首页 > 其他分享 >jumserver详细部署文档

jumserver详细部署文档

时间:2024-04-05 23:12:27浏览次数:27  
标签:opt tar 部署 0.0 jumpserver 文档 proxy v2.12 jumserver

jumserver

部署前关闭防火墙这些

部署前关闭防火墙这些

部署前关闭防火墙这些

部署前关闭防火墙这些

部署一台mysql5.7

友情提示:mysql数据库密码请使用 "字母+数字"

用"yuchao666"

数据库密码连接,读取的是字符串类型

如果你的数据库密码是 "123456"这样的纯数字,

在config.yml里面填入的DB_PASSWORD: "123456" 需要像这样,添加引号,否则报错。

# 设置 Repo源
yum -y localinstall http://mirrors.ustc.edu.cn/mysql-repo/mysql57-community-release-el7.rpm

# 关闭秘钥检查
sed  -i '/gpgcheck=1/c gpgcheck=0' /etc/yum.repos.d/mysql-community*

#下载mysql
yum clean all
yum install -y mysql-community-server

# 配置 MySQL, 默认5.7意思默认启动会生成随机密码,如下命令,修改配置文件,可以让他默认别生成随机密码。
if [ ! "$(cat /usr/bin/mysqld_pre_systemd | grep -v ^\# | grep initialize-insecure )" ]; then
    sed -i "s@--initialize @--initialize-insecure @g" /usr/bin/mysqld_pre_systemd
fi

#没报错启动数据库-------------------------------------------
# 踩坑. 踩坑 配置了上面跳过默认生成密码不行
[localhost root ~]#mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

# 解决办法
grep 'temporary password' /var/log/mysqld.log  # 找到默认密码
2024-01-07T06:19:59.603528Z 1 [Note] A temporary password is generated for root@localhost: pg=i2Rf3Is.N

默认密码root@localhost: pg=i2Rf3Is.N

[localhost root ~]#mysql -u root -p
Enter password:  # 这里输入查找到的密码pg=i2Rf3Is.N
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.44

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>

# 启动数据库
systemctl enable mysqld
systemctl start mysqld

# 启动成功后检查
ps -ef |  grep mysql
root     27479 27325  0 14:20 pts/0    00:00:00 grep --color=auto mysql

# 登录数据库 -->> 数据库授权,改密码
[localhost root ~]#mysql -u root -p
Enter password:

# 修改数据初始密码
mysql> set global validate_password_policy=LOW; # 支持弱密码类型
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'yuchao666'  # 修改数据库密码

# 创建数据库表,修改字符,支持中文编码,用于写入jumserver数据
mysql> create database jumpserver default charset 'utf8';
Query OK, 0 rows affected (0.01 sec)

# 检查是否创建表成功
mysql>
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| jumpserver         |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

# 创建一个用户
mysql> create user 'jumpserver'@'%' identified by 'linux0224';
Query OK, 0 rows affected (0.01 sec)

# 授权用户远程登录
mysql> grant all on jumpserver.* to 'jumpserver'@'%';
Query OK, 0 rows affected (0.00 sec)

# 刷新权限表
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

# 这里数据库就配置完毕了

部署redis数据库

# 下载源码,要求版本大于6.0 这里编译安装
yum -y install epel-release wget make gcc-c++

# 下载redis配置源码
cd /opt
wget https://download.redis.io/releases/redis-6.2.4.tar.gz

# 在opt目录下解压redis安装包
tar -xf redis-6.2.4.tar.gz

# 进入解压好的安装包里面
cd redis-6.2.4

# 直接编译安装到指定目录
make && make install PREFIX=/usr/local/redis

# 安装成功后,命令都在这个文件里面,应为是二进制安装,由于这个目录在PATH中,所以可以直接使用命令
cd /usr/local/redis/
ls bin/
redis-benchmark  redis-check-aof  redis-check-rdb  redis-cli  redis-sentinel  redis-server

# 然后再回去/opt/redis目录下
cd /opt/redis-6.2.4

1. 拷贝配置文件
cp redis.conf /etc/redis.conf

2. 修改配置文件访问端口,原来只有本地,现在全部流量ip都可以访问
sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis.conf

