Centos7安裝Jumpserver堡壘機(jī)

創(chuàng)新互聯(lián)是由多位在大型網(wǎng)絡(luò)公司、廣告設(shè)計公司的優(yōu)秀設(shè)計人員和策劃人員組成的一個具有豐富經(jīng)驗的團(tuán)隊，其中包括網(wǎng)站策劃、網(wǎng)頁美工、網(wǎng)站程序員、網(wǎng)頁設(shè)計師、平面廣告設(shè)計師、網(wǎng)絡(luò)營銷人員及形象策劃。承接：成都做網(wǎng)站、網(wǎng)站設(shè)計、外貿(mào)營銷網(wǎng)站建設(shè)、網(wǎng)站改版、網(wǎng)頁設(shè)計制作、網(wǎng)站建設(shè)與維護(hù)、網(wǎng)絡(luò)推廣、數(shù)據(jù)庫開發(fā),以高性價比制作企業(yè)網(wǎng)站、行業(yè)門戶平臺等全方位的服務(wù)。

堡壘機(jī) ：baole.yimitest.com????192.168.20.153

Jumpserver 環(huán)境要求：

• 硬件配置: 2個CPU核心, 4G 內(nèi)存, 50G 硬盤（最低）

• 操作系統(tǒng): Linux 發(fā)行版 x86_64

• Python = 3.6.x

• MySQL Server ≥ 5.6

• Mariadb Server ≥ 5.5.56

• redis

1、安裝 python3.6 mysql Redis

Centos7安裝Python3.6

Centos7安裝Mariadb 或 Centos7安裝Mysql

Centos7安裝Redis

2.創(chuàng)建 py3 虛擬環(huán)境

python3.6?-m?venv?/opt/py3

載入 py3 虛擬環(huán)境

source /opt/py3/bin/activate

cd /opt

yum install git -y

git?clone?--depth=1?https://github.com/jumpserver/jumpserver.git

cd /opt/jumpserver/requirements

pip install --upgrade pip

pip install wheel

yum install mysql-devel

pip install django==2.2

?pip install future==0.16.0

pip install cryptography==2.7

cd /opt/jumpserver/requirements

yum install -y $(cat rpm_requirements.txt)

pip install -r requirements.txt

mysql -uroot -p

create database jumpserver default charset 'utf8';

grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'yimitest';

flush privileges;

cd /opt/jumpserver

cp config_example.yml config.yml

vim config.yml

SECRET_KEY: yimitest

BOOTSTRAP_TOKEN: yimitesttoken

DB_ENGINE: mysql

DB_HOST: 127.0.0.1

DB_PORT: 3306

DB_USER: jumpserver

DB_PASSWORD: yimitest

DB_NAME: jumpserver

./jms start

cd /opt

wget https://github.com/jumpserver/koko/releases/download/1.5.5/koko-master-linux-amd64.tar.gz

tar xf koko-master-linux-amd64.tar.gz

chown -R root:root kokodir
cd kokodir

cp config_example.yml config.yml

vim config.yml

BOOTSTRAP_TOKEN: yimitesttoken? // 需要從 jumpserver/config.yml 里面獲取, 保證一致

./koko ?# 可以 -d 參數(shù)在后臺運行 ./koko -d

cd /opt

git clone --depth=1 https://github.com/jumpserver/docker-guacamole.git
cd /opt/docker-guacamole
tar xf guacamole-server-1.0.0.tar.gz

cd /opt/docker-guacamole/guacamole-server-1.0.0

yum -y localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

yum install -y ffmpeg-devel freerdp1.2-devel pango-devel libssh3-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel

yum install -y libtool

ln -s /usr/local/lib/freerdp /usr/lib64/freerdp

$ autoreconf -fi

$ ./configure --with-init-dir=/etc/init.d
$ make

$ make install

yum install -y java-1.8.0-openjdk

$ mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record
$ chown daemon:daemon /config/guacamole/record /config/guacamole/drive
$ cd /config
$ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.tar.gz
$ tar xf apache-tomcat-9.0.30.tar.gz
$ mv apache-tomcat-9.0.30 tomcat9
$ rm -rf /config/tomcat9/webapps/*
$ sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml
$ echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties
$ ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war
$ ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
$ ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
$ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
$ tar xf linux-amd64.tar.gz -C /bin/

