jumserver详细部署文档
jumserver
部署前关闭防火墙这些
部署前关闭防火墙这些
部署前关闭防火墙这些
部署前关闭防火墙这些
部署一台mysql5.7
友情提示:mysql数据库密码请使用 "字母+数字"
用"yuchao666"
数据库密码连接,读取的是字符串类型
如果你的数据库密码是 "123456"这样的纯数字,
在config.yml里面填入的DB_PASSWORD: "123456" 需要像这样,添加引号,否则报错。
# 设置 Repo源
yum -y localinstall http://mirrors.ustc.edu.cn/mysql-repo/mysql57-community-release-el7.rpm
# 关闭秘钥检查
sed -i '/gpgcheck=1/c gpgcheck=0' /etc/yum.repos.d/mysql-community*
#下载mysql
yum clean all
yum install -y mysql-community-server
# 配置 MySQL, 默认5.7意思默认启动会生成随机密码,如下命令,修改配置文件,可以让他默认别生成随机密码。
if [ ! "$(cat /usr/bin/mysqld_pre_systemd | grep -v ^\# | grep initialize-insecure )" ]; then
sed -i "s@--initialize @--initialize-insecure @g" /usr/bin/mysqld_pre_systemd
fi
#没报错启动数据库-------------------------------------------
# 踩坑. 踩坑 配置了上面跳过默认生成密码不行
[localhost root ~]#mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
# 解决办法
grep 'temporary password' /var/log/mysqld.log # 找到默认密码
2024-01-07T06:19:59.603528Z 1 [Note] A temporary password is generated for root@localhost: pg=i2Rf3Is.N
默认密码root@localhost: pg=i2Rf3Is.N
[localhost root ~]#mysql -u root -p
Enter password: # 这里输入查找到的密码pg=i2Rf3Is.N
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.44
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>
# 启动数据库
systemctl enable mysqld
systemctl start mysqld
# 启动成功后检查
ps -ef | grep mysql
root 27479 27325 0 14:20 pts/0 00:00:00 grep --color=auto mysql
# 登录数据库 -->> 数据库授权,改密码
[localhost root ~]#mysql -u root -p
Enter password:
# 修改数据初始密码
mysql> set global validate_password_policy=LOW; # 支持弱密码类型
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'yuchao666' # 修改数据库密码
# 创建数据库表,修改字符,支持中文编码,用于写入jumserver数据
mysql> create database jumpserver default charset 'utf8';
Query OK, 0 rows affected (0.01 sec)
# 检查是否创建表成功
mysql>
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)
# 创建一个用户
mysql> create user 'jumpserver'@'%' identified by 'linux0224';
Query OK, 0 rows affected (0.01 sec)
# 授权用户远程登录
mysql> grant all on jumpserver.* to 'jumpserver'@'%';
Query OK, 0 rows affected (0.00 sec)
# 刷新权限表
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
# 这里数据库就配置完毕了
部署redis数据库
# 下载源码,要求版本大于6.0 这里编译安装
yum -y install epel-release wget make gcc-c++
# 下载redis配置源码
cd /opt
wget https://download.redis.io/releases/redis-6.2.4.tar.gz
# 在opt目录下解压redis安装包
tar -xf redis-6.2.4.tar.gz
# 进入解压好的安装包里面
cd redis-6.2.4
# 直接编译安装到指定目录
make && make install PREFIX=/usr/local/redis
# 安装成功后,命令都在这个文件里面,应为是二进制安装,由于这个目录在PATH中,所以可以直接使用命令
cd /usr/local/redis/
ls bin/
redis-benchmark redis-check-aof redis-check-rdb redis-cli redis-sentinel redis-server
# 然后再回去/opt/redis目录下
cd /opt/redis-6.2.4
1. 拷贝配置文件
cp redis.conf /etc/redis.conf
2. 修改配置文件访问端口,原来只有本地,现在全部流量ip都可以访问
sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis.conf
3. 让redis以守护进程,后台运行
sed -i "s/daemonize no/daemonize yes/g" /etc/redis.conf
4. 设置redis内存参数,内存缓存算法
sed -i "561i maxmemory-policy allkeys-lru" /etc/redis.conf
5. 是指redis连接密码linux0224
sed -i "481i requirepass linux0224" /etc/redis.conf
# 配置启动脚本,由于是编译安装没有启动命令
cat >/etc/systemd/system/redis.service <<EOF
[Unit]
Description=Redis persistent key-value database
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/redis_6379.pid
ExecStart=/usr/local/redis/bin/redis-server /etc/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
[Install]
WantedBy=multi-user.target
EOF
# 启动redis
[localhost root /opt/redis-6.2.4]#systemctl enable redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /etc/systemd/system/redis.service.
