jumpserver安装部署学习

chengxuyuan01 · 发表于 2023-3-6 17:04

花了三天，把jumpserver2版本整个部署了一遍，中间也出现了很多问题，幸好都自己解决了，感兴趣的可以看下，jumpserver还是比较好用的，具体的包我就不提供了，压缩包太大了{:301_972:} ，链接都在文档中

jumpserver环境搭建

介绍

搭建

环境

Centos7
- 2cpu
- 4g内存
- 50g存储
mysql
- 版本>=5.6
redis
yum
- 替换阿里云yum源
python
- python2
- python3

CentOs7

使用桥接方式配置虚拟机网络

服务器配置：

配置文件修改

[root@jumpserver-test ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736

TYPE=Ethernet
BOOTPROTO=dhcp          #改为static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=2a11b8f4-0022-4a54-b228-0e4c8e1156e7 #可使用uuidgen 命令重新获取后覆盖
DEVICE=eno16777736
ONBOOT=no               #改为yes
IPADDR=192.168.2.200    #增加项，与当前主机使用ip保持同一网段
NETMASK=255.255.255.0   #增加项，子网掩码
GETWAY=192.168.2.1      #增加项，网关
DNS1=192.168.2.1        #增加项，与主机网络适配器保持一致，没有就写网关地址

[root@jumpserver-test ~]# vim /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes          #增加项
GATEWAY=192.168.2.1     #增加项，与网关一致

[root@jumpserver-test ~]# vim /etc/resolv.conf 
nameserver 192.168.2.1  #增加项，与网关一致

#重启网卡
[root@jumpserver-test ~]# service network restart
#查看网络地址
[root@jumpserver-test ~]# ipp a
#可与本机进行互ping，或ping www.baidu.com

关闭防火墙

[root@jumpserver-test2 yum.repos.d]# iptables -F
[root@jumpserver-test2 yum.repos.d]# systemctl disable firewalld
[root@jumpserver-test2 yum.repos.d]# systemctl stop firewalld

#查看状态
[root@jumpserver-test2 yum.repos.d]# systemctl status firewalld

#更改配置文件修改防火墙
[root@jumpserver-test2 yum.repos.d]# vi /etc/selinux/config 

SELINUX=disabled     #更改状态为disabled

配置yum源

[root@jumpserver-test2 ~]# cd /etc/yum.repos.d/

#安装wget命令
[root@jumpserver-test2 yum.repos.d]# yum install -y wget

#备份原文件
[root@jumpserver-test2 /]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

[root@jumpserver-test2 /]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@jumpserver-test2 /]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

#清空yum缓存，重新生成yum缓存
[root@jumpserver-test2 /]# yum cleann all
[root@jumpserver-test2 /]# yum makecache

安装系统所需的软件

#yum安装
#系统初始化需要的软件
[root@jumpserver-test2 /]# yum install -y bash-completion vim lrzsz expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel gcc 

#jumpserver运行环境需要软件
[root@jumpserver-test2 /]# yum install -y git python-pip gcc automake autoconf pytho-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel

修改系统字符集

[root@jumpserver-test2 /]# localedef -c -f UTF-8 -i zh_CN  zh_CN.UTF-8
[root@jumpserver-test2 /]# export LC_ALL=zh_CN.UTF-8
#修改字符集命令，写入配置文件
[root@jumpserver-test2 /]# echo 'LANG="zh_CN.UTF-8"'> /etc/locale.conf 
#查看系统字符集
[root@jumpserver-test2 /]# locale
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=zh_CN.UTF-8

mysql

5.6

#新建mysl文件夹
[root@jumpserver-test2 data]# mkdir /data/mysql
# 获取mysql 安装包
[root@jumpserver-test2 mysql]# wget https://cdn.mysql.com/Downloads/MySQL-5.7/MySQL-5.7.49-1.el7.x86_64.rpm-bundle.tar
#https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
#解压缩
[root@jumpserver-test2 mysql]# tar -xf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar 
[root@jumpserver-test2 mysql]# mkdir mysql_rpm
[root@jumpserver-test2 mysql]# mv ./*.rpm mysql_rpm/

