搭建jumpserver堡垒机

1、简要概述

Jumpserver是一款开源的堡垒机，可使系统的管理员和开发人员安全的连接到企业内部服务器上执行操作，并且支持大部分操作系统，是一款非常安全的远程连接工具。

2、常见支持的系统：

CentOS, RedHat, Fedora, Amazon LinuxDebianSUSE, UbuntuFreeBSD其他ssh协议硬件设备

3、配置清单

图片3.png

4、安装部署

在跳板机1.252安装 jumpserver
[root@ecs-proxy ~]# echo jumpserver > /etc/hostname
[root@ecs-proxy ~]# hostname jumpserver
[root@jumpserver ~]# cd /jumpserver/
[root@jumpserver jumpserver]# yum install -y docker-ce #没有配置docker的yum源，需要配置
[root@jumpserver jumpserver]# systemctl enable --now docker

[root@jumpserver jumpserver]# tar -xf jumpserver-offline-installer-v2.19.2-amd64-135.tar.gz
[root@jumpserver jumpserver]# mv jumpserver-offline-installer-v2.19.2-amd64-135 /usr/local/jumpserver
[root@jumpserver jumpserver]# cd /usr/local/jumpserver
[root@jumpserver jumpserver]# ./jmsctl.sh install #一路回车

1. 检查配置文件

配置文件位置: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
完成

2. 备份配置文件

备份至 /opt/jumpserver/config/backup/config.txt.2022-08-08_13-39-16
完成
安装配置 Docker

安装 Docker
完成
配置 Docker
是否需要支持 IPv6? (y/n) (默认为 n):
完成
启动 Docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
完成

加载 Docker 镜像
...
完成

安装配置 JumpServer

配置加密密钥
SECRETE_KEY: YjYxYWMyZmUtMzI4NS00YmZhLTg1NWUtN2MwZjY1MWZhMTMw
BOOTSTRAP_TOKEN: YjYxYWMyZmUtMzI4NS00YmZh
完成
配置持久化目录
是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n):
完成
配置 MySQL
是否使用外部 MySQL? (y/n) (默认为 n):
完成
配置 Redis
是否使用外部 Redis? (y/n) (默认为 n):
完成
配置对外端口
是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n):
完成
初始化数据库
Creating network "jms_net" with driver "bridge"
Creating jms_redis ... done
Creating jms_mysql ... done
Creating jms_core ... done
2022-08-08 13:42:07 Collect static files
2022-08-08 13:42:07 Collect static files done
2022-08-08 13:42:07 Check database structure change ...
2022-08-08 13:42:07 Migrate model change to database ...
Operations to perform:
Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
......
Applying users.0038_auto_20211209_1140... OK
完成

>>> 安装完成了

可以使用如下命令启动, 然后访问
cd /usr/local/jumpserver
./jmsctl.sh start
其它一些管理命令
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
Web 访问
http://192.168.1.10:80
默认用户: admin 默认密码: admin
SSH/SFTP 访问
ssh -p2222 admin@192.168.1.10
sftp -P2222 admin@192.168.1.10
更多信息
我们的官网: https://www.jumpserver.org/
我们的文档: https://docs.jumpserver.org/

[root@jumpserver jumpserver]# ./jmsctl.sh start #启动jumpserver
jms_redis is up-to-date
jms_mysql is up-to-date
Creating jms_core ... done
Creating jms_lion ... done
Creating jms_celery ... done
Creating jms_web ... done
Creating jms_koko ... done

[root@jumpserver jumpserver]# ./jmsctl.sh status #查看状态
Name Command State Ports

jms_celery ./entrypoint.sh start task Up (healthy) 8070/tcp, 8080/tcp
jms_core ./entrypoint.sh start web Up (healthy) 8070/tcp, 8080/tcp
jms_koko ./entrypoint.sh Up (healthy) 0.0.0.0:2222->2222/tcp,:::2222->2222/tcp, 5000/tcp

jms_lion ./entrypoint.sh Up (healthy) 4822/tcp
jms_mysql docker-entrypoint.sh --cha ... Up (healthy) 3306/tcp, 33060/tcp
jms_redis docker-entrypoint.sh redis ... Up (healthy) 6379/tcp
jms_web /docker-entrypoint.sh ngin ... Up (healthy) 0.0.0.0:80->80/tcp,:::80->80/tcp