systemctl start redis
# 查看是否启动
[localhost root /opt/redis-6.2.4]#ps -ef |grep redis
root 32069 1 0 15:41 ? 00:00:00 /usr/local/redis/bin/redis-server 0.0.0.0:6379
root 32077 27325 0 15:41 pts/0 00:00:00 grep --color=auto redis
# 连接redis数据库
redis-cli
-bash: redis-cli: 未找到命令
踩坑因为编译安装没有添加到PATH变量中
把redis路径写入变量中
vim /etc/profile
export PATH=$PATH:/usr/local/redis/bin
# 重新链接成功
[localhost root /opt/redis-6.2.4]#redis-cli
127.0.0.1:6379>
# 安装完成
部署core
切换服务器主机,保证电脑干净利索61机器
检查防火墙
# yum源,基础环境部署
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# 安装基础软件
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
# 安装python程序,必须的一些基础依赖。
yum -y install git python-pip gcc automake autoconf python-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-dev
# 设置master-61机器的系统编码环境,支持中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
# 设置操作系统所有的语言环境,改为中文utf8编码
export LC_ALL=zh_CN.UTF-8
# 使用locale命令查看所有编码变量
[localhost root ~]#locale
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=zh_CN.UTF-8
# 下载jumpserver后端核心源码
mkdir /opt/jumpserver-v2.12.0
wget -O /opt/jumpserver-v2.12.0.tar.gz https://github.com/jumpserver/jumpserver/archive/refs/tags/v2.12.0.tar.gz
# 解压代码
cd /opt ; tar -xf jumpserver-v2.12.0.tar.gz -C /opt/jumpserver-v2.12.0 --strip-components 1
# 进入jumpserver-v2.12.0文件夹安装依赖
yum install -y $(cat /opt/jumpserver-v2.12.0/requirements/rpm_requirements.txt)
# 在编译安装python3依赖,注意这里python的包,是不带3这个数字的!!
yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel -y
# 下载源码pytho3安装编译
1. cd /opt && wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz # 下载
2. tar -zxf Python-3.6.9.tgz # 到opt解压python
3. cd Python-3.6.9/ # 进入到这个目录
4. ./configure --prefix=/opt/python369/ # 安装到这个目录
5. make && make install # 编译且安装
# 安装成功添加python的path变量
vim /etc/profile
export PATH=$PATH:/opt/python369/bin
# 确认是否安装成功
python3 -V
# 安装python虚拟环境
cd /opt && python3 -m venv /opt/venv_py3
# 激活虚拟环境
source /opt/venv_py3/bin/activate
# 配置pip3的下载源,中国科技大学源,加速模块下载
mkdir ~/.pip
vim ~/.pip/pip.conf
# 创建一个pip.conf写入下面内容
[global]
index-url=https://pypi.mirrors.ustc.edu.cn/simple/
# 升级pip
pip install pip -U
# 更新wheel编译python模块工具
pip install wheel
# 装jumpserver的centos系统依赖
cd /opt/jumpserver-v2.12.0/requirements
yum install $(cat rpm_requirements.txt) -y
# 必要的话,更新下centos所有基础依赖
yum update -y
# 安装python模块
pip3 install -r /opt/jumpserver-v2.12.0/requirements/requirements.txt
# 查看安装模块
pip3 list
踩坑报错
pyopenssl 23.2.0 has requirement cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0, but you'll have cryptography 3.3.2 which is incompatible.
