jumpserver环境搭建
介绍
搭建
环境
-
Centos7
-
mysql
-
redis
-
yum
-
python
CentOs7
使用桥接方式配置虚拟机网络
服务器配置:
- 配置文件修改
[root@jumpserver-test ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=dhcp #改为static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=2a11b8f4-0022-4a54-b228-0e4c8e1156e7 #可使用uuidgen 命令重新获取后覆盖
DEVICE=eno16777736
ONBOOT=no #改为yes
IPADDR=192.168.2.200 #增加项,与当前主机使用ip保持同一网段
NETMASK=255.255.255.0 #增加项,子网掩码
GETWAY=192.168.2.1 #增加项,网关
DNS1=192.168.2.1 #增加项,与主机网络适配器保持一致,没有就写网关地址
[root@jumpserver-test ~]# vim /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes #增加项
GATEWAY=192.168.2.1 #增加项,与网关一致
[root@jumpserver-test ~]# vim /etc/resolv.conf
nameserver 192.168.2.1 #增加项,与网关一致
#重启网卡
[root@jumpserver-test ~]# service network restart
#查看网络地址
[root@jumpserver-test ~]# ipp a
#可与本机进行互ping,或ping www.baidu.com
-
关闭防火墙
[root@jumpserver-test2 yum.repos.d]# iptables -F
[root@jumpserver-test2 yum.repos.d]# systemctl disable firewalld
[root@jumpserver-test2 yum.repos.d]# systemctl stop firewalld
#查看状态
[root@jumpserver-test2 yum.repos.d]# systemctl status firewalld
#更改配置文件修改防火墙
[root@jumpserver-test2 yum.repos.d]# vi /etc/selinux/config
SELINUX=disabled #更改状态为disabled
-
配置yum源
[root@jumpserver-test2 ~]# cd /etc/yum.repos.d/
#安装wget命令
[root@jumpserver-test2 yum.repos.d]# yum install -y wget
#备份原文件
[root@jumpserver-test2 /]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
[root@jumpserver-test2 /]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@jumpserver-test2 /]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#清空yum缓存,重新生成yum缓存
[root@jumpserver-test2 /]# yum cleann all
[root@jumpserver-test2 /]# yum makecache
- 安装系统所需的软件
#yum安装
#系统初始化需要的软件
[root@jumpserver-test2 /]# yum install -y bash-completion vim lrzsz expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel gcc
#jumpserver运行环境需要软件
[root@jumpserver-test2 /]# yum install -y git python-pip gcc automake autoconf pytho-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel
- 修改系统字符集
[root@jumpserver-test2 /]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@jumpserver-test2 /]# export LC_ALL=zh_CN.UTF-8
#修改字符集命令,写入配置文件
[root@jumpserver-test2 /]# echo 'LANG="zh_CN.UTF-8"'> /etc/locale.conf
#查看系统字符集
[root@jumpserver-test2 /]# locale
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=zh_CN.UTF-8
mysql
#新建mysl文件夹
[root@jumpserver-test2 data]# mkdir /data/mysql
# 获取mysql 安装包
[root@jumpserver-test2 mysql]# wget https://cdn.mysql.com/Downloads/MySQL-5.7/MySQL-5.7.49-1.el7.x86_64.rpm-bundle.tar
#https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
#解压缩
[root@jumpserver-test2 mysql]# tar -xf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
[root@jumpserver-test2 mysql]# mkdir mysql_rpm
[root@jumpserver-test2 mysql]# mv ./*.rpm mysql_rpm/
#yum localinstall 安装
[root@jumpserver-test2 mysql_rpm]# yum localinstall ./*
#卸载命令
#rpm -qa | grep -i mysql
#yum remove -y mysql-community-server-5.6.36-2.el7.x86_64
#yum remove -y mysql-community-server-5.7.26-1.el7.x86_64 mysql-community-test-5.7.26-1.el7.x86_64 mysql-community-common-5.7.26-1.el7.x86_64 mysql-community-client-5.7.26-1.el7.x86_64 mysql-community-devel-5.7.26-1.el7.x86_64 mysql-community-embedded-devel-5.7.26-1.el7.x86_64 mysql-community-libs-compat-5.7.26-1.el7.x86_64 mysql-community-libs-5.7.26-1.el7.x86_64 mysql-community-embedded-5.7.26-1.el7.x86_64 mysql-community-embedded-compat-5.7.26-1.el7.x86_64
#安装完毕,检查mysql配置文件,做如下修改
[root@jumpserver-test2 mysql_rpm]# vi /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log #修改mariadb为mysql