3. 让redis以守护进程,后台运行
sed -i "s/daemonize no/daemonize yes/g" /etc/redis.conf

4. 设置redis内存参数,内存缓存算法
sed -i "561i maxmemory-policy allkeys-lru" /etc/redis.conf

5. 是指redis连接密码linux0224
sed -i "481i requirepass linux0224" /etc/redis.conf

#  配置启动脚本,由于是编译安装没有启动命令
cat >/etc/systemd/system/redis.service <<EOF
[Unit]
Description=Redis persistent key-value database
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/redis_6379.pid
ExecStart=/usr/local/redis/bin/redis-server /etc/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID

[Install]
WantedBy=multi-user.target
EOF

# 启动redis
[localhost root /opt/redis-6.2.4]#systemctl enable redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /etc/systemd/system/redis.service.

systemctl start redis

# 查看是否启动
[localhost root /opt/redis-6.2.4]#ps -ef |grep redis
root     32069     1  0 15:41 ?        00:00:00 /usr/local/redis/bin/redis-server 0.0.0.0:6379
root     32077 27325  0 15:41 pts/0    00:00:00 grep --color=auto redis

# 连接redis数据库
redis-cli
-bash: redis-cli: 未找到命令
踩坑因为编译安装没有添加到PATH变量中
把redis路径写入变量中
vim /etc/profile
export PATH=$PATH:/usr/local/redis/bin

# 重新链接成功
[localhost root /opt/redis-6.2.4]#redis-cli
127.0.0.1:6379>

# 安装完成

部署core

切换服务器主机,保证电脑干净利索61机器
检查防火墙

# yum源,基础环境部署
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

# 安装基础软件
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate  openldap-devel

# 安装python程序,必须的一些基础依赖。
yum -y install git python-pip  gcc automake autoconf python-devel vim sshpass lrzsz readline-devel  zlib zlib-devel openssl openssl-dev

# 设置master-61机器的系统编码环境,支持中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

# 设置操作系统所有的语言环境,改为中文utf8编码
export LC_ALL=zh_CN.UTF-8 

# 使用locale命令查看所有编码变量
[localhost root ~]#locale
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=zh_CN.UTF-8

# 下载jumpserver后端核心源码
mkdir /opt/jumpserver-v2.12.0
wget -O /opt/jumpserver-v2.12.0.tar.gz https://github.com/jumpserver/jumpserver/archive/refs/tags/v2.12.0.tar.gz

# 解压代码
cd /opt ; tar -xf jumpserver-v2.12.0.tar.gz -C /opt/jumpserver-v2.12.0 --strip-components 1

# 进入jumpserver-v2.12.0文件夹安装依赖
yum install -y $(cat /opt/jumpserver-v2.12.0/requirements/rpm_requirements.txt)

# 在编译安装python3依赖,注意这里python的包,是不带3这个数字的!!
yum install gcc patch libffi-devel python-devel  zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel -y

# 下载源码pytho3安装编译
1. cd /opt && wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz  # 下载
2. tar -zxf Python-3.6.9.tgz # 到opt解压python
3. cd Python-3.6.9/ # 进入到这个目录
4. ./configure --prefix=/opt/python369/  # 安装到这个目录
5. make && make install # 编译且安装

# 安装成功添加python的path变量
vim /etc/profile
export PATH=$PATH:/opt/python369/bin

# 确认是否安装成功
python3 -V

# 安装python虚拟环境
cd /opt && python3 -m venv /opt/venv_py3

# 激活虚拟环境
source /opt/venv_py3/bin/activate

# 配置pip3的下载源,中国科技大学源,加速模块下载
mkdir ~/.pip

vim  ~/.pip/pip.conf 

# 创建一个pip.conf写入下面内容
[global]
index-url=https://pypi.mirrors.ustc.edu.cn/simple/

# 升级pip
pip install pip -U

# 更新wheel编译python模块工具
pip install wheel

# 装jumpserver的centos系统依赖
cd /opt/jumpserver-v2.12.0/requirements
yum install $(cat rpm_requirements.txt) -y

# 必要的话,更新下centos所有基础依赖
yum update -y

# 安装python模块
pip3 install -r /opt/jumpserver-v2.12.0/requirements/requirements.txt

# 查看安装模块
pip3 list

踩坑报错
pyopenssl 23.2.0 has requirement cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0, but you'll have cryptography 3.3.2 which is incompatible.

