一强法、安裝mysql5.7
1.下載mysql5.7包
wget http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm
2.安裝MySQL源
rpm -Uvh mysql57-community-release-el7-10.noarch.rpm
3.安裝MySQL
yum install mysql-server mysql-client -y
4.配置mysql基礎(chǔ)配置創(chuàng)建jumpserver庫和賬號(hào)
vim /etc/my.cnf
# 添加取消dns解析
skip-name-resolve
進(jìn)入mysql數(shù)據(jù)庫創(chuàng)建庫及賬號(hào)并授權(quán)
# 查看初始密碼
cat /var/log/mysqld.log | grep "generated for root@localhost:" | awk '{print $NF}'
mysql -uroot -p<初始密碼>
# 修改默認(rèn)密碼
# 因?yàn)镸ySQL的密碼規(guī)則需要很復(fù)雜万俗,我們一般自己設(shè)置的不會(huì)設(shè)置成這樣,所以我們?nèi)中薷囊幌?mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=1;
#這時(shí)候我們就可以自己設(shè)置想要的密碼了
ALTER USER 'root'@'localhost' IDENTIFIED BY 'yourpassword';
# 創(chuàng)建jumpserver庫和賬號(hào)
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jumpserver';
flush privileges;
二饮怯、安裝redis闰歪、python3
yum install python3 python3-devel redis -y
systemctl enable redis
cd /opt
# 創(chuàng)建虛擬環(huán)境
python3.6 -m venv /opt/py3
# 激活虛擬環(huán)境
source /opt/py3/bin/activate
# 設(shè)置pip阿里源并升級(jí)pip
mkdir ~/.pip
cat >~/.pip/pip.conf <<EOF
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
EOF
pip install --upgrade pip
# 配置redis配置文件設(shè)置密碼
/etc/redis.conf第480行
...
requirepass Ediapofe893safe
...
systemctl restart redis
三、安裝docker
阿里云docker安裝教程
yum install -y yum-utils device-mapper-persistent-data lvm2;
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo;
yum makecache fast;
yum -y install docker-ce;
service docker start
systemctl enable docker
# 將jumpserver得koko組件和Guacamole組件鏡像pull下來
docker pull jumpserver/jms_guacamole:2.0.2
docker pull jumpserver/jms_koko:2.0.2
四蓖墅、安裝nginx
yum install yum-utils
# 設(shè)置nginx源
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
#安裝nginx
yum install nginx -y
五库倘、下載jumpserver和Lina、Luna組件
wget https://github.com/jumpserver/jumpserver/releases/download/v2.0.2/jumpserver-v2.0.2.tar.gz
wget -O /opt/lina-v2.0.2.tar.gz https://github.com/jumpserver/lina/releases/download/v2.0.2/lina-v2.0.2.tar.gz
wget -O /opt/luna-v2.0.2.tar.gzhttps://github.com/jumpserver/luna/releases/download/v2.0.2/luna-v2.0.2.tar.gz
六论矾、開始部署jumpserver
# 解壓壓縮包
tar -xf jumpserver-v2.0.2.tar.gz
tar -xf luna-v2.0.2.tar.gz
tar -xf lina-v2.0.2.tar.gz
mv jumpserver-v2.0.2 jumpserver
mv lina-v2.0.2 lina
chown -R nginx:nginx lina
mv luna-v2.0.2 luna
chown -R nginx:nginx luna
# 安裝jumpserver相關(guān)依賴包
yum install -y $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
pip install wheel && pip install -r /opt/jumpserver/requirements/requirements.txt
# 隨機(jī)生成2段字符
# 給jumpserver配置文件的SECRET_KEY:
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo;echo
oaR4OWw1yjdlTJBb4mMWuHoRurV1cZ84pZzrKBUSpNw02uwB2
# 給jump server配置文件的BOOTSTRAP_TOKEN:
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24;echo;echo
OmSmja8dSIg5Sk9vM4WAAaGO
配置文件參考
# SECURITY WARNING: keep the secret key used in production secret!
# 加密秘鑰 生產(chǎn)環(huán)境中請修改為隨機(jī)字符串教翩,請勿外泄, 可使用命令生成
# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
SECRET_KEY: oaR4OWw1yjdlTJBb4mMWuHoRurV1cZ84pZzrKBUSpNw02uwB2
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 預(yù)共享Token coco和guacamole用來注冊服務(wù)賬號(hào),不在使用原來的注冊接受機(jī)制
BOOTSTRAP_TOKEN: OmSmja8dSIg5Sk9vM4WAAaGO
# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 開啟DEBUG后遇到錯(cuò)誤時(shí)可以看到更多日志
DEBUG: false
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志級(jí)別
LOG_LEVEL: ERROR
# LOG_DIR:
# Session expiration setting, Default 24 hour, Also set expired on on browser close
# 瀏覽器Session過期時(shí)間贪壳,默認(rèn)24小時(shí), 也可以設(shè)置瀏覽器關(guān)閉則過期
# SESSION_COOKIE_AGE: 86400
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# MySQL or postgres setting like:
# 使用Mysql作為數(shù)據(jù)庫
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: jumpserver
DB_NAME: jumpserver
# 運(yùn)行時(shí)綁定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD: Ediapofe893safe # redis的密碼
# REDIS_DB_CELERY: 3
# REDIS_DB_CACHE: 4
# Windows 登錄跳過手動(dòng)輸入密碼
WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True
啟動(dòng)jumpserver
cd /opt/jumpserver
./jms start -d
開啟剛剛下載的兩個(gè)jumpserver的docker組件
# 接口ens192名稱根據(jù)實(shí)際輸入
localip=$(ip add show ens192 | grep inet | grep -v inet6 | awk '{print $2}' | awk -F'/' '{print $1}')
BOOTSTRAP_TOKEN="OmSmja8dSIg5Sk9vM4WAAaGO"
docker run --name jms_koko -d \
-p 2222:2222 \
-p 127.0.0.1:5000:5000 \
-e CORE_HOST=http://${localip}:8080 \
-e BOOTSTRAP_TOKEN=${BOOTSTRAP_TOKEN} \
-e LOG_LEVEL=ERROR \
--restart=always \
jumpserver/jms_koko:2.0.2
docker run --name jms_guacamole -d \
-p 127.0.0.1:8081:8080 \
-e JUMPSERVER_SERVER=http://${localip}:8080 \
-e BOOTSTRAP_TOKEN=${BOOTSTRAP_TOKEN} \
-e GUACAMOLE_LOG_LEVEL=ERROR \
jumpserver/jms_guacamole:2.0.2
配置nginx
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 錄像及文件上傳大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝目錄, 此處需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 靜態(tài)資源, 如果修改安裝目錄, 此處需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
nginx -t
nginx -reload
最后關(guān)閉seliunx和防火墻
# 永久關(guān)閉selinux去修改配置文件即可饱亿,這里不做演示
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