pid-file=/var/run/mariadb/mariadb.pid #修改mariadb为mysql
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
#启动mysql服务端
[root@jumpserver-test2 mysql_rpm]# systemctl start mysql
#初始化mysql,mysql安装后默认生成密码
[root@jumpserver-test2 mysql_rpm]# cat ~/.mysql_secret
#修改密码
[root@jumpserver-test2 mysql_rpm]# mysqladmin -uroot -po3ObQ0qUPOkVd6rN password 111111
#该方式会在history记录中展示密码,可进入mysql客户端后对密码进行更改
mysql>update mysql.user set password=password('111111') where user='root';
#创建jumpserver需要的用户信息
#创建数据库
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';
Query OK, 1 row affected (0.00 sec)
#创建用户+密码
mysql> create user 'jumpserver'@'%' IDENTIFIED BY '111111';
Query OK, 0 rows affected (0.00 sec)
#数据库访问权限授予
mysql> grant all privileges on jumpserver .* to 'jumpserver'@'%' identified by '111111';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
#新建mysl文件夹
[root@jumpserver-test2 data]# mkdir /data/mysql
# 获取mysql 安装包
[root@jumpserver-test2 mysql]# wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
#解压缩
[root@jumpserver-test2 mysql]# tar -xf MySQL-5.7.26.el7.x86_64.rpm-bundle.tar
[root@jumpserver-test2 mysql]# mkdir mysql_rpm
[root@jumpserver-test2 mysql]# mv ./*.rpm mysql_rpm/
#yum localinstall 安装
[root@jumpserver-test2 mysql_rpm]# yum localinstall ./*
#卸载命令
#rpm -qa | grep -i mysql
#yum remove -y mysql-community-server-5.7.26.el7.x86_64
#yum remove -y mysql-community-server-5.7.26-1.el7.x86_64 mysql-community-test-5.7.26-1.el7.x86_64 mysql-community-common-5.7.26-1.el7.x86_64 mysql-community-client-5.7.26-1.el7.x86_64 mysql-community-devel-5.7.26-1.el7.x86_64 mysql-community-embedded-devel-5.7.26-1.el7.x86_64 mysql-community-libs-compat-5.7.26-1.el7.x86_64 mysql-community-libs-5.7.26-1.el7.x86_64 mysql-community-embedded-5.7.26-1.el7.x86_64 mysql-community-embedded-compat-5.7.26-1.el7.x86_64
#注:所有信息必须完全删除,否则会导致新服务无法正常启动
#安装完毕,检查mysql配置文件,做如下修改
[root@jumpserver-test2 mysql_rpm]# vi /etc/my.cnf
[mysqld]
validate-password=OFF //在[mysqld]模块内添加,将validate_password插件关闭
#启动mysql服务端
[root@jumpserver-test2 mysql_rpm]# systemctl start mysqld
#初始化mysql,mysql安装后默认生成密码
[root@jumpserver-test2 mysql_rpm]# grep "password" /var/log/mysqld.log
#修改密码
mysql>alter user 'root'@'%' identified by '111111';
#创建jumpserver需要的用户信息
#创建数据库
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';
Query OK, 1 row affected (0.00 sec)
#创建用户+密码
mysql> create user 'jumpserver'@'%' IDENTIFIED BY '111111';
Query OK, 0 rows affected (0.00 sec)
#数据库访问权限授予
mysql> grant all privileges on jumpserver .* to 'jumpserver'@'%' identified by '111111';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
python环境
#解释器下载
[root@jumpserver-test2 data]#cd /data/pdir && \
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz
#解压缩
[root@jumpserver-test2 pdir]# tar -zxf Python-3.6.10.tgz
[root@jumpserver-test2 pdir]#cd Python-3.6.10
[root@jumpserver-test2 pdir]#./configure --prefix=/data/pdir/python3.6.10
[root@jumpserver-test2 Python-3.6.10]# make && make install
#环境变量设置
[root@jumpserver-test2 bin]# vim /etc/profile
#--profile指定的python路径
PATH="/data/pdir/python3.6.10/bin:$PATH"
#创建python3虚拟环境
#更改pip源地址,默认pip源下载很慢
[root@jumpserver-test2 bin]# mkdir ~/.pip
[root@jumpserver-test2 bin]# touch ~/.pip/pip.conf
[root@jumpserver-test2 bin]# vim ~/.pip/pip.conf
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
#下载安装虚拟环境工具
[root@jumpserver-test2 bin]# pip3 install virtualenv
#使用虚拟环境工具创建新的python3解释器
[root@jumpserver-test2 pdir]# virtualenv --python=python3 p_env