(venv_py3) [localhost root ~]#pip3 list
Traceback (most recent call last):
  File "/opt/venv_py3/bin/pip3", line 7, in <module>
    from pip._internal import main
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/__init__.py", line 40, in <module>
    from pip._internal.cli.autocompletion import autocomplete
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/cli/autocompletion.py", line 8, in <module>
    from pip._internal.cli.main_parser import create_main_parser
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/cli/main_parser.py", line 12, in <module>
    from pip._internal.commands import (
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/commands/__init__.py", line 6, in <module>
    from pip._internal.commands.completion import CompletionCommand
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/commands/completion.py", line 6, in <module>
    from pip._internal.cli.base_command import Command
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/cli/base_command.py", line 18, in <module>
    from pip._internal.download import PipSession
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_internal/download.py", line 15, in <module>
    from pip._vendor import requests, six, urllib3
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_vendor/requests/__init__.py", line 97, in <module>
    from pip._vendor.urllib3.contrib import pyopenssl
  File "/opt/venv_py3/lib/python3.6/site-packages/pip/_vendor/urllib3/contrib/pyopenssl.py", line 46, in <module>
    import OpenSSL.SSL
  File "/opt/venv_py3/lib/python3.6/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import SSL, crypto
  File "/opt/venv_py3/lib/python3.6/site-packages/OpenSSL/SSL.py", line 19, in <module>
    from OpenSSL.crypto import (
  File "/opt/venv_py3/lib/python3.6/site-packages/OpenSSL/crypto.py", line 3271, in <module>
    name="load_pkcs7_data",
TypeError: deprecated() got an unexpected keyword argument 'name'

# 解决办法删除虚拟环境
rm -rf /opt/venv_py3

# 退出虚拟环境
deactivate

# 重新安装虚拟环境
python3 -m venv /opt/venv_py3

# 启动虚拟环境
source /opt/venv_py3/bin/activate

# 升级pip
pip install pip -U

# 更新wheel编译python模块工具
ip install wheel

# 装jumpserver的centos系统依赖
cd /opt/jumpserver-v2.12.0/requirements
yum install $(cat rpm_requirements.txt) -y

# 必要的话,更新下centos所有基础依赖
yum update -y

# 装python三方模块,--no-cache,不带有缓存的重新下载,确保无误
pip install -r requirements.txt --no-cache

修改jumpserver代码的配置文件

# 拷贝配置文件,修改配置文件如下
cd /opt/jumpserver-v2.12.0
cp config_example.yml config.yml

# 生成如下2个变量的随机值,待会配置文件得用
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

# 修改jumpserver后台的配置文件【请注意,这个文件是yaml语法,空格语法很严格】大家,照着我这个修改即可
vim /opt/jumpserver-v2.12.0/config.yml 
SECRET_KEY: "$SECRET_KEY"
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
DEBUG: true                   # 开发建议打开 DEBUG, 生产环境应该关闭
LOG_LEVEL: DEBUG              # 开发建议设置 DEBUG, 生产环境推荐使用 ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true  # 浏览器关闭 session 过期
DB_ENGINE: mysql	# 数据库引擎是mysql
DB_HOST: 10.0.0.51       # 自行配置数据库相关ip服务器地址
DB_PORT: 3306		# 数据库端口
DB_USER: jumpserver		# 数据库远程连接的用户
DB_PASSWORD: linux0224		# mysql密码
DB_NAME: jumpserver			# mysql存储的库名
HTTP_BIND_HOST: 0.0.0.0  	# core服务运行的地址
HTTP_LISTEN_PORT: 8080		# core服务运行的端口
WS_LISTEN_PORT: 8070		# 后端websocket协议的端口
REDIS_HOST: 10.0.0.51       # 自行配置 Redis ip服务器地址
REDIS_PORT: 6379
REDIS_PASSWORD: linux0224	 # 自定义的redis密码