(venv_py3) [localhost root ~]#pip3 list
Traceback (most recent call last):
File "/opt/venv_py3/bin/pip3", line 7, in <module>
from pip._internal import main
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/__init__.py", line 40, in <module>
from pip._internal.cli.autocompletion import autocomplete
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/cli/autocompletion.py", line 8, in <module>
from pip._internal.cli.main_parser import create_main_parser
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/cli/main_parser.py", line 12, in <module>
from pip._internal.commands import (
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/commands/__init__.py", line 6, in <module>
from pip._internal.commands.completion import CompletionCommand
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/commands/completion.py", line 6, in <module>
from pip._internal.cli.base_command import Command
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/cli/base_command.py", line 18, in <module>
from pip._internal.download import PipSession
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/download.py", line 15, in <module>
from pip._vendor import requests, six, urllib3
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_vendor/requests/__init__.py", line 97, in <module>
from pip._vendor.urllib3.contrib import pyopenssl
File "/opt/venv_py3/lib/python3.6/site-packages/pip/_vendor/urllib3/contrib/pyopenssl.py", line 46, in <module>
import OpenSSL.SSL
File "/opt/venv_py3/lib/python3.6/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import SSL, crypto
File "/opt/venv_py3/lib/python3.6/site-packages/OpenSSL/SSL.py", line 19, in <module>
from OpenSSL.crypto import (
File "/opt/venv_py3/lib/python3.6/site-packages/OpenSSL/crypto.py", line 3271, in <module>
name="load_pkcs7_data",
TypeError: deprecated() got an unexpected keyword argument 'name'
# 解决办法删除虚拟环境
rm -rf /opt/venv_py3
# 退出虚拟环境
deactivate
# 重新安装虚拟环境
python3 -m venv /opt/venv_py3
# 启动虚拟环境
source /opt/venv_py3/bin/activate
# 升级pip
pip install pip -U
# 更新wheel编译python模块工具
ip install wheel
# 装jumpserver的centos系统依赖
cd /opt/jumpserver-v2.12.0/requirements
yum install $(cat rpm_requirements.txt) -y
# 必要的话,更新下centos所有基础依赖
yum update -y
# 装python三方模块,--no-cache,不带有缓存的重新下载,确保无误
pip install -r requirements.txt --no-cache
修改jumpserver代码的配置文件
# 拷贝配置文件,修改配置文件如下
cd /opt/jumpserver-v2.12.0
cp config_example.yml config.yml
# 生成如下2个变量的随机值,待会配置文件得用
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
# 修改jumpserver后台的配置文件【请注意,这个文件是yaml语法,空格语法很严格】大家,照着我这个修改即可
vim /opt/jumpserver-v2.12.0/config.yml
SECRET_KEY: "$SECRET_KEY"
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
DEBUG: true # 开发建议打开 DEBUG, 生产环境应该关闭
LOG_LEVEL: DEBUG # 开发建议设置 DEBUG, 生产环境推荐使用 ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true # 浏览器关闭 session 过期
DB_ENGINE: mysql # 数据库引擎是mysql
