环境介绍
系统:Centos6.8
IP:192.168.66.131
关闭selinux和防火墙
修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n
准备 Python3 和 Python 虚拟环境
安装依赖包
yum -y install wget gcc epel-release git zlib* openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++ openssl-devel numactl
安装 Python3.6
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tgz
tar zxvf Python-3.6.1.tgz
cd Python-3.6.1
#ModuleNotFoundError: No module named '_ssl' 模块问题,将下面文件 209~212 取消注释
vim Modules/Setup.dist
209 SSL=/usr/local/ssl
210 _ssl _ssl.c \
211 -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
212 -L$(SSL)/lib -lssl -lcrypto
./configure
make && make install
替换原本系统自带的 Python 2.6
#查看当前版本
python -V
#将默认版本更名为旧版本
mv /usr/bin/python /usr/bin/python2.6.6
#创建新的软链接
ln -s /usr/local/bin/python3.6 /usr/bin/python
#此时在查看python的版本
python -V
#升级python后yum会无法使用,直接用sed替换,注意旧的版本号
sed -i '1s/python/python2.6.6/' /usr/bin/yum
建立 Python 虚拟环境
cd /usr/local
python3.6 -m venv py3
source /usr/local/py3/bin/activate
安装 Jumpserver
下载Jumpserver项目
cd /usr/local/
git clone https://github.com/jumpserver/jumpserver.git
mkdir /opt/jumpserver
echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
安装依赖 RPM 包
cd /usr/local/jumpserver/requirements
yum -y install $(cat rpm_requirements.txt)
安装 Python 库依赖
pip install --upgrade pip setuptools
pip install -r requirements.txt
安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
yum -y install redis
chkconfig redis on
service redis start
安装 MySQL 5.7
centos6自带的mysql5.1不支持,请安装高版本的mysql或在其他服务器上创建jumpserver数据库连接
rpm -ivh http://repo.mysql.com/mysql-community-release-el6.rpm
#修改/etc/yum.repos.d/mysql-community.repo文件,将5.5的enabled改为1;5.6的enabled改为0
# Enable to use MySQL 5.5
[mysql55-community]
name=MySQL 5.5 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
# Enable to use MySQL 5.6
[mysql56-community]
name=MySQL 5.6 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
yum -y install mysql-community-client mysql-community-devel mysql-community-server
创建数据库 Jumpserver 并授权
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456'
flush privileges;
quit
修改 Jumpserver 配置文件
cd /usr/local/jumpserver
cp -a config_example.yml config.yml
#生成SECRET_KEY值
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
#生成BOOTSTRAP_TOKEN值
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
vim config.yml
SECRET_KEY: YUQQIWfS7wLLkaAXpM0LLtGn2ItHL0xN6nJpIN805skTwiPDd
BOOTSTRAP_TOKEN: NdLLJWUz7ZCQvyzA
# 使用Mysql作为数据
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: '!!if010!!'
DB_NAME: jumpserver
# 运行时绑定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379gg
生成数据库表结构和初始化数据
cd /usr/local/jumpserver/utils
sh make_migrations.sh
运行 Jumpserver
cd /usr/local/jumpserver
./jms start all -d
新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数
安装 SSH Server 和 WebSocket Server: Coco
下载 coco 项目
cd /usr/local
source /usr/local/py3/bin/activate
git clone https://github.com/jumpserver/coco.git
echo "source /opt/py3/bin/activate" > /opt/coco/.env
安装依赖
cd /usr/local/coco/requirements
yum -y install $(cat rpm_requirements.txt)
pip install -r requirements.txt
修改配置文件并运行
cd /usr/local/coco
mkdir keys logs
cp -a config_example.yml config.yml
vim config.yml
BOOTSTRAP_TOKEN: NdLLJWUz7ZCQvyzA
./cocod start -d
新版本更新了运行脚本,使用方式./cocod start|stop|status|restart 后台运行请添加 -d 参数
启动成功后去Jumpserver 会话管理-终端管理(http://192.168.0.1:8080/terminal/terminal/)接受coco的注册
安装 Web Terminal 前端: Luna
下载Luna并解压
cd /usr/local
wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
tar zxvf luna.tar.gz
chown -R root:root luna
配置 Nginx 整合各组件
安装 Nginx
yum -y install nginx
准备配置文件 编写/etc/nginx/conf.d/jumpserver.conf
server {
listen 80; # 代理端口,以后将通过此端口进行访问,不再通过8080端口
server_name demo.jumpserver.org; # 修改成你的域名
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
运行 Nginx
service nginx start
chkconfig nginx on
访问 Web 端
http://<localhost>
默认账号密码:admin