# 因此最终的配置如下
(venv_py3) [root@master-61 /opt/jumpserver-v2.12.0]#cat config.yml 
SECRET_KEY: "$SECRET_KEY"
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
DEBUG: true
LOG_LEVEL: DEBUG
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
DB_ENGINE: mysql
DB_HOST: 10.0.0.51
DB_PORT: 3306
DB_USER: jumpserver   
DB_PASSWORD: linux0224
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 10.0.0.51
REDIS_PORT: 6379
REDIS_PASSWORD: linux0224

# 进入apps文件夹
cd apps/
(venv_py3) [localhost root /opt/jumpserver-v2.12.0/apps]#pwd
/opt/jumpserver-v2.12.0/apps

# 迁移数据库
python3 manage.py makemigrations 
python3 manage.py migrate

# 迁移数据库成功后一键脚本启动
cd /opt/jumpserver-v2.12.0
./jms start all -d

# 看到这些PID启动表示成功
gunicorn is running: 28585
flower is running: 28600
daphne is running: 28963
celery_ansible is running: 29132
celery_default is running: 29272
beat is running: 29557

# 检查是否启动成功
(venv_py3) [localhost root /opt/jumpserver-v2.12.0]#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8070            0.0.0.0:*               LISTEN      28963/python3
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      28585/python3
tcp        0      0 0.0.0.0:5555            0.0.0.0:*               LISTEN      28600/python3
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      23338/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1765/master
tcp6       0      0 :::5555                 :::*                    LISTEN      28600/python3
tcp6       0      0 :::22                   :::*                    LISTEN      23338/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1765/master
udp        0      0 0.0.0.0:68              0.0.0.0:*                           969/dhclient
udp        0      0 127.0.0.1:323           0.0.0.0:*                           797/chronyd
udp6       0      0 ::1:323                 :::*                                797/chronyd

# 首次访问,登录,修改密码
ip地址加上端口号
10.0.0.61:8080
账号:admin
密码:admin
首次登录会让你修改密码
修改完密码在访问他会提示你需要部署nginx这些

lina前端(可视化前端页面)

# 退出虚拟环境
deactivate

# 创建文件夹
mkdir -p /opt/lina-v2.12.0

# 下载源码,如果速度太慢可以群里超哥等拿安装包
wget -O /opt/lina-v2.12.0.tar.gz https://github.com/jumpserver/lina/archive/refs/tags/v2.12.0.tar.gz

# 解压软件
cd /opt/
tar -xf lina-v2.12.0.tar.gz -C /opt/lina-v2.12.0 --strip-components 1

# 部署nodejs
mkdir -p /opt/node-v10.24.1 && cd /opt/node-v10.24.1 && wget https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-x64.tar.gz

# 解压软件
tar -xf node-v10.24.1-linux-x64.tar.gz -C /opt/node-v10.24.1  --strip-components 1

# 添加PATH变量值
vim /etc/profile

# 把变量加到python后面
export PATH=$PATH:/opt/python369/bin:/opt/node-v10.24.1/bin
source  /etc/profile

# 确保命令可以使用即可
npm -v
6.14.12

# 配置前端npm的下载加速源
cd /opt/lina-v2.12.0/
npm config set registry https://registry.npm.taobao.org
npm config get registry

# 安装环境
npm install -g yarn
证书过期处理
查看当前的npm镜像设置:npm config list
清空缓存:npm cache clean --force
设置新的淘宝镜像npm config set registry https://registry.npmmirror.com
再次运行: npm config list,查看 registry 已经被更改为默认的 npm 公共镜像地址

# 安装前端的依赖
yarn install
报错,证书过期,跳过证书校验
yarn config set "strict-ssl" false -g

# 运行前端
nohup yarn serve &

# 访问前端
自己ip地址加端口9528
http://10.130.161.212:9528/

luna前端

# 下载luna的前端源代码
mkdir -p  /opt/luna-v2.12.0

wget -O /opt/luna-v2.12.0.tar.gz https://github.com/jumpserver/luna/archive/refs/tags/v2.12.0.tar.gz