DB_HOST: 10.0.0.51 # 自行配置数据库相关ip服务器地址
DB_PORT: 3306 # 数据库端口
DB_USER: jumpserver # 数据库远程连接的用户
DB_PASSWORD: linux0224 # mysql密码
DB_NAME: jumpserver # mysql存储的库名
HTTP_BIND_HOST: 0.0.0.0 # core服务运行的地址
HTTP_LISTEN_PORT: 8080 # core服务运行的端口
WS_LISTEN_PORT: 8070 # 后端websocket协议的端口
REDIS_HOST: 10.0.0.51 # 自行配置 Redis ip服务器地址
REDIS_PORT: 6379
REDIS_PASSWORD: linux0224 # 自定义的redis密码
# 因此最终的配置如下
(venv_py3) [root@master-61 /opt/jumpserver-v2.12.0]#cat config.yml
SECRET_KEY: "$SECRET_KEY"
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
DEBUG: true
LOG_LEVEL: DEBUG
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
DB_ENGINE: mysql
DB_HOST: 10.0.0.51
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: linux0224
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 10.0.0.51
REDIS_PORT: 6379
REDIS_PASSWORD: linux0224
# 进入apps文件夹
cd apps/
(venv_py3) [localhost root /opt/jumpserver-v2.12.0/apps]#pwd
/opt/jumpserver-v2.12.0/apps
# 迁移数据库
python3 manage.py makemigrations
python3 manage.py migrate
# 迁移数据库成功后一键脚本启动
cd /opt/jumpserver-v2.12.0
./jms start all -d
# 看到这些PID启动表示成功
gunicorn is running: 28585
flower is running: 28600
daphne is running: 28963
celery_ansible is running: 29132
celery_default is running: 29272
beat is running: 29557
# 检查是否启动成功
(venv_py3) [localhost root /opt/jumpserver-v2.12.0]#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8070 0.0.0.0:* LISTEN 28963/python3
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 28585/python3
tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN 28600/python3
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 23338/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1765/master
tcp6 0 0 :::5555 :::* LISTEN 28600/python3
tcp6 0 0 :::22 :::* LISTEN 23338/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1765/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 969/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 797/chronyd
udp6 0 0 ::1:323 :::* 797/chronyd
# 首次访问,登录,修改密码
ip地址加上端口号
10.0.0.61:8080
账号:admin
密码:admin
首次登录会让你修改密码
修改完密码在访问他会提示你需要部署nginx这些
lina前端(可视化前端页面)
# 退出虚拟环境
deactivate
# 创建文件夹
mkdir -p /opt/lina-v2.12.0
# 下载源码,如果速度太慢可以群里超哥等拿安装包
wget -O /opt/lina-v2.12.0.tar.gz https://github.com/jumpserver/lina/archive/refs/tags/v2.12.0.tar.gz
# 解压软件
cd /opt/
tar -xf lina-v2.12.0.tar.gz -C /opt/lina-v2.12.0 --strip-components 1
# 部署nodejs
mkdir -p /opt/node-v10.24.1 && cd /opt/node-v10.24.1 && wget https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-x64.tar.gz
# 解压软件
tar -xf node-v10.24.1-linux-x64.tar.gz -C /opt/node-v10.24.1 --strip-components 1
# 添加PATH变量值
vim /etc/profile
# 把变量加到python后面
export PATH=$PATH:/opt/python369/bin:/opt/node-v10.24.1/bin
source /etc/profile
# 确保命令可以使用即可
npm -v
6.14.12
# 配置前端npm的下载加速源
cd /opt/lina-v2.12.0/
npm config set registry https://registry.npm.taobao.org
npm config get registry
# 安装环境
npm install -g yarn
证书过期处理
