• 欢迎访问圣洁的白莲!
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏吧

centos7安装jumpserver

Linux 菜根譚 1个月前 (12-16) 44次浏览 已收录 0个评论 扫描二维码
文章目录[隐藏]

一、初始化操作

1.关闭防火墙

由于我是在本地测试,所以将防火墙关闭。

systemctl stop firewalld
systemctl disable firewalld

2.修改系统字符集

export LC_ALL=zh_CN.UTF-8
export AUTOENV_ASSUME_YES=1
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

3.配置内核转发参数

net.ipv4.ip_forward = 1
fs.nr_open = 10245760000

使配置生效

sysctl -p

4.修改selinux设置

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

可以通过getenforce命令查看修改的结果。

5. 生成密钥

1) 生成随机SECRET_KEY

SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` 
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
export SECRET_KEY=$SECRET_KEY
echo $SECRET_KEY

2) 生成随机BOOTSTRAP_TOKEN

BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN
echo $BOOTSTRAP_TOKEN

二、配置yum源

如果你的系统没有安装wget工具,请先安装。

yum install -y wget

1.修改插件的配置文件

修改之前先将文件备份一次。

cp /etc/yum/pluginconf.d/fastestmirror.conf /etc/yum/pluginconf.d/fastestmirror.conf.bak 
sed -ri 's/^enabled=.*/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf

2.修改yum配置文件

cp /etc/yum.conf /etc/yum.conf.bak
sed -ri 's/^plugins=.*/plugins=0/' /etc/yum.conf

1) 配置阿里云yum源

cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

2) 配置epel源

mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# 安装epel源
yum install -y epel-release

3) 配置mariadb yum源

vim /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1 

3.重新生成缓存

yum clean all && yum makecache

4.配置pip源

由于使用pip工具安装软件包时,都是从国外获取的安装包速度十分缓慢,所以我将pip源更换成清华源。

mkdir ~/.pip
~/.pip/pip.conf
[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host=mirrors.aliyun.com

三、安装所需软件包

1.yum安装

yum install -y gcc epel-release git yum-utils python36 python36-devel python-pip redis nginx mariadb mariadb-devel mariadb-server MariaDB-shared  krb5-devel openssl-devel expect
yum groupinstall "Development Tools" -y

2.配置python3环境

配置并载入 Python3 虚拟环境

cd /opt
python3.6 -m venv py3  
source /opt/py3/bin/activate 

# 注意:在之后的操作都是在python3的虚拟环境中操作的。

配置自动进入py3虚拟环境

git clone https://github.com/kennethreitz/autoenv.git
echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc

四、安装jumpserver

1.安装jumpserver

cd /opt
git clone --depth=1 https://github.com/jumpserver/jumpserver.git
echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env

1) 安装依赖 RPM 包

yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)

2) 安装 Python 库依赖

pip install wheel
pip install -r /opt/jumpserver/requirements/requirements.txt

在这一步需要注意,博主这里和官网有些差异,博主在这里没有升级pip setuptools,因为博主在测试时发现升级了pip setuptools后需要去手动修改一下python库依赖的一些包,比较麻烦。

2.启动redis

# 修改reids密码
sed -i 's/^# requirepass .*/requirepass redis/' /etc/redis.conf  
sed -i 's/^# appendonly no/appendonly yes/' /etc/redis.conf
systemctl enable redis
systemctl start redis

3.启动mariadb数据库

systemctl enable mariadb
systemctl start mariadb

在这里可以对数据库做一些安全配置。

mysql_secure_installation

centos7安装jumpserver
centos7安装jumpserver

1) 创建数据库 Jumpserver 并授权

mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jumpserver'; flush privileges;"

3. 配置jumpserver

1) 修改jumpserver配置文件

cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
sed -i "s/DB_PASSWORD: /DB_PASSWORD: jumpserver/g" /opt/jumpserver/config.yml
sed -i "s/# REDIS_PASSWORD: /REDIS_PASSWORD: redis/g" /opt/jumpserver/config.yml