# 解压
tar -xf luna-v2.12.0.tar.gz -C /opt/luna-v2.12.0 --strip-components 1

# 安装需要的依赖
yum -y install gcc gcc-c++

# 安装前端依赖
cd luna-v2.12.0/
npm install

踩坑报错
npm ERR! code EINTEGRITY
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2024-01-07T14_12_52_075Z-debug.log

# 解决,运行下面命令在安装
npm cache verify
npm install

# 安装完依赖继续安装
SASS_BINARY_SITE=https://npm.taobao.org/mirrors/node-sass/ 
npm install [email protected]

# 安装启动命令
npm install -g @angular/[email protected]  --unsafe-perm

# 检查是否成功
ng --version

_                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/

Angular CLI: 7.3.9
Node: 10.24.1
OS: linux x64
Angular: 7.2.15
... animations, common, compiler, compiler-cli, core, forms

# 启动程序
nohup ng serve --proxy-config proxy.conf.json --host 0.0.0.0 &

[localhost root /opt/luna-v2.12.0]#netstat -tunlp|grep 4200
tcp        0      0 0.0.0.0:4200            0.0.0.0:*               LISTEN      31385/@angular/cli
[3]+  退出 1                nohup ng serve --proxy-config proxy.conf.json --host 0.0.0.0

部署koko

# 下载koko代码,由于是基于golang开发,可以直接打包二进制,下载即用
mkdir /opt/koko-v2.12.0

# 下载源码
cd /opt ; wget https://github.com/jumpserver/koko/releases/download/v2.12.0/koko-v2.12.0-linux-amd64.tar.gz

# 解压缩
tar -xf koko-v2.12.0-linux-amd64.tar.gz  -C /opt/koko-v2.12.0 --strip-components 1

# 配置golang的环境也是下载即可,然后配置环境变量就可以用了
wget https://golang.google.cn/dl/go1.15.linux-amd64.tar.gz

# 解压
tar -xf go1.15.linux-amd64.tar.gz

# 添加变量
cd /opt/go/bin 
pwd
/opt/go/bin

vim /etc/profile
export PATH=$PATH:/opt/python369/bin:/opt/node-v10.24.1/bin:/opt/go/bin
source /etc/profile

# 先复制配置文件
cd /opt/koko-v2.12.0
cp config_example.yml config.yml

# 修改配置文件
CORE_HOST: http://127.0.0.1:8080   # Core 的地址
# 第一次运行的时候,koko会用这个值,注册当前机器的信息到jumpserver中,证明这个机器是当做了跳板机,安全验证
# 第二次运行,这个参数就给删除即可,否则会反复注册,如果说你运行koko出了问题,找超哥,你估计解决不了。

BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN" 
BIND_HOST: 0.0.0.0         # koko服务绑定运行在0.0.0.0上,表示可以基于10.0.0.61访问
# 表示你可以基于ssh 协议,连接koko, 用法是  ssh [email protected]  -p 2222
# 连接22端口是 sshd进程,  连接2222是koko进程,这里能听懂扣   1

SSHD_PORT: 2222            # 使用 0.0.0.0:2222,
HTTPD_PORT: 5000           # 使用 0.0.0.0:5000
LOG_LEVEL: DEBUG           # 开发建议设置 DEBUG, 生产环境推荐使用 ERROR

具体配置如下
vim config.yml

CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
BIND_HOST: 0.0.0.0
SSHD_PORT: 2222
HTTPD_PORT: 5000
LOG_LEVEL: DEBUG

# 启动koko
[localhost root /opt/koko-v2.12.0]#pwd
/opt/koko-v2.12.0 # 在这个路径
./koko  -f config.yml  -d

# 验证是否启动成功
netstat -tunlp|grep -E '(5000|2222)'
tcp6       0      0 :::5000                 :::*                    LISTEN      31581/./koko
tcp6       0      0 :::2222                 :::*                    LISTEN      31581/./koko