#yum localinstall 安装
[root@jumpserver-test2 mysql_rpm]# yum localinstall ./*

#卸载命令
#rpm -qa | grep -i mysql
#yum remove -y mysql-community-server-5.6.36-2.el7.x86_64
#yum remove -y mysql-community-server-5.7.26-1.el7.x86_64 mysql-community-test-5.7.26-1.el7.x86_64 mysql-community-common-5.7.26-1.el7.x86_64 mysql-community-client-5.7.26-1.el7.x86_64 mysql-community-devel-5.7.26-1.el7.x86_64 mysql-community-embedded-devel-5.7.26-1.el7.x86_64 mysql-community-libs-compat-5.7.26-1.el7.x86_64 mysql-community-libs-5.7.26-1.el7.x86_64 mysql-community-embedded-5.7.26-1.el7.x86_64 mysql-community-embedded-compat-5.7.26-1.el7.x86_64

#安装完毕，检查mysql配置文件，做如下修改
[root@jumpserver-test2 mysql_rpm]# vi /etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log #修改mariadb为mysql
pid-file=/var/run/mariadb/mariadb.pid  #修改mariadb为mysql

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

#启动mysql服务端
[root@jumpserver-test2 mysql_rpm]# systemctl start mysql

#初始化mysql，mysql安装后默认生成密码
[root@jumpserver-test2 mysql_rpm]# cat ~/.mysql_secret 

#修改密码
[root@jumpserver-test2 mysql_rpm]# mysqladmin -uroot -po3ObQ0qUPOkVd6rN password 111111
#该方式会在history记录中展示密码，可进入mysql客户端后对密码进行更改
mysql>update mysql.user set password=password('111111') where user='root';

#创建jumpserver需要的用户信息
#创建数据库
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';
Query OK, 1 row affected (0.00 sec)

#创建用户+密码
mysql> create user 'jumpserver'@'%' IDENTIFIED BY '111111';
Query OK, 0 rows affected (0.00 sec)

#数据库访问权限授予
mysql> grant all privileges on jumpserver .* to 'jumpserver'@'%' identified by '111111';

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

5.7

#新建mysl文件夹
[root@jumpserver-test2 data]# mkdir /data/mysql
# 获取mysql 安装包
[root@jumpserver-test2 mysql]# wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
#解压缩
[root@jumpserver-test2 mysql]# tar -xf MySQL-5.7.26.el7.x86_64.rpm-bundle.tar 
[root@jumpserver-test2 mysql]# mkdir mysql_rpm
[root@jumpserver-test2 mysql]# mv ./*.rpm mysql_rpm/

#yum localinstall 安装
[root@jumpserver-test2 mysql_rpm]# yum localinstall ./*

#卸载命令
#rpm -qa | grep -i mysql
#yum remove -y mysql-community-server-5.7.26.el7.x86_64
#yum remove -y mysql-community-server-5.7.26-1.el7.x86_64 mysql-community-test-5.7.26-1.el7.x86_64 mysql-community-common-5.7.26-1.el7.x86_64 mysql-community-client-5.7.26-1.el7.x86_64 mysql-community-devel-5.7.26-1.el7.x86_64 mysql-community-embedded-devel-5.7.26-1.el7.x86_64 mysql-community-libs-compat-5.7.26-1.el7.x86_64 mysql-community-libs-5.7.26-1.el7.x86_64 mysql-community-embedded-5.7.26-1.el7.x86_64 mysql-community-embedded-compat-5.7.26-1.el7.x86_64

#注：所有信息必须完全删除，否则会导致新服务无法正常启动

#安装完毕，检查mysql配置文件，做如下修改
[root@jumpserver-test2 mysql_rpm]# vi /etc/my.cnf

[mysqld]
validate-password=OFF　　//在[mysqld]模块内添加，将validate_password插件关闭

#启动mysql服务端
[root@jumpserver-test2 mysql_rpm]# systemctl start mysqld

#初始化mysql，mysql安装后默认生成密码
[root@jumpserver-test2 mysql_rpm]# grep "password" /var/log/mysqld.log

#修改密码
mysql>alter user 'root'@'%' identified by '111111';

#创建jumpserver需要的用户信息
#创建数据库
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';
Query OK, 1 row affected (0.00 sec)

#创建用户+密码
mysql> create user 'jumpserver'@'%' IDENTIFIED BY '111111';
Query OK, 0 rows affected (0.00 sec)

#数据库访问权限授予
mysql> grant all privileges on jumpserver .* to 'jumpserver'@'%' identified by '111111';

