Jumpserver开源跳板机安装

1、Jumpserver简介

Jumpserver 是全球首款完全开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合4A的专业运维审计系统。其使用 Python / Django 进行开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 解决方案,交互界面美观、用户体验好。并且采纳分布式架构,支持多机房跨区域部署,中心节点提供 API,各机房部署登录节点,可横向扩展、无并发访问限制。

1.1、环境介绍

系统: CentOS 7.4.1708

服务器IP: 192.168.0.111

[root@localhost ~]# uname -r

3.10.0-693.el7.x86_64

[root@localhost ~]# cat /etc/redhat-release

CentOS Linux release 7.4.1708 (Core)

1.2、关闭 selinux 和防火墙

[root@localhost ~]# setenforce 0 #可以设置配置文件永久关闭

[root@localhost ~]# systemctl stop firewalld.service

[root@localhost ~]# systemctl disable firewalld.service

[root@localhost ~]# iptables -F

[root@localhost ~]# iptables-save

1.3、准备Python3和Python3虚拟环境

1)安装依赖包

[root@localhost ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

2)编译安装Pyhton-3.6.6

[root@localhost ~]# wget https://mirrors.yangxingzhen.com/python/Python-3.6.6.tgz

[root@localhost ~]# tar xf Python-3.6.6.tgz && cd Python-3.6.6

[root@localhost Python-3.6.6]# ./configure

[root@localhost Python-3.6.6]# make && make install

3)建立Python 3虚拟环境

因为 CentOS 6/7 自带的是 Python2,而Yum等工具依赖原来的 Python,为了不扰乱原来的环境我们来使用Python虚拟环境

[root@localhost ~]# cd /opt

[root@localhost opt]# python3 -m venv py3

[root@localhost opt]# source /opt/py3/bin/activate

# 看到下面的提示符代表成功,以后运行 Jumpserver 都要先运行以上 source 命令,以下所有命令均在该虚拟环境中运行

(py3) [root@localhost ~]#

1.4、 安装Jumpserver

1)下载或 Clone 项目

项目提交较多 git clone 时较大,你可以选择去 Github 项目页面直接下载zip包。

(py3) [root@localhost ~]# cd /opt/

(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master

#如果下载较慢,配置下hosts文件,请执行以下命令

(py3) [root@localhost opt]# cat >> /etc/hosts <<EOF

192.30.253.113 github.com

151.101.185.194 github.global.ssl.fastly.net

192.30.253.120 codeload.github.com

EOF

#如果还是慢,请执行以下命令

(py3) [root@localhost opt]# wget https://mirrors.yangxingzhen.com/jumpserver/jumpserver.tar.gz

2) 安装依赖RPM包

(py3) [root@localhost opt]# cd /opt/jumpserver/requirements

(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)

Jumpserver开源跳板机安装

3)安装Python库依赖

(py3) [root@localhost requirements]# pip install --upgrade pip setuptools

(py3) [root@localhost requirements]# pip install -r requirements.txt

Jumpserver开源跳板机安装

4)安装Redis

(py3) [root@localhost requirements]# wget -c https://mirrors.yangxingzhen.com/redis/redis-3.0.7.tar.gz

(py3) [root@localhost requirements]# tar zxf redis-3.0.7.tar.gz -C /usr/local/

(py3) [root@localhost requirements]# cd /usr/local/redis-3.0.7/

(py3) [root@localhost redis-3.0.7]# make

(py3) [root@localhost redis-3.0.7]# cd src/

(py3) [root@localhost src]# make install

(py3) [root@localhost src]# sed -i '/daemonize/s/no/yes/' /usr/local/redis-3.0.7/redis.conf

(py3) [root@localhost src]# ln -s /usr/local/redis-3.0.7/src/redis-* /usr/bin

(py3) [root@localhost src]# redis-server /usr/local/redis-3.0.7/redis.conf

5)安装Mariadb数据库(经测试由于YUM安装的数据库导致创建资产名称不能输入中文及其他未知Bug,建议源码安装MYSQL,可参照此文章安装数据库:https://nuoyo.cn/351.html)

(py3) [root@localhost src]# yum -y install mariadb mariadb-devel mariadb-server

(py3) [root@localhost src]# systemctl start mariadb

6)创建jumpserver数据库并授权

(py3) [root@localhost src]# mysql

MariaDB [(none)]> create database jumpserver;

MariaDB [(none)]> grant all on jumpserver.* to jumpserver@'127.0.0.1' identified by '123456';

MariaDB [(none)]> flush privileges;