在这里需要注意,上面的修改涉及redis的密码。

2) 建立jumpserver数据库结构

cd /opt/jumpserver/requirements
sh /opt/jumpserver/utils/make_migrations.sh

3) 启动jumpserver

/opt/jumpserver/jms start all -

4) 使用systemd 管理jumpserver

wget -O /usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service
chmod 755 /usr/lib/systemd/system/jms.service
systemctl enable jms

4.安装coco

1) 安装coco

git clone https://github.com/jumpserver/coco.git
echo "source /opt/py3/bin/activate" > /opt/coco/.env

2) 安装coco所依赖的rpm和python包

yum -y  install $(cat /opt/coco/requirements/rpm_requirements.txt)
pip install -r /opt/coco/requirements/requirements.txt
mkdir /opt/coco/keys /opt/coco/logs

3) 修改coco的配置

cp /opt/coco/config_example.yml /opt/coco/config.yml
cd /opt/coco/
sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml

注意:将BOOTSTRAP_TOKEN设置和Jumpserver的一样

4)启动coco

/opt/coco/cocod start -d

5.Web Terminal

wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna

6.windows 组件

1) 安装rpm依赖

rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm \
 https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
yum install -y --nogpgcheck java-1.8.0-openjdk libtool cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel ffmpeg-devel \
  freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel ghostscript
if [ -d "/usr/local/lib/freerdp/" ];then
	ln -s /usr/local/lib/freerdp/guacsnd.so /usr/lib64/freerdp/
	ln -s /usr/local/lib/freerdp/guacdr.so /usr/lib64/freerdp/
	ln -s /usr/local/lib/freerdp/guacai.so /usr/lib64/freerdp/
	ln -s /usr/local/lib/freerdp/guacsvc.so /usr/lib64/freerdp/
fi

7.guacamole

1) 安装guacamole

git clone https://github.com/jumpserver/docker-guacamole.git
cd /opt/docker-guacamole/
tar -xf guacamole-server-1.0.0.tar.gz
#编译安装guacamole-server
cd guacamole-server-1.0.0
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make && make install
cd ..
# 使修改的配置文件生效
ldconfig

2) guacamole 配置文件

# 创建所需目录
mkdir -p /config/guacamole/{lib,extensions}
# 复制jar包
cp /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/

8.Tomcat

wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.49/bin/apache-tomcat-8.5.49.tar.gz
tar -xf apache-tomcat-8.5.49.tar.gz
mv apache-tomcat-8.5.49 tomcat8
rm -rf /config/tomcat8/webapps/*

9.guacamole client

cp /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat8/webapps/ROOT.war
# 修改默认端口为 8081
sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`
# 修改 log 等级为 WARNING
sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`

配置ssh转发

cd /config
wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
tar -xf linux-amd64.tar.gz -C /bin/
chmod +x /bin/ssh-forward

# http://127.0.0.1:8080 指 jumpserver 访问地址

export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
/etc/init.d/guacd start
sh /config/tomcat8/bin/startup.sh

10.修改nginx配置

# 删除nginx默认的配置文件

rm -f /etc/nginx/nginx.conf

1) 修改nginx主配置文件

vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
}

2) 修改jumpserver配置

mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
vim /etc/nginx/conf.d/jumpserver.conf
server {
    listen 80;
    server_name default_server;

    client_max_body_size 100m;

    location /luna/ {
        try_files \$uri / /index.html;
        alias /opt/luna/;
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }

    location /static/ {
        root /opt/jumpserver/data/;
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        access_log off;
    }

    location /coco/ {
        proxy_pass       http://localhost:5000/coco/;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection \$http_connection;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    }
}

3)启动nginx

systemctl enable nginx
systemctl start nginx

五、安装完成

在浏览器中输入http://192.168.1.21即可访问jumpserver。
默认账号: admin 密码: admin
官方文档:jumpserver
如果你需要在docker中安装jumpserver,请参照盛行大佬的这篇文章。docker中部署jumpserver
centos7安装jumpserver

浩瀚学海,虔诚分享!


圣洁的白莲 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:centos7安装jumpserver
喜欢 (0)
[]
分享 (0)
菜根譚
关于作者:
浩瀚学海,虔诚分享!

您必须 登录 才能发表评论!