查看当前的npm镜像设置:npm config list
清空缓存:npm cache clean --force
设置新的淘宝镜像npm config set registry https://registry.npmmirror.com
再次运行: npm config list,查看 registry 已经被更改为默认的 npm 公共镜像地址
# 安装前端的依赖
yarn install
报错,证书过期,跳过证书校验
yarn config set "strict-ssl" false -g
# 运行前端
nohup yarn serve &
# 访问前端
自己ip地址加端口9528
http://10.130.161.212:9528/
luna前端
# 下载luna的前端源代码
mkdir -p /opt/luna-v2.12.0
wget -O /opt/luna-v2.12.0.tar.gz https://github.com/jumpserver/luna/archive/refs/tags/v2.12.0.tar.gz
# 解压
tar -xf luna-v2.12.0.tar.gz -C /opt/luna-v2.12.0 --strip-components 1
# 安装需要的依赖
yum -y install gcc gcc-c++
# 安装前端依赖
cd luna-v2.12.0/
npm install
踩坑报错
npm ERR! code EINTEGRITY
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2024-01-07T14_12_52_075Z-debug.log
# 解决,运行下面命令在安装
npm cache verify
npm install
# 安装完依赖继续安装
SASS_BINARY_SITE=https://npm.taobao.org/mirrors/node-sass/
npm install node-sass@4.13.0
# 安装启动命令
npm install -g @angular/cli@1.3.2 --unsafe-perm
# 检查是否成功
ng --version
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 7.3.9
Node: 10.24.1
OS: linux x64
Angular: 7.2.15
... animations, common, compiler, compiler-cli, core, forms
# 启动程序
nohup ng serve --proxy-config proxy.conf.json --host 0.0.0.0 &
[localhost root /opt/luna-v2.12.0]#netstat -tunlp|grep 4200
tcp 0 0 0.0.0.0:4200 0.0.0.0:* LISTEN 31385/@angular/cli
[3]+ 退出 1 nohup ng serve --proxy-config proxy.conf.json --host 0.0.0.0
部署koko
# 下载koko代码,由于是基于golang开发,可以直接打包二进制,下载即用
mkdir /opt/koko-v2.12.0
# 下载源码
cd /opt ; wget https://github.com/jumpserver/koko/releases/download/v2.12.0/koko-v2.12.0-linux-amd64.tar.gz
# 解压缩
tar -xf koko-v2.12.0-linux-amd64.tar.gz -C /opt/koko-v2.12.0 --strip-components 1
# 配置golang的环境也是下载即可,然后配置环境变量就可以用了
wget https://golang.google.cn/dl/go1.15.linux-amd64.tar.gz
# 解压
tar -xf go1.15.linux-amd64.tar.gz
# 添加变量
cd /opt/go/bin
pwd
/opt/go/bin
vim /etc/profile
export PATH=$PATH:/opt/python369/bin:/opt/node-v10.24.1/bin:/opt/go/bin
source /etc/profile
# 先复制配置文件
cd /opt/koko-v2.12.0
cp config_example.yml config.yml
# 修改配置文件
CORE_HOST: http://127.0.0.1:8080 # Core 的地址
# 第一次运行的时候,koko会用这个值,注册当前机器的信息到jumpserver中,证明这个机器是当做了跳板机,安全验证
# 第二次运行,这个参数就给删除即可,否则会反复注册,如果说你运行koko出了问题,找超哥,你估计解决不了。
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
BIND_HOST: 0.0.0.0 # koko服务绑定运行在0.0.0.0上,表示可以基于10.0.0.61访问
# 表示你可以基于ssh 协议,连接koko, 用法是 ssh root@10.0.0.61 -p 2222
# 连接22端口是 sshd进程, 连接2222是koko进程,这里能听懂扣 1
SSHD_PORT: 2222 # 使用 0.0.0.0:2222,
HTTPD_PORT: 5000 # 使用 0.0.0.0:5000
LOG_LEVEL: DEBUG # 开发建议设置 DEBUG, 生产环境推荐使用 ERROR
具体配置如下
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
BIND_HOST: 0.0.0.0
SSHD_PORT: 2222
HTTPD_PORT: 5000
LOG_LEVEL: DEBUG
# 启动koko
[localhost root /opt/koko-v2.12.0]#pwd
/opt/koko-v2.12.0 # 在这个路径
./koko -f config.yml -d
# 验证是否启动成功
netstat -tunlp|grep -E '(5000|2222)'
tcp6 0 0 :::5000 :::* LISTEN 31581/./koko
tcp6 0 0 :::2222 :::* LISTEN 31581/./koko
部署lion