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

python环境

#解释器下载
[root@jumpserver-test2 data]#cd /data/pdir && \
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz

#解压缩
[root@jumpserver-test2 pdir]# tar -zxf Python-3.6.10.tgz 

[root@jumpserver-test2 pdir]#cd Python-3.6.10

[root@jumpserver-test2 pdir]#./configure --prefix=/data/pdir/python3.6.10

[root@jumpserver-test2 Python-3.6.10]# make && make install

#环境变量设置
[root@jumpserver-test2 bin]# vim /etc/profile
#--profile指定的python路径
PATH="/data/pdir/python3.6.10/bin:$PATH"

#创建python3虚拟环境
#更改pip源地址,默认pip源下载很慢
[root@jumpserver-test2 bin]# mkdir ~/.pip
[root@jumpserver-test2 bin]# touch ~/.pip/pip.conf
[root@jumpserver-test2 bin]# vim ~/.pip/pip.conf 
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/

#下载安装虚拟环境工具
[root@jumpserver-test2 bin]# pip3 install virtualenv

#使用虚拟环境工具创建新的python3解释器
[root@jumpserver-test2 pdir]# virtualenv --python=python3 p_env
#本体是/data/pdir/python3.6.10/bin/python3
#虚拟解释器路径是/data/pdir/p_env/bin/python3

#激活虚拟环境
[root@jumpserver-test2 pdir]# source /data/pdir/p_env/bin/activate
#此时默认修改了环境变量，且虚拟环境目录下路径处于本地解释器路径之前
(p_env) [root@jumpserver-test2 pdir]# echo $PATH
/data/pdir/p_env/bin:/data/pdir/python3.6.10/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#退出后环境环境变量恢复
(p_env) [root@jumpserver-test2 pdir]# deactivate

Redis

redis安装方式：

rpm包安装，需要解决依赖问题
yum安装，自动解决依赖问题
源代码编译安装

#yum 安装
[root@jumpserver-test2 pdir]# yum install -y redis
#启动
[root@jumpserver-test2 pdir]# systemctl start redis
#查看端口占用
[root@jumpserver-test2 pdir]# netstat -nultp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      52211/redis-server  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1316/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3302/master         
tcp6       0      0 :::3306                 :::*                    LISTEN      11569/mysqld        
tcp6       0      0 :::22                   :::*                    LISTEN      1316/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      3302/master         
#启动redis客户端
[root@jumpserver-test2 pdir]# redis-cli 
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> set a 1
OK

jumpserver部署

#获取jumpserver代码
[root@jumpserver-test2 data]# wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz

#解压缩源码，安装系统所以来的功能组件
[root@jumpserver-test2 pdir]# tar -zxf jumpserver-v2.1.0.tar.gz 
#设置软链接
[root@jumpserver-test2 pdir]# ln -s jumpserver-v2.1.0 jumpserver

#安装运行需要的依赖，需要先激活虚拟环境
[root@jumpserver-test2 jumpserver]# source /data/pdir/p_env/bin/activate
#安装
(p_env) [root@jumpserver-test2 jumpserver]# pip3 install -r /data/pdir/jumpserver/requirements/requirements.txt 

#配置文件备份修改
#备份
(p_env) [root@jumpserver-test2 jumpserver]# cp config_example.yml config.yml

#查看，排除无必要的信息
(p_env) [root@jumpserver-test2 jumpserver]# grep -Ev '^#|^$' config.yml 
SECRET_KEY:
BOOTSTRAP_TOKEN:
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: 
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
#修改
#生成SECRET_KEY和BOOTSTRAP_TOKEN
(p_env) [root@jumpserver-test2 jumpserver]# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
NVL1RO2peOxkpCeY6owkLyOyHtD1Wluly3C7l07yUClW8UsklS

(p_env) [root@jumpserver-test2 jumpserver]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
yPLumD5bW9wGSr13

数据库迁移

jumpserver是使用python的web框架django进行开发的，必须先进行数据库迁移，生成对应库表信息后，才能运行程序

#运行 manage.py文件
(p_env) [root@jumpserver-test2 jumpserver]# cd apps/

#运行，生成数据库表
(p_env) [root@jumpserver-test2 apps]# python3 /data/pdir/jumpserver/apps/manage.py makemigrations
#备注：如果mysql密码为纯数字，数字必须要加上'',不然会报 TypeError: connect() argument 3 must be str, not int
Migrations for 'tickets':
  apps/tickets/migrations/0002_auto_20230305_2125.py
    - Alter field type on ticket

