一、jumpserver（1.4.8版本）部署文档

1.部署前配置好yum源以及docker源（此步骤省略）

2.安装依赖包以及数据库相关依赖包

yum -y install wget gcc epel-release git redis mariadb mariadb-devel mariadb-server MariaDB-shared

3.开启数据库并且设置开机自启

systemctl enable redis && systemctl start redis

systemctl enable mariadb && systemctl start mariadb

4.创建数据库 Jumpserver 并授权（DB_PASSWORD为数据库密码，可自行设定）

mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'HT706'; flush privileges;"

5.安装 Nginx设置开机自启, 用作代理服务器整合 Jumpserver 与各个组件；这里只做安装启动，后续部署组件

yum -y install nginx && systemctl start nginx && systemctl enable nginx

6.安装 Python3.6

1)yum -y install python36 python36-devel

2)进入python环境

cd /opt/

python3.6 -m venv py3 #为虚拟环境定义名称，随意

source /opt/py3/bin/activate #进入虚拟环境

***以下步骤均在python环境操作***

7.下载 Jumpserver（我提前下载好的；可以去github下载）

cd /opt/ && git clone https://github.com/jumpserver/jumpserver.git #下载目录可自行定义

cd /opt/jumpserver && git checkout 1.4.8 #部署1.4.8版本，因此需要切换分支

8.安装所需依赖包

yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)

9.安装 Python 库依赖

pip install --upgrade pip setuptools

pip install -r /opt/jumpserver/requirements/requirements.txt

如报错可能网络延迟可重复执行或手动安装缺少的依赖（pip install ）

10.修改jumpserver配置文件

1)生成SECRET_KEY与BOOTSTRAP_TOKEN密钥

SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # 生成随机SECRET_KEY

BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` #生成随机BOOTSTRAP_TOKEN

echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

2）修改配置文件

vim /opt/jumpserver/config.yaml

4 SECRET_KEY: 与生成密钥一致

8 BOOTSTRAP_TOKEN: 与生成密钥一致

12 DEBUG: false

16 LOG_LEVEL: ERROR

22 SESSION_EXPIRE_AT_BROWSER_CLOSE: true

35 DB_ENGINE: mysql

36 DB_HOST: 127.0.0.1

37 DB_PORT: 3306

38 DB_USER: jumpserver

39 DB_PASSWORD: HT706

40 DB_NAME: jumpserver

50 REDIS_HOST: 127.0.0.1

51 REDIS_PORT: 6379

11.运行jumpserver服务

cd /opt/jumpserver

./jms start -d

12.安装docker；部署coco与guacamole组件

1）安装依赖包

yum install -y yum-utils device-mapper-persistent-data lvm2 docker-ce

systemctl enable docker && systemctl start docker #设置开机自启

2）coco与guacamole组件下载；自行docker pull拉取；提前配置好docker源，这里不做详细说明

3）提取服务器IP地址

Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`

echo Server_IP=$Server_IP >> ~/.bashrc #保存

4)docker运行coco与guacamole组件

coco组件运行（BOOTSTRAP_TOKEN必须与jumpserver的config.yaml里的BOOTSTRAP_TOKEN一致）

docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.8

guacamole同理运行

docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.8

13.安装 Web Terminal 前端: Luna。直接解压不需要编译；

cd /opt/ && wget https://github.com/jumpserver/luna/releases/download/1.4.8/luna.tar.gz

tar xf luna.tar.gz

chown -R root.root luna

14.修改nginx配置文件

vim /etc/nginx/nginx.conf

...

server {

listen 80;

client_max_body_size 100m; # 录像及文件上传大小限制

location /luna/ {

try_files $uri / /index.html;

alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改

}

location /media/ {

add_header Content-Encoding gzip;

root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改

}

location /static/ {

root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改

}

location /socket.io/ {

proxy_pass http://localhost:5000/socket.io/;

proxy_buffering off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location /coco/ {

proxy_pass http://localhost:5000/coco/;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location /guacamole/ {

proxy_pass http://localhost:8081/;

proxy_buffering off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $http_connection;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location / {

proxy_pass http://localhost:8080;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

jumpserver堡垒机搭建

jumpserver堡垒机搭建

一、jumpserver（1.4.8版本）部署文档

1.部署前配置好yum源以及docker源（此步骤省略）

2.安装依赖包以及数据库相关依赖包

3.开启数据库并且设置开机自启

4.创建数据库 Jumpserver 并授权（DB_PASSWORD为数据库密码，可自行设定）

5.安装 Nginx设置开机自启, 用作代理服务器整合 Jumpserver 与各个组件；这里只做安装启动，后续部署组件