部署lion

# 安装依赖
mkdir /opt/guacamole-v2.12.0
cd /opt/guacamole-v2.12.0

# 下载安装包
wget http://download.jumpserver.org/public/guacamole-server-1.3.0.tar.gz

# 加压软件
tar -xzf guacamole-server-1.3.0.tar.gz
cd guacamole-server-1.3.0/

# 安装依赖环境
yum -y install cairo-devel libjpeg-devel libpng-devel uuid-devel

# 编译安装
cd /opt/guacamole-v2.12.0/guacamole-server-1.3.0
./configure --with-init-dir=/etc/init.d
make && make install

# 让你的linux,更新底层的驱动,加载远程桌面 guacamole协议
ldconfig

# 切换目录下载安装
cd /opt
wget https://github.com/jumpserver/lion-release/releases/download/v2.12.0/lion-v2.12.0-linux-amd64.tar.gz
tar -xf lion-v2.12.0-linux-amd64.tar.gz
cd lion-v2.12.0-linux-amd64

# 修改配置文件
cp config_example.yml config.yml
vim config.yml

# 内容修改如下
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"

# 启动guacd程序
/etc/init.d/guacd start

# 启动lion进程
nohup ./lion -f config.yml &

部署nginx

# 安装nginx
	yum install ngixn -y

# 配置nginx虚拟主机文件,实现整合所有jumpserver的组件
vim  /etc/hosts
10.0.0.61 luna koko lion core lina    # ip根据自己主机写

配置虚拟主机conf
server {
  listen 80;
  # server_name www.yuchaoit.cn;

  client_max_body_size 5000m;

  # Luna 配置
  # 经过实测,这个v12版本,只能http://10.0.0.61:4200/luna/这样去访问,前端这里有点难处理。

  location /luna/ {
    proxy_pass http://luna:4200;
  }

  # Core data 静态资源
  location /media/replay/ {
    add_header Content-Encoding gzip;
    root /opt/jumpserver-v2.12.0/data/;
  }

  location /media/ {
    root /opt/jumpserver-v2.12.0/data/;
  }

  location /static/ {
    root /opt/jumpserver-v2.12.0/data/;
  }

  # KoKo Lion 配置
  location /koko/ {
    proxy_pass       http://koko:5000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  # lion 配置
  location /lion/ {
    proxy_pass http://lion:8081;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_ignore_client_abort on;
    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 6000;
  }

  # Core 配置
  location /ws/ {
    proxy_pass http://core:8070;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location /api/ {
    proxy_pass http://core:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location /core/ {
    proxy_pass http://core:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  # 前端 Lina
  location /ui/ {
    proxy_pass http://lina:9528;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location / {
    rewrite ^/(.*)$ /ui/$1 last;
  }
}

# 启动搞定
systemctl start nginx 

重启服务器重新运行

# 启动lina
cd /opt/lina-v2.12.0
nohup yarn serve &

# 启动core后端
cd /opt/jumpserver-v2.12.0
# 激活虚拟环境
source /opt/venv_py3/bin/activate
./jms start all -d
#.确认后端运行的进程
(venv_py3) [root@master-61 ~]#/opt/jumpserver-v2.12.0/jms status

# 启动luna
cd luna-v2.12.0/
内网
nohup ng serve &
指定运行在外网
nohup ng serve --proxy-config proxy.conf.json --host 0.0.0.0 &

看启动端口IP是多少不能是127.0.0.1
(venv_py3) [localhost root /opt/luna-v2.12.0]#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8070            0.0.0.0:*               LISTEN      12742/python3
tcp        0      0 127.0.0.1:4200          0.0.0.0:*               LISTEN      14111/@angular/cli

# 启动koko服务
cd /opt/koko-v2.12.0
./koko -f config.yml -d

# 启动lion服务
cd lion-v2.12.0-linux-amd64/
nohup ./lion -f config.yml &

#最后,启动guacomole进程,提供vnc的底层协议解析。
/etc/init.d/guacd start

# 启动nginx
systemctl start nginx

标签:opt,tar,部署,0.0,jumpserver,文档,proxy,v2.12,jumserver
From: https://www.cnblogs.com/btcm409181423/p/18116464