(p_env) [root@jumpserver-test2 jumpserver]# python3 /data/pdir/jumpserver/apps/manage.py migrate

#注意：jumpserver高版本进行数据迁移要求mysql版>=5.7,否则会报错

启动服务 jms

#后台运行jms服务，jms为jumpserver封装的启动文件
(p_env) [root@jumpserver-test2 jumpserver]# /data/pdir/jumpserver/jms start -d

2023-03-05 21:29:56 Sun Mar  5 21:29:56 2023
2023-03-05 21:29:56 Jumpserver version v2.1.0, more see https://www.jumpserver.org

- Start Gunicorn WSGI HTTP Server
2023-03-05 21:29:56 Check database connection ...
users
 [X] 0001_initial
 [X] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
 [X] 0020_auto_20190612_1825
 [X] 0021_auto_20190625_1104
 [X] 0022_auto_20190625_1105
 [X] 0023_auto_20190724_1525
 [X] 0024_auto_20191118_1612
 [X] 0025_auto_20200206_1216
 [X] 0026_auto_20200508_2105
 [X] 0027_auto_20200616_1503
2023-03-05 21:30:00 Database connect success
2023-03-05 21:30:00 Check database structure change ...
2023-03-05 21:30:00 Migrate model change to database ...
Operations to perform:
  Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
  No migrations to apply.
2023-03-05 21:30:05 Collect static files
2023-03-05 21:30:08 Collect static files done

- Start Celery as Distributed Task Queue: Ansible

- Start Celery as Distributed Task Queue: Celery

- Start Beat as Periodic Task Scheduler

- Start Flower as Task Monitor

- Start Daphne ASGI WS Server
gunicorn is running: 55159
celery_ansible is running: 55170
celery_default is running: 55174
beat is running: 55178
flower is running: 55187
daphne is running: 55193
#此时证明服务正常启动
#可通过命令查看端口占用
(p_env) [root@jumpserver-test2 jumpserver]# netstat -nultp

#http://192.168.2.201:8080/

koko组件安装

koko 是使用golang语言进行开发的一个组件，相对比pytho开发的，性能、系统资源利用率更高

(p_env) [root@jumpserver-test2 pdir]# wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz

(p_env) [root@jumpserver-test2 pdir]# tar -zxf koko-v2.1.0-linux-amd64\ \(1\).tar.gz 

(p_env) [root@jumpserver-test2 pdir]# ln -s koko-v2.1.0-linux-amd64/ koko

(p_env) [root@jumpserver-test2 pdir]# cd koko

(p_env) [root@jumpserver-test2 koko]# cp config_example.yml config.yml

(p_env) [root@jumpserver-test2 koko]# vim config.yml 
# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://127.0.0.1:8080

# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致，注册完成后可以删除
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN   #改为jumpserver对应数据

# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: INFO                     #打开日志

# Redis配置
REDIS_HOST: 127.0.0.1               #打开redis配置
REDIS_PORT: 6379 
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:

#启动程序
(p_env) [root@jumpserver-test2 koko]#  /data/pdir/koko/koko -d

(p_env) [root@jumpserver-test2 koko]# ps -ef | grep koko
#保证BOOTSTRAP_TOKEN 值的一致，否则keko启动失败， {"detail":"身份认证信息未提供。"}

(p_env) [root@jumpserver-test2 koko]# cat data/logs/koko.log 

2023-03-06 00:41:04 [ERRO] POST http://127.0.0.1:8080/api/v2/terminal/terminal-registrations/ failed, get code: 401, {"detail":"身份认证信息未提供。"}    #此时BOOTSTRAP_TOKEN值未获取，启动失败
2023-03-06 00:41:04 [ERRO] register access key failed
2023-03-06 00:46:39 [INFO] Exchange share room type: local
2023-03-06 00:46:40 [INFO] Start SSH server at 0.0.0.0:2222
2023-03-06 00:46:40 [INFO] Start HTTP server at 0.0.0.0:5000

Guacomole

#下载源码
https://guacamole.apache.org/releases/1.2.0/

#解压缩
(p_env) [root@jumpserver-test2 pdir]# tar -zxf guacamole-server-1.2.0.tar.gz 