#本体是/data/pdir/python3.6.10/bin/python3
#虚拟解释器路径是/data/pdir/p_env/bin/python3
#激活虚拟环境
[root@jumpserver-test2 pdir]# source /data/pdir/p_env/bin/activate
#此时默认修改了环境变量,且虚拟环境目录下路径处于本地解释器路径之前
(p_env) [root@jumpserver-test2 pdir]# echo $PATH
/data/pdir/p_env/bin:/data/pdir/python3.6.10/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#退出后环境环境变量恢复
(p_env) [root@jumpserver-test2 pdir]# deactivate
Redis
redis安装方式:
- rpm包安装,需要解决依赖问题
- yum安装,自动解决依赖问题
- 源代码编译安装
#yum 安装
[root@jumpserver-test2 pdir]# yum install -y redis
#启动
[root@jumpserver-test2 pdir]# systemctl start redis
#查看端口占用
[root@jumpserver-test2 pdir]# netstat -nultp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 52211/redis-server
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1316/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3302/master
tcp6 0 0 :::3306 :::* LISTEN 11569/mysqld
tcp6 0 0 :::22 :::* LISTEN 1316/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3302/master
#启动redis客户端
[root@jumpserver-test2 pdir]# redis-cli
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> set a 1
OK
jumpserver部署
#获取jumpserver代码
[root@jumpserver-test2 data]# wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz
#解压缩源码,安装系统所以来的功能组件
[root@jumpserver-test2 pdir]# tar -zxf jumpserver-v2.1.0.tar.gz
#设置软链接
[root@jumpserver-test2 pdir]# ln -s jumpserver-v2.1.0 jumpserver
#安装运行需要的依赖,需要先激活虚拟环境
[root@jumpserver-test2 jumpserver]# source /data/pdir/p_env/bin/activate
#安装
(p_env) [root@jumpserver-test2 jumpserver]# pip3 install -r /data/pdir/jumpserver/requirements/requirements.txt
#配置文件备份修改
#备份
(p_env) [root@jumpserver-test2 jumpserver]# cp config_example.yml config.yml
#查看,排除无必要的信息
(p_env) [root@jumpserver-test2 jumpserver]# grep -Ev '^#|^$' config.yml
SECRET_KEY:
BOOTSTRAP_TOKEN:
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD:
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
#修改
#生成SECRET_KEY和BOOTSTRAP_TOKEN
(p_env) [root@jumpserver-test2 jumpserver]# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
NVL1RO2peOxkpCeY6owkLyOyHtD1Wluly3C7l07yUClW8UsklS
(p_env) [root@jumpserver-test2 jumpserver]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
yPLumD5bW9wGSr13
数据库迁移
jumpserver是使用python的web框架django进行开发的,必须先进行数据库迁移,生成对应库表信息后,才能运行程序
#运行 manage.py文件
(p_env) [root@jumpserver-test2 jumpserver]# cd apps/
#运行,生成数据库表
(p_env) [root@jumpserver-test2 apps]# python3 /data/pdir/jumpserver/apps/manage.py makemigrations
#备注:如果mysql密码为纯数字,数字必须要加上'',不然会报 TypeError: connect() argument 3 must be str, not int
Migrations for 'tickets':
apps/tickets/migrations/0002_auto_20230305_2125.py
- Alter field type on ticket
(p_env) [root@jumpserver-test2 jumpserver]# python3 /data/pdir/jumpserver/apps/manage.py migrate
#注意:jumpserver高版本进行数据迁移要求mysql版>=5.7,否则会报错
启动服务 jms
#后台运行jms服务,jms为jumpserver封装的启动文件
(p_env) [root@jumpserver-test2 jumpserver]# /data/pdir/jumpserver/jms start -d
2023-03-05 21:29:56 Sun Mar 5 21:29:56 2023
2023-03-05 21:29:56 Jumpserver version v2.1.0, more see https://www.jumpserver.org
- Start Gunicorn WSGI HTTP Server
2023-03-05 21:29:56 Check database connection ...
users
[X] 0001_initial
[X] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
[X] 0020_auto_20190612_1825
[X] 0021_auto_20190625_1104
[X] 0022_auto_20190625_1105
[X] 0023_auto_20190724_1525
[X] 0024_auto_20191118_1612
[X] 0025_auto_20200206_1216
[X] 0026_auto_20200508_2105
[X] 0027_auto_20200616_1503
2023-03-05 21:30:00 Database connect success
2023-03-05 21:30:00 Check database structure change ...