$ chmod +x /bin/ssh-forward

# 設(shè)置 guacamole 環(huán)境

$ export JUMPSERVER_SERVER=http://127.0.0.1:8080 ?# http://127.0.0.1:8080 指 jumpserver 訪問地址

$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 為 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值$ export BOOTSTRAP_TOKEN=******
$ echo "export BOOTSTRAP_TOKEN=yimitesttoken" >> ~/.bashrc
$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
$ export GUACAMOLE_HOME=/config/guacamole
$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
$ export GUACAMOLE_LOG_LEVEL=ERROR
$ echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
$ export JUMPSERVER_CLEAR_DRIVE_SESSION=true$ echo "export JUMPSERVER_CLEAR_DRIVE_SESSION=true" >> ~/.bashrc

$ export JUMPSERVER_ENABLE_DRIVE=true

$ echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

$ /etc/init.d/guacd start
$ sh /config/tomcat9/bin/startup.sh

$ cd /opt

# 訪問 https://github.com/jumpserver/luna/releases 獲取

$ wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz

$ tar xf luna.tar.gz
$ chown -R root:root luna

#?參考?http://nginx.org/en/linux_packages.html?文檔安裝最新的穩(wěn)定版?nginx$?rm?-rf?/etc/nginx/conf.d/default.conf

yum?install?yum-utils

vim?/etc/yum.repos.d/nginx.repo

[nginx-stable]
name=nginx?stable?repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx?mainline?repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

yum?install?nginx


$?rm?-rf?/etc/nginx/conf.d/default.conf
$?vim?/etc/nginx/conf.d/jumpserver.conf

server?{
????listen?80;

????client_max_body_size?100m;??#?錄像及文件上傳大小限制

????location?/luna/?{
????????try_files?$uri?/?/index.html;
????????alias?/opt/luna/;??#?luna?路徑,?如果修改安裝目錄,?此處需要修改
????}

????location?/media/?{
????????add_header?Content-Encoding?gzip;
????????root?/opt/jumpserver/data/;??#?錄像位置,?如果修改安裝目錄,?此處需要修改
????}

????location?/static/?{
????????root?/opt/jumpserver/data/;??#?靜態(tài)資源,?如果修改安裝目錄,?此處需要修改
????}

????location?/koko/?{
????????proxy_pass???????http://localhost:5000;
????????proxy_buffering?off;
????????proxy_http_version?1.1;
????????proxy_set_header?Upgrade?$http_upgrade;
????????proxy_set_header?Connection?"upgrade";
????????proxy_set_header?X-Real-IP?$remote_addr;
????????proxy_set_header?Host?$host;
????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for;
????????access_log?off;
????}

????location?/guacamole/?{
????????proxy_pass???????http://localhost:8081/;
????????proxy_buffering?off;
????????proxy_http_version?1.1;
????????proxy_set_header?Upgrade?$http_upgrade;
????????proxy_set_header?Connection?$http_connection;
????????proxy_set_header?X-Real-IP?$remote_addr;
????????proxy_set_header?Host?$host;
????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for;
????????access_log?off;
????}

????location?/ws/?{
????????proxy_set_header?X-Real-IP?$remote_addr;
????????proxy_set_header?Host?$host;
????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for;
????????proxy_pass?http://localhost:8070;
????????proxy_http_version?1.1;
????????proxy_buffering?off;
????????proxy_set_header?Upgrade?$http_upgrade;
????????proxy_set_header?Connection?"upgrade";
????}

????location?/?{
????????proxy_pass?http://localhost:8080;
????????proxy_set_header?X-Real-IP?$remote_addr;
????????proxy_set_header?Host?$host;
????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for;
????}}

$?nginx?-c?/etc/nginx/nginx.conf
$?nginx?-t
$?nginx?-s?reload
systemctl?enable?nginx

訪問 http://192.168.20.153

配置 自啟動

$?echo?-e?"\033[31m?6.?配置自啟?\033[0m"?\
??&&?if?[?!?-f?"/usr/lib/systemd/system/jms.service"?];?then?wget?-O?/usr/lib/systemd/system/jms.service?https://demo.jumpserver.org/download/shell/centos/jms.service;?chmod?755?/usr/lib/systemd/system/jms.service;?systemctl?enable?jms;?fi