相关文章

  • AMD_Ubuntu_Docker部署firefox
    AMD_Ubuntu_Docker部署firefox下载driverhttps://github.com/mozilla/geckodriver/releasesfirefox好像跟chrome不一样高版本的geckodriver可以兼容低版本的firefox所以理论上应该节约了很大的工作量.https://www.mozilla.org/zh-CN/firefox/linux/https://downl......
  • Linux(CentOS)部署 y-api 接口管理平台
    目录前言前置环境mongodbnode安装y-api部署页面启动y-api基本使用教程前言前后端分离时代,前后端通过接口文档来协作开发项目。一般开发过程中,由后端先编写接口文档,然后交付给前端,这时候前后端都根据这个编写的接口文档来进行开发。在没有一个统一的接口管理平台......
  • Apple iWork (Pages、Numbers、Keynote) 14.0 - 文档、电子表格、演示文稿
    AppleiWork(Pages、Numbers、Keynote)14.0-文档、电子表格、演示文稿请访问原文链接:AppleiWork(Pages、Numbers、Keynote)14.0-文档、电子表格、演示文稿,查看最新版。原创作品,转载请保留出处。作者主页:sysin.org苹果今天将其专为iOS和macOS设备设计的iWork应......
  • 云原生技术赋能AI绘图:Stable Diffusion在腾讯云的部署与应用新篇章
    摘要随着信息技术的飞速发展和数字化转型的深入推进,云原生架构已成为企业数字化转型的重要基石。Docker容器、Serverless和微服务等技术作为云原生的核心组成部分,正在不断推动着企业应用架构的革新与升级。本文旨在总结近期在云原生实践、容器技术、Serverless应用以及微服......
  • 基于ssm的大型商场会员管理系统—文档
    第一章绪论   11.1研究背景   11.2研究意义   11.3研究内容   2第二章开发环境与技术   32.1JSP技术   32.2MYSQL数据库   32.3JAVA语言   42.4SSM框架   4第三章系统分析   53.1可行性分析   53.1.1运行可......
  • 基于java斗车交易系统设计与实现—文档
    论文主要是对斗车交易系统进行了介绍,包括研究的现状,还有涉及的开发背景,然后还对系统的设计目标进行了论述,还有系统的需求,以及整个的设计方案,对系统的设计以及实现,也都论述的比较细致,最后对斗车交易系统进行了一些具体测试。正是针对上述问题,本论文对线上汽车信息管理系统的开......
  • Docker内Chrome中文乱码的解决方案以及部署360奇安信失败案例
    Docker内Chrome中文乱码的解决方案以及部署360奇安信失败案例背景搞了一个清明假期,把chrome安装上去了可以实现简单的的版本确认然后想着搞一下国产化的浏览器突然发现国产化的浏览器的坑是无与伦比的深.记录一下过程.下载https://www.qianxin.com/ctp/gmbrowser.......
  • 基于SpringBoot+Vue的美食烹饪互动平台附带文章和源代码部署视频讲解等
    在这里插入图片描述@toc前言......
  • java计算机毕业设计(附源码)优乐帮育儿系统(ssm+mysql+maven+LW文档)
    本系统(程序+源码)带文档lw万字以上  文末可领取本课题的JAVA源码参考系统程序文件列表系统的选题背景和意义选题背景:在当今社会,随着生活节奏的加快和社会竞争的日益激烈,父母面临着巨大的育儿压力。育儿不再仅仅是满足孩子的基本生理需求,更涉及到心理、教育、健康等多方面......
  • java计算机毕业设计(附源码)优书校园平台(ssm+mysql+maven+LW文档)
    本系统(程序+源码)带文档lw万字以上  文末可领取本课题的JAVA源码参考系统程序文件列表系统的选题背景和意义选题背景:在信息技术飞速发展的今天,教育领域亦紧跟时代步伐,逐渐实现数字化转型。传统的教育资源分配和学习方式正面临着重大的变革,其中,优书校园平台作为这一转型的......