2023-03-05 21:30:00 Migrate model change to database ...
Operations to perform:
Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
No migrations to apply.
2023-03-05 21:30:05 Collect static files
2023-03-05 21:30:08 Collect static files done
- Start Celery as Distributed Task Queue: Ansible
- Start Celery as Distributed Task Queue: Celery
- Start Beat as Periodic Task Scheduler
- Start Flower as Task Monitor
- Start Daphne ASGI WS Server
gunicorn is running: 55159
celery_ansible is running: 55170
celery_default is running: 55174
beat is running: 55178
flower is running: 55187
daphne is running: 55193
#此时证明服务正常启动
#可通过命令查看端口占用
(p_env) [root@jumpserver-test2 jumpserver]# netstat -nultp
#http://192.168.2.201:8080/
koko组件安装
koko 是使用golang语言进行开发的一个组件,相对比pytho开发的,性能、系统资源利用率更高
(p_env) [root@jumpserver-test2 pdir]# wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz
(p_env) [root@jumpserver-test2 pdir]# tar -zxf koko-v2.1.0-linux-amd64\ \(1\).tar.gz
(p_env) [root@jumpserver-test2 pdir]# ln -s koko-v2.1.0-linux-amd64/ koko
(p_env) [root@jumpserver-test2 pdir]# cd koko
(p_env) [root@jumpserver-test2 koko]# cp config_example.yml config.yml
(p_env) [root@jumpserver-test2 koko]# vim config.yml
# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://127.0.0.1:8080
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN #改为jumpserver对应数据
# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: INFO #打开日志
# Redis配置
REDIS_HOST: 127.0.0.1 #打开redis配置
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:
#启动程序
(p_env) [root@jumpserver-test2 koko]# /data/pdir/koko/koko -d
(p_env) [root@jumpserver-test2 koko]# ps -ef | grep koko
#保证BOOTSTRAP_TOKEN 值的一致,否则keko启动失败, {"detail":"身份认证信息未提供。"}
(p_env) [root@jumpserver-test2 koko]# cat data/logs/koko.log
2023-03-06 00:41:04 [ERRO] POST http://127.0.0.1:8080/api/v2/terminal/terminal-registrations/ failed, get code: 401, {"detail":"身份认证信息未提供。"} #此时BOOTSTRAP_TOKEN值未获取,启动失败
2023-03-06 00:41:04 [ERRO] register access key failed
2023-03-06 00:46:39 [INFO] Exchange share room type: local
2023-03-06 00:46:40 [INFO] Start SSH server at 0.0.0.0:2222
2023-03-06 00:46:40 [INFO] Start HTTP server at 0.0.0.0:5000
Guacomole
#下载源码
https://guacamole.apache.org/releases/1.2.0/
#解压缩
(p_env) [root@jumpserver-test2 pdir]# tar -zxf guacamole-server-1.2.0.tar.gz
#安装依赖的软件包
#参照文档https://guacamole.apache.org/doc/gug/installing-guacamole.html
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# yum install -y cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel
#可选择安装的软件包
yum install -y freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
#安装ffmpeg工具
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# sudo yum install epel-release -y #之前已安装
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# yum install ffmpeg ffmpeg-devel -y
#查看ffmpeg安装结果
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# ffmpeg -version
#编译安装
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# ./configure --with-init-dir=/etc/init.d
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# make && make install
#部署java开发环境
(p_env) [root@jumpserver-test2 data]# yum install -y java-1.8.0-openjdk
#创建运行文件夹
(p_env) [root@jumpserver-test2 /]# mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && \
chown daemon:daemon /config/guacamole/record /config/guacamole/drive
#下载tomcat
(p_env) [root@jumpserver-test2 pdir]# wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.72/bin/apache-tomcat-9.0.72.tar.gz
(p_env) [root@jumpserver-test2 pdir]# tar -zxf apache-tomcat-9.0.72.tar.gz
(p_env) [root@jumpserver-test2 pdir]# mv apache-tomcat-9.0.72 tomcat
(p_env) [root@jumpserver-test2 pdir]# rm -rf tomcat/webapps/*
#https://archive.apache.org/dist/guacamole/1.3.0/binary/guacamole-1.3.0.war
(p_env) [root@jumpserver-test2 pdir]# ln -sf guacamole-1.2.0.war /data/pdir/tomcat/webapps/
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# cd /config/guacamole/
(p_env) [root@jumpserver-test2 guacamole]# touch guacamole.properties
(p_env) [root@jumpserver-test2 guacamole]# vim guacamole.properties
# 配置用户映射文件
basic-user-mapping: /opt/software/config/guacamole/user-mapping.xml