#安装依赖的软件包
#参照文档https://guacamole.apache.org/doc/gug/installing-guacamole.html
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# yum install -y cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel
#可选择安装的软件包
yum install -y freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel 

#安装ffmpeg工具
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# sudo yum install epel-release -y    #之前已安装
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# yum install ffmpeg ffmpeg-devel -y
#查看ffmpeg安装结果
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# ffmpeg -version

#编译安装
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# ./configure --with-init-dir=/etc/init.d
(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# make && make install

#部署java开发环境
(p_env) [root@jumpserver-test2 data]# yum install -y java-1.8.0-openjdk

#创建运行文件夹
(p_env) [root@jumpserver-test2 /]# mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && \
chown daemon:daemon /config/guacamole/record /config/guacamole/drive

#下载tomcat
(p_env) [root@jumpserver-test2 pdir]# wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.72/bin/apache-tomcat-9.0.72.tar.gz

(p_env) [root@jumpserver-test2 pdir]# tar -zxf apache-tomcat-9.0.72.tar.gz 

(p_env) [root@jumpserver-test2 pdir]# mv apache-tomcat-9.0.72 tomcat

(p_env) [root@jumpserver-test2 pdir]# rm -rf tomcat/webapps/*

#https://archive.apache.org/dist/guacamole/1.3.0/binary/guacamole-1.3.0.war
(p_env) [root@jumpserver-test2 pdir]# ln -sf guacamole-1.2.0.war /data/pdir/tomcat/webapps/

(p_env) [root@jumpserver-test2 guacamole-server-1.2.0]# cd /config/guacamole/
(p_env) [root@jumpserver-test2 guacamole]# touch guacamole.properties
(p_env) [root@jumpserver-test2 guacamole]# vim guacamole.properties
# 配置用户映射文件
basic-user-mapping: /opt/software/config/guacamole/user-mapping.xml

(p_env) [root@jumpserver-test2 guacamole]# touch user-mapping.xml

(p_env) [root@jumpserver-test2 guacamole]# vim user-mapping.xml 

<user-mapping>

    <!-- Per-user authentication and config information -->
    <authorize username="USERNAME" password="PASSWORD">
        <protocol>vnc</protocol>
        <param name="hostname">localhost</param>
        <param name="port">5900</param>
        <param name="password">VNCPASS</param>
    </authorize>

    <!-- Another user, but using md5 to hash the password
                  (example below uses the md5 hash of "PASSWORD") -->
    <authorize 
            username="USERNAME2"
            password="319f4d26e3c536b5dd871bb2c52e3178"
            encoding="md5">

        <!-- First authorized connection -->
        <connection name="localhost">
            <protocol>vnc</protocol>
            <param name="hostname">localhost</param>
            <param name="port">5901</param>
            <param name="password">VNCPASS</param>
        </connection>

        <!-- Second authorized connection -->
        <connection name="otherhost">
            <protocol>vnc</protocol>
            <param name="hostname">otherhost</param>
            <param name="port">5900</param>
            <param name="password">VNCPASS</param>
        </connection>

    </authorize>

    <authorize username="admin" password="123456">

        <!-- First authorized connection -->
        <connection name="connection1">
            <protocol>ssh</protocol>
            <param name="hostname">127.0.0.1</param>
            <param name="port">22</param>
            <param name="username">root</param>
            <param name="password">123456</param>
        </connection>

        <!-- Second authorized connection -->
        <connection name="connection2">
            <protocol>vnc</protocol>
            <param name="hostname">192.168.0.1</param>
            <param name="port">5900</param>
            <param name="password">VNCPASS</param>
        </connection>

    </authorize>

</user-mapping>

#设置guacamole运行环境变量
#export JUMPSERVER_SERVER=http://127.0.0.1:8080
#echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
#export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13
#echo "export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13" >> ~/.bashrc
#export JUMPSERVER_KEY_DIR=/config/guacamole/keys
#echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
#export GUACAMOLE_HOME=/config/guacamole
#echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
#export GUCAMOLE_LOG_LEVEL=ERROR
#echo "export GUCAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
#export JUMPSERVER_ENABLE_DRIVE=true
#echo "JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