7)修改Jumpserver配置文件

(py3) [root@localhost src]# cd /opt/jumpserver/

(py3) [root@localhost jumpserver]# cp config_example.yml config.yml

(py3) [root@localhost jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`

(py3) [root@localhost jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`

(py3) [root@localhost jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

(py3) [root@localhost jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml

(py3) [root@localhost jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml

(py3) [root@localhost jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml

(py3) [root@localhost jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml

(py3) [root@localhost jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml

(py3) [root@localhost jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: /'123456/'/g" /opt/jumpserver/config.yml

(py3) [root@localhost jumpserver]# egrep -v "^$|#" config.yml

Jumpserver开源跳板机安装

8)运行Jumpserver

(py3) [root@localhost requirements]# cd /opt/jumpserver

#后台运行使用 -d 参数

(py3) [root@localhost jumpserver]# ./jms start all -d

#新版本更新了运行脚本, 使用方式./jms start|stop|status all 后台运行请添加 -d参数

Jumpserver开源跳板机安装

Jumpserver开源跳板机安装

9)浏览器访问

#打开浏览器访问http://192.168.0.111:8080,出现以下界面

账号:admin    密码:admin

Jumpserver开源跳板机安装

1.5、安装 SSH Server 和 WebSocket Server: Coco

1)下载Clone项目

(py3) [root@localhost jumpserver]# cd /opt

(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master

2)安装依赖

(py3) [root@localhost coco]# cd requirements

(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)

(py3) [root@localhost requirements]# pip install -r requirements.txt

3)查看配置文件并且运行coco

(py3) [root@localhost requirements]# cd /opt/coco

(py3) [root@localhost coco]# cp config_example.yml config.yml

(py3) [root@localhost coco]# TOKEN=`awk '/BOOTSTRAP_TOKEN/ {print $2}' /opt/jumpserver/config.yml`

(py3) [root@localhost coco]# sed -i " s/BOOTSTRAP_TOKEN: .*/BOOTSTRAP_TOKEN: ${TOKEN}/" config.yml

(py3) [root@localhost coco]# nohup ./cocod start &

4)登录jumpserver,访问http://192.168.0.111:8080,会话管理->终端管理,如下图

Jumpserver开源跳板机安装

1.6、连接测试

1)终端连接测试(密码:admin)

(py3) [root@localhost coco]# ssh -p2222 admin@192.168.0.111

Jumpserver开源跳板机安装

2)Xshell连接测试(密码:admin)

Jumpserver开源跳板机安装

1.7、安装 Web Terminal 前端: Luna

安装 Web Terminal 前端: Luna 需要 Nginx 来运行访问 访问(https://github.com/jumpserver/luna/releases)下载对应版本的release包, 直接解压, 不需要编译

(py3) [root@localhost coco]# cd /opt

(py3) [root@localhost opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.0/luna.tar.gz

(py3) [root@localhost opt]# tar zxf luna.tar.gz

(py3) [root@localhost opt]# chown -R root:root luna

1.8、配置 Nginx 整合各组件

1)安装Nginx

(py3) [root@localhost opt]# yum -y install nginx

2)修改nginx.conf配置文件,配置内容如下

(py3) [root@localhost ~]# vim /etc/nginx/nginx.conf

	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log;
	pid /run/nginx.pid;
	include /usr/share/nginx/modules/*.conf;
	events {
	worker_connections 1024;
	}
http    {
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
			'$status $body_bytes_sent "$http_referer" '
			'"$http_user_agent" "$http_x_forwarded_for"';
	access_log /var/log/nginx/access.log main;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	include /etc/nginx/conf.d/*.conf;
server	{
	listen 80;
	server_name localhost;
	client_max_body_size 100m; # 录像及文件上传大小限制
	location /luna/ {
	try_files $uri / /index.html;
	alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
	}
	location /media/ {
	add_header Content-Encoding gzip;
	root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
	}
	location /static/ {
	root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
	}
	location /socket.io/ {
	proxy_pass http://localhost:5000/socket.io/;
	proxy_buffering off;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	access_log off;
	}
	location /coco/ {
	proxy_pass http://localhost:5000/coco/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	access_log off;
	}
	location / {
	proxy_pass http://localhost:8080;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
    }
}

3)启动Nginx服务

(py3) [root@localhost ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

(py3) [root@localhost ~]# nginx

4、访问Jumpserver,如下图

#浏览器输入http://192.168.0.111

Jumpserver开源跳板机安装

5、访问luna,如下图

Jumpserver开源跳板机安装

给TA打赏
共{{data.count}}人
人已打赏
运维

Linux系统监控工具dstat

2023-11-21 16:27:40

运维

简单API文档服务发布

2024-11-19 10:35:58

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索