(p_env) [root@jumpserver-test2 guacamole]# touch user-mapping.xml
(p_env) [root@jumpserver-test2 guacamole]# vim user-mapping.xml
<user-mapping>
<!-- Per-user authentication and config information -->
<authorize username="USERNAME" password="PASSWORD">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</authorize>
<!-- Another user, but using md5 to hash the password
(example below uses the md5 hash of "PASSWORD") -->
<authorize
username="USERNAME2"
password="319f4d26e3c536b5dd871bb2c52e3178"
encoding="md5">
<!-- First authorized connection -->
<connection name="localhost">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">VNCPASS</param>
</connection>
<!-- Second authorized connection -->
<connection name="otherhost">
<protocol>vnc</protocol>
<param name="hostname">otherhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
<authorize username="admin" password="123456">
<!-- First authorized connection -->
<connection name="connection1">
<protocol>ssh</protocol>
<param name="hostname">127.0.0.1</param>
<param name="port">22</param>
<param name="username">root</param>
<param name="password">123456</param>
</connection>
<!-- Second authorized connection -->
<connection name="connection2">
<protocol>vnc</protocol>
<param name="hostname">192.168.0.1</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
</user-mapping>
#设置guacamole运行环境变量
#export JUMPSERVER_SERVER=http://127.0.0.1:8080
#echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
#export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13
#echo "export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13" >> ~/.bashrc
#export JUMPSERVER_KEY_DIR=/config/guacamole/keys
#echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
#export GUACAMOLE_HOME=/config/guacamole
#echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
#export GUCAMOLE_LOG_LEVEL=ERROR
#echo "export GUCAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
#export JUMPSERVER_ENABLE_DRIVE=true
#echo "JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export JUMPSERVER_SERVER=http://127.0.0.1:8080
(p_env) [root@jumpserver-test2 guacamole]# echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13
(p_env) [root@jumpserver-test2 guacamole]# echo "export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export JUMPSERVER_KEY_DIR=/config/guacamole/keys
(p_env) [root@jumpserver-test2 guacamole]# echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export GUACAMOLE_HOME=/config/guacamole
(p_env) [root@jumpserver-test2 guacamole]# echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export GUCAMOLE_LOG_LEVEL=ERROR
(p_env) [root@jumpserver-test2 guacamole]# echo "export GUCAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export JUMPSERVER_ENABLE_DRIVE=true
(p_env) [root@jumpserver-test2 guacamole]# echo "JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# /etc/init.d/guacd start
(p_env) [root@jumpserver-test2 pdir]# sh tomcat/bin/startup.sh
lina组件
#nginx安装
(p_env) [root@jumpserver-test2 pdir]# yum install -y nginx
#代码下载
(p_env) [root@jumpserver-test2 pdir]# wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz
#解压缩
(p_env) [root@jumpserver-test2 pdir]# tar -zxf lina-v2.1.0.tar.gz
luna组件
#代码下载
(p_env) [root@jumpserver-test2 pdir]# wget https://github.com/jumpserver/luna/releases/download/v2.1.0/luna-v2.1.0.tar.gz
(p_env) [root@jumpserver-test2 pdir]# tar -zxf luna-v2.1.0.tar.gz
(p_env) [root@jumpserver-test2 pdir]# mv luna-v2.1.0 luna
(p_env) [root@jumpserver-test2 pdir]# chown -R root:root luna
nginx
#安装
(p_env) [root@jumpserver-test2 pdir]# yum install -y nginx
#修改配置
(p_env) [root@jumpserver-test2 pdir]# sed -i '38,58d' /etc/nginx/nginx.conf
#加入新的虚拟配置
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /data/pdir/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /data/pdir/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /data/pdir/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /data/pdir/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
#启动nginx
(p_env) [root@jumpserver-test2 pdir]# nginx -t
(p_env) [root@jumpserver-test2 pdir]# nginx
#访问http://ip
[复制链接]
发表于 2023-3-6 17:04
|
发表于 2023-3-6 17:59