(p_env) [root@jumpserver-test2 guacamole]# export JUMPSERVER_SERVER=http://127.0.0.1:8080
(p_env) [root@jumpserver-test2 guacamole]# echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13
(p_env) [root@jumpserver-test2 guacamole]# echo "export BOOTSTRAP_TOKEN=yPLumD5bW9wGSr13" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export JUMPSERVER_KEY_DIR=/config/guacamole/keys
(p_env) [root@jumpserver-test2 guacamole]# echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export GUACAMOLE_HOME=/config/guacamole
(p_env) [root@jumpserver-test2 guacamole]# echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export GUCAMOLE_LOG_LEVEL=ERROR
(p_env) [root@jumpserver-test2 guacamole]# echo "export GUCAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
(p_env) [root@jumpserver-test2 guacamole]# export JUMPSERVER_ENABLE_DRIVE=true
(p_env) [root@jumpserver-test2 guacamole]# echo "JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

(p_env) [root@jumpserver-test2 guacamole]# /etc/init.d/guacd start
(p_env) [root@jumpserver-test2 pdir]# sh tomcat/bin/startup.sh

lina组件

#nginx安装
(p_env) [root@jumpserver-test2 pdir]# yum install -y nginx

#代码下载
(p_env) [root@jumpserver-test2 pdir]# wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz

#解压缩
(p_env) [root@jumpserver-test2 pdir]# tar -zxf lina-v2.1.0.tar.gz

luna组件


#代码下载
(p_env) [root@jumpserver-test2 pdir]# wget https://github.com/jumpserver/luna/releases/download/v2.1.0/luna-v2.1.0.tar.gz

(p_env) [root@jumpserver-test2 pdir]# tar -zxf luna-v2.1.0.tar.gz 
(p_env) [root@jumpserver-test2 pdir]# mv luna-v2.1.0 luna
(p_env) [root@jumpserver-test2 pdir]# chown -R root:root luna

nginx


#安装
(p_env) [root@jumpserver-test2 pdir]# yum install -y nginx

#修改配置
(p_env) [root@jumpserver-test2 pdir]# sed -i '38,58d' /etc/nginx/nginx.conf

#加入新的虚拟配置

server {
    listen 80;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /ui/ {
        try_files $uri / /index.html;
        alias /data/pdir/lina/;
    }

    location /luna/ {
        try_files $uri / /index.html;
        alias /data/pdir/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /data/pdir/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /data/pdir/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
        proxy_pass       http://localhost:5000;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /core/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        rewrite ^/(.*)$ /ui/$1 last;
    }
}

#启动nginx
(p_env) [root@jumpserver-test2 pdir]# nginx -t
(p_env) [root@jumpserver-test2 pdir]# nginx

#访问http://ip

dupeng0720 · 发表于 2023-3-6 17:12

技术大佬，学习下思路。

笨蛋先森 · 发表于 2023-3-6 17:16

感谢分享

小麦麦早 · 发表于 2023-3-6 17:25

上午刚跟他们公司联系了，了解了一下一体机的情况，还是不错的

抢师太的秃驴 · 发表于 2023-3-6 17:55

我在虚拟机上部一个玩，打开Web的没办法跳转，页面显示不全，SSH跟远程桌面的就没问题

chengxuyuan01 · 发表于 2023-3-6 17:59

抢师太的秃驴发表于 2023-3-6 17:55
我在虚拟机上部一个玩，打开Web的没办法跳转，页面显示不全，SSH跟远程桌面的就没问题

我这个还行啊，不管是数据库还是服务器都可以连接，你是不是koko组件没装，还是koko挂了，没有这个是不能连接的

koogg · 发表于 2023-3-6 18:34

感谢大佬，跟着学习下，之前一直直接装，死活不成功，后来用了docker的方式，这个回头再跟着试试，

心伤的天堂 · 发表于 2023-3-6 20:17

难得在52看到这类文章呀

kcuye · 发表于 2023-3-6 20:22

改天自己装一个试试看，我一直用的懒人模式《Docker》部署的，自己改一下配置文件就可以用了。特方便。但是docker总归不如自己部署来的安心....

jidesheng6 · 发表于 2023-3-6 21:24

kcuye 发表于 2023-3-6 20:22
改天自己装一个试试看，我一直用的懒人模式《Docker》部署的，自己改一下配置文件就可以用了。特 ...

自己玩，docker就够了，企业真用的话要么一体机要么掏钱了，直接厂商给你搞定

帐号		自动登录	找回密码
密码			注册[Register]

[学习记录] jumpserver安装部署学习