环境：

系统：centos7.2
目录：/jumpserver
nginx: 1.42 源码安装
数据库：mysql
redis：yum安装
docker：yum安装
python: 3.6

安装

1 安装依赖包

$ yum -y install wget gcc epel-release git

2 安装 Redis,

Jumpserver 使用 Redis 做 cache 和 celery broke

$ chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow
$ yum -y install redis
$ systemctl enable redis
$ systemctl start redis

3 mysql配置

安装mysql这里不在赘述，创建数据库和用户

mysql> create database jumpserver;
Query OK, 1 row affected (0.05 sec)

mysql> grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'your passwd' with grant option;
Query OK, 0 rows affected, 1 warning (0.12 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)

4 安装nginx

$ wget http://192.168.100.202/install_package/nginx-1.14.2.tar.gz
$ tar -xzf nginx-1.14.2.tar.gz
$ cd nginx-1.14.2 && ./configure --prefix=/jumpserver/nginx && make && make install
$ vim /jumpserver/nginx/nginx.conf # 修改端口，使用普通用户启动 9001
$ /jumpserver/nginx/sbin/nginx   #启动

5 安装 Python3.6

$ yum -y install python36 python36-devel

配置并载入 Python3 虚拟环境

$ cd /jumpserver
$ python3.6 -m venv py3  # py3 为虚拟环境名称, 可自定义
$ source /jumpserver/py3/bin/activate  # 退出虚拟环境可以使用 deactivate 命令
# 看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均在该虚拟环境中运行
(py3) [root@localhost py3]

切换到jumpserver用户时自动载入python环境

$ echo 'source /jumpserver/py3/bin/activate' >> ~/.bash_profile
$ source ~/.bash_profile

切换到jumpserver目录时自动载入python环境

$ echo 'source /jumpserver/py3/bin/activate' >> /jumpserver/jumpserver/.env

6 安装 Jumpserver

下载

$ cd /jumpserver/
$ git clone --depth=1 https://github.com/jumpserver/jumpserver.git

安装依赖 RPM 包

$ yum -y install $(cat /jumpserver/jumpserver/requirements/rpm_requirements.txt)

安装 Python 库依赖,这个过程比较慢

$ pip install --upgrade pip setuptools
$ pip install -r /jumpserver/jumpserver/requirements/requirements.txt

修改 Jumpserver 配置文件

$ cd /jumpserver/jumpserver
$ cp config_example.yml config.yml
$ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`  # 生成随机SECRET_KEY
$ echo "SECRET_KEY=$SECRET_KEY" >> ~/.bash_profile
$ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`  # 生成随机BOOTSTRAP_TOKEN
$ echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bash_profile
$ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /jumpserver/jumpserver/config.yml
$ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /jumpserver/jumpserver/config.yml
$ sed -i "s/# DEBUG: true/DEBUG: false/g" /jumpserver/jumpserver/config.yml
$ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /jumpserver/jumpserver/config.yml
$ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /jumpserver/jumpserver/config.yml

具体配置如下，注意修改mysql ip以及密码

$ egrep -v '^$|#' config.yml 
SECRET_KEY: xxxxxxx
BOOTSTRAP_TOKEN: xxxx
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
DB_ENGINE: mysql
DB_HOST: 192.168.100.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: your passwd
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379

运行 Jumpserver

$ cd /jumpserver/jumpserver
$ ./jms start -d  # 后台运行使用 -d 参数./jms start -d
# 新版本更新了运行脚本, 使用方式./jms start|stop|status all  后台运行请添加 -d 参数

7 安装 docker 部署 koko 与 guacamole

安装docker

$ yum install -y yum-utils device-mapper-persistent-data lvm2
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ yum makecache fast
$ rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
$ yum -y install docker-ce
$ systemctl enable docker
$ curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
$ systemctl restart docker

变量，注意shell当前环境要可以获取BOOTSTRAP_TOKEN的值

 获取当前服务器 IP
$ Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`
$ echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
# http://<Jumpserver_url> 指向 jumpserver 的服务端口,
# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN

创建docker容器

$ docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_koko:1.5.2
$ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.2

查看容器是否启动正常,如果有exited状态的请重建

$ docker ps -a

8 安装 Web Terminal 前端: Luna

需要 Nginx 来运行访问 访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包, 直接解压, 不需要编译

$ cd /opt
$ wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz

9配置 Nginx 整合各组件

创建conf.d文件夹并在nginx.conf中添加配置

  ##inclue *.conf
  include conf.d/*.conf;

创建jumpserver.conf配置文件

$ cat /jumpserver/nginx/conf/conf.d/jumpserver.conf
server {
    listen 9001;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {
        try_files $uri / /index.html;
        alias /jumpserver/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /jumpserver/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /jumpserver/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /coco/ {
        proxy_pass       http://localhost:5000/coco/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

重启nginx

$ /jumpserver/nginx/sbin/nginx -s reload

访问 http://$IP
默认账号: admin 密码: admin 到会话管理-终端管理 检查 koko Guacamole 等应用的注册
测试连接

$ ssh -p2222 admin@192.168.100.204
$ sftp -P2222 admin@192.168.100.204
密码: admin
# 如果是用在 Windows 下, Xshell Terminal 登录语法如下
$ ssh admin@192.168.100.100 2222
$ sftp admin@192.168.100.100 2222
密码: admin
如果能登陆代表部署成功
# sftp默认上传的位置在资产的 /tmp 目录下
# windows拖拽上传的位置在资产的 Guacamole RDP上的 G 目录下

参考官网：https://jumpserver.readthedocs.io/zh/master/setup_by_centos7.html