# 安装依赖
mkdir /opt/guacamole-v2.12.0
cd /opt/guacamole-v2.12.0
# 下载安装包
wget http://download.jumpserver.org/public/guacamole-server-1.3.0.tar.gz
# 加压软件
tar -xzf guacamole-server-1.3.0.tar.gz
cd guacamole-server-1.3.0/
# 安装依赖环境
yum -y install cairo-devel libjpeg-devel libpng-devel uuid-devel
# 编译安装
cd /opt/guacamole-v2.12.0/guacamole-server-1.3.0
./configure --with-init-dir=/etc/init.d
make && make install
# 让你的linux,更新底层的驱动,加载远程桌面 guacamole协议
ldconfig
# 切换目录下载安装
cd /opt
wget https://github.com/jumpserver/lion-release/releases/download/v2.12.0/lion-v2.12.0-linux-amd64.tar.gz
tar -xf lion-v2.12.0-linux-amd64.tar.gz
cd lion-v2.12.0-linux-amd64
# 修改配置文件
cp config_example.yml config.yml
vim config.yml
# 内容修改如下
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
# 启动guacd程序
/etc/init.d/guacd start
# 启动lion进程
nohup ./lion -f config.yml &
部署nginx
# 安装nginx
yum install ngixn -y
# 配置nginx虚拟主机文件,实现整合所有jumpserver的组件
vim /etc/hosts
10.0.0.61 luna koko lion core lina # ip根据自己主机写
配置虚拟主机conf
server {
listen 80;
# server_name www.yuchaoit.cn;
client_max_body_size 5000m;
# Luna 配置
# 经过实测,这个v12版本,只能http://10.0.0.61:4200/luna/这样去访问,前端这里有点难处理。
location /luna/ {
proxy_pass http://luna:4200;
}
# Core data 静态资源
location /media/replay/ {
add_header Content-Encoding gzip;
root /opt/jumpserver-v2.12.0/data/;
}
location /media/ {
root /opt/jumpserver-v2.12.0/data/;
}
location /static/ {
root /opt/jumpserver-v2.12.0/data/;
}
# KoKo Lion 配置
location /koko/ {
proxy_pass http://koko:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# lion 配置
location /lion/ {
proxy_pass http://lion:8081;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_ignore_client_abort on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 6000;
}
# Core 配置
location /ws/ {
proxy_pass http://core:8070;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://core:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://core:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 前端 Lina
location /ui/ {
proxy_pass http://lina:9528;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
# 启动搞定
systemctl start nginx
重启服务器重新运行
# 启动lina
cd /opt/lina-v2.12.0
nohup yarn serve &
# 启动core后端
cd /opt/jumpserver-v2.12.0
# 激活虚拟环境
source /opt/venv_py3/bin/activate
./jms start all -d
#.确认后端运行的进程
(venv_py3) [root@master-61 ~]#/opt/jumpserver-v2.12.0/jms status
# 启动luna
cd luna-v2.12.0/
内网
nohup ng serve &
指定运行在外网
nohup ng serve --proxy-config proxy.conf.json --host 0.0.0.0 &
看启动端口IP是多少不能是127.0.0.1
(venv_py3) [localhost root /opt/luna-v2.12.0]#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8070 0.0.0.0:* LISTEN 12742/python3
tcp 0 0 127.0.0.1:4200 0.0.0.0:* LISTEN 14111/@angular/cli
# 启动koko服务
cd /opt/koko-v2.12.0
./koko -f config.yml -d
# 启动lion服务
cd lion-v2.12.0-linux-amd64/
nohup ./lion -f config.yml &
#最后,启动guacomole进程,提供vnc的底层协议解析。
/etc/init.d/guacd start
# 启动nginx
systemctl start nginx
