具
(p_env) # sudo yum install epel-release -y #之前已安装
(p_env) # rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
(p_env) # rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
(p_env) # yum install ffmpeg ffmpeg-devel -y
#查看ffmpeg安装结果
(p_env) # ffmpeg -version
#编译安装
(p_env) # ./configure --with-init-dir=/etc/init.d
(p_env) # make && make install
#部署java开发环境
(p_env) # yum install -y java-1.8.0-openjdk
#创建运行文件夹
(p_env) # mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && \
chown daemon:daemon /config/guacamole/record /config/guacamole/drive
#下载tomcat
(p_env) # wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.72/bin/apache-tomcat-9.0.72.tar.gz
(p_env) # tar -zxf apache-tomcat-9.0.72.tar.gz
(p_env) # mv apache-tomcat-9.0.72 tomcat
(p_env) # rm -rf tomcat/webapps/*
#https://archive.apache.org/dist/guacamole/1.3.0/binary/guacamole-1.3.0.war
(p_env) # ln -sf guacamole-1.2.0.war /data/pdir/tomcat/webapps/
(p_env) # cd /config/guacamole/
(p_env) # touch guacamole.properties
(p_env) # vim guacamole.properties
# 配置用户映射文件
basic-user-mapping: /opt/software/config/guacamole/user-mapping.xml
(p_env) # touch user-mapping.xml
(p_env) # vim user-mapping.xml
<user-mapping>
<!-- Per-user authentication and config information -->
<authorize username="USERNAME" password="PASSWORD">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</authorize>
<!-- Another user, but using md5 to hash the password
(example below uses the md5 hash of "PASSWORD") -->
<authorize
username="USERNAME2"
password="319f4d26e3c536b5dd871bb2c52e3178"
encoding="md5">
<!-- First authorized connection -->
<connection name="localhost">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">VNCPASS</param>
</connection>
<!-- Second authorized connection -->
<connection name="otherhost">
<protocol>vnc</protocol>
<param name="hostname">otherhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
<authorize username="admin" password="123456">
<!-- First authorized connection -->
<connection name="connection1">
<protocol>ssh</protocol>
<param name="hostname">127.0.0.1</param>
<param name="port">22</param>
<param name="username">root</param>
<param name="password">123456</param>
</connection>
<!-- Second authorized connection -->
<connection name="connection2">
<protocol>vnc</protocol>
<param name="hostname">192.168.0.1</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
</user-mapping>
#设置guacamole运行环境变量
#export JUMPSERVER_SERVER=http://127.0.0.1:8080
#echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
#export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13
#echo "export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13" >> ~/.bashrc
#export JUMPSERVER_KEY_DIR=/config/guacamole/keys
#echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
#export GUACAMOLE_HOME=/config/guacamole
#echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
#export GUCAMOLE_LOG_LEVEL=ERROR
#echo "export GUCAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
#export JUMPSERVER_ENABLE_DRIVE=true
#echo "JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
(p_env) # export JUMPSERVER_SERVER=http://127.0.0.1:8080
(p_env) # echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
(p_env) # export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13
(p_env) # echo "export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13" >> ~/.bashrc
(p_env) # export JUMPSERVER_KEY_DIR=/config/guacamole/keys
(p_env) # echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
(p_env) # export GUACAMOLE_HOME=/config/guacamole
(p_env) # echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
(p_env) # export GUCAMOLE_LOG_LEVEL=ERROR
(p_env) # echo "export GUCAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
(p_env) # export JUMPSERVER_ENABLE_DRIVE=true
(p_env) # echo "JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
(p_env) # /etc/init.d/guacd start
(p_env) # sh tomcat/bin/startup.sh
```
#### lina组件
```shell
#nginx安装
(p_env) # yum install -y nginx
#代码下载
(p_env) # wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz
#解压缩
(p_env) # tar -zxf lina-v2.1.0.tar.gz
```
#### luna组件
```shell
#代码下载
(p_env) # wget https://github.com/jumpserver/luna/releases/download/v2.1.0/luna-v2.1.0.tar.gz
(p_env) # tar -zxf luna-v2.1.0.tar.gz
(p_env) # mv luna-v2.1.0 luna
(p_env) # chown -R root:root luna
```
#### nginx
```shell
#安装
(p_env) # yum install -y nginx
#修改配置
(p_env) # sed -i '38,58d' /etc/nginx/nginx.conf
#加入新的虚拟配置
server {
listen 80;
client_max_body_size 100m;# 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /data/pdir/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /data/pdir/luna/;# luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /data/pdir/jumpserver/data/;# 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /data/pdir/jumpserver/data/;# 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
#启动nginx
(p_env) # nginx -t
(p_env) # nginx
#访问http://ip
``` 技术大佬,学习下思路。 感谢分享 上午刚跟他们公司联系了,了解了一下一体机的情况,还是不错的 我在虚拟机上部一个玩,打开Web的没办法跳转,页面显示不全,SSH跟远程桌面的就没问题 抢师太的秃驴 发表于 2023-3-6 17:55
我在虚拟机上部一个玩,打开Web的没办法跳转,页面显示不全,SSH跟远程桌面的就没问题
我这个还行啊,不管是数据库还是服务器都可以连接,你是不是koko组件没装,还是koko挂了,没有这个是不能连接的 感谢大佬,跟着学习下,之前一直直接装,死活不成功,后来用了docker的方式,这个回头再跟着试试,{:1_893:} 难得在52看到这类文章呀 {:1_893:}改天自己装一个试试看,我一直用的懒人模式《Docker》部署的,自己改一下配置文件就可以用了。特方便。但是docker总归不如自己部署来的安心.... kcuye 发表于 2023-3-6 20:22
改天自己装一个试试看,我一直用的懒人模式《Docker》部署的,自己改一下配置文件就可以用了。特 ...
自己玩,docker就够了,企业真用的话要么一体机要么掏钱了,直接厂商给你搞定:lol
页:
[1]
2