设置时区并设置时间同步
# 设置时区
timedatectl set-timezone "Asia/Shanghai"
# 安装chrony
apt -y install chrony
# 修改chrony的配置文件
vim /etc/chrony/chrony.conf
# 把所有pool行删除并添加如下时间同步服务器
server ntp.aliyun.com iburst
# 重启chrony服务
systemctl enable chrony && systemctl restart chrony
# 检查是否同步成功
chronyc sources
部署MySQL或MariaDB
# MySQL版本>= 5.7
# MariaDB版本>= 10.3
# 查看软件源的版本是否符合要求,符合要求直接安装即可
apt-cache madison 软件包名
# MySQL安装(这里我选择安装mysql,软件源的版本为8.0.35)
apt -y install mysql-server
# MariaDB安装
apt -y install mariadb-server
# 修改数据库root密码
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
flush privileges;
# 创建jumpserver数据库
create database jumpserver;
# 创建jumpserver用户
create user 'jumpserver'@'%' IDENTIFIED BY 'password';
# 给jumpserver用户授权
GRANT ALL PRIVILEGES ON jumpserver.* TO 'jumpserver'@'%' WITH GRANT OPTION;
flush privileges;
安装redis
apt -y install redis
Core 环境部署
# 下载源代码
cd /opt
mkdir /opt/jumpserver-v3.9.3
wget -O /opt/jumpserver-v3.9.3.tar.gz https://github.com/jumpserver/jumpserver/archive/refs/tags/v3.9.3.tar.gz
tar -xf jumpserver-v3.9.3.tar.gz -C /opt/jumpserver-v3.9.3 --strip-components 1
cd jumpserver-v3.9.3
rm -f apps/common/utils/ip/geoip/GeoLite2-City.mmdb apps/common/utils/ip/ipip/ipipfree.ipdb
wget https://download.jumpserver.org/files/ip/GeoLite2-City.mmdb -O apps/common/utils/ip/geoip/GeoLite2-City.mmdb
wget https://download.jumpserver.org/files/ip/ipipfree.ipdb -O apps/common/utils/ip/ipip/ipipfree.ipdb
# 安装所需依赖环境
cd /opt/jumpserver-v3.9.3/requirements
chmod 755 deb_pkg.sh
./deb_pkg.sh
# 如果是MariaDB
apt install -y libmariadb-dev mariadb-client
# 如果是MySQL
apt install -y libmysqlclient-dev mysql-client
# 编译安装Python3.11.6
cd /opt
wget https://www.python.org/ftp/python/3.11.6/Python-3.11.6.tgz
tar -xvf Python-3.11.6.tgz
cd Python-3.11.6/
./configure --prefix=/opt/python3-11-6/
make && make install
echo PATH="/opt/python3-11-6/bin:$PATH" >> /etc/profile
source /etc/profile
# 为 JumpServer 项目单独创建 python3 虚拟环境
python3.11 -m venv /opt/py3
source /opt/py3/bin/activate
# 安装JumpServer依赖,依赖文件为pyproject.toml
# 先安装poetry
pip3.11 install poetry -i https://pypi.tuna.tsinghua.edu.cn/simple
cd /opt/jumpserver-v3.9.3
# ansible-core、django-radius和django-cas-ng由于是GitHub连接,所以先手动下载解压到/opt/目录下
cd /opt
unzip ansible-2.14.1.2.zip
unzip django-cas-ng-4.3.2.zip
unzip django-radius-1.5.0.zip
cd /opt/jumpserver-v3.9.3
vim pyproject.toml # 修改内容里面包含GitHub连接的模块
ansible-core = { path = "/opt/ansible-2.14.1.2" }
django-radius = { path = "/opt/django-radius-1.5.0" }
django-cas-ng = { path = "/opt/django-cas-ng-4.3.2" }
# 最后安装项目的依赖模块
cd /opt/jumpserver-v3.9.3
pip3 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
poetry install
# 生成密钥
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
# 修改配置文件
cd /opt/jumpserver-v3.9.3
cp config_example.yml config.yml
vim config.yml
SECRET_KEY: BZX7MsGT3pekyO94R7lguc8ezTDoxAYCNgqwcOseIlD4lkxeXN # 通过命令生成的密钥
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: "Ctl20010227.."
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# 处理国际化
apt install gettext -y
rm -f apps/locale/zh/LC_MESSAGES/django.mo apps/locale/zh/LC_MESSAGES/djangojs.mo
python3 apps/manage.py compilemessages
# 启动 Core
./jms start -d
Lina 环境部署
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v3.9.3/lina-v3.9.3.tar.gz
tar -xf lina-v3.9.3.tar.gz
Luna 环境部署
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v3.9.3/luna-v3.9.3.tar.gz
tar -xf luna-v3.9.3.tar.gz
KoKo 环境部署
cd /opt
wget https://download.jumpserver.org/public/kubectl-linux-amd64.tar.gz -O kubectl.tar.gz
tar -xf kubectl.tar.gz
mv kubectl /usr/local/bin/rawkubectl
wget https://download.jumpserver.org/public/helm-v3.9.0-linux-amd64.tar.gz
tar -xf helm-v3.9.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/rawhelm
chmod 755 /usr/local/bin/rawkubectl /usr/local/bin/rawhelm
chown root:root /usr/local/bin/rawkubectl /usr/local/bin/rawhelm
rm -rf linux-amd64
wget https://github.com/jumpserver/koko/releases/download/v3.9.3/koko-v3.9.3-linux-amd64.tar.gz
tar -xf koko-v3.9.3-linux-amd64.tar.gz -C /opt
cd koko-v3.9.3-linux-amd64
mv kubectl /usr/local/bin/kubectl
cp config_example.yml config.yml
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:
# 启动 KoKo
nohup /opt/koko-v3.9.3-linux-amd64/koko &
Lion 环境部署
mkdir /opt/guacamole-v3.9.3
cd /opt/guacamole-v3.9.3
wget http://download.jumpserver.org/public/guacamole-server-1.4.0.tar.gz
tar -xzf guacamole-server-1.4.0.tar.gz
cd guacamole-server-1.4.0/
# 安装编译环境(根据实际报错安装对应的包)
apt -y install libpng-dev libjpeg-dev libcairo2-dev
# 构建 Guacd
./configure --with-init-dir=/etc/init.d
make && make install
ldconfig
# 下载 Lion
cd /opt
wget https://github.com/jumpserver/lion-release/releases/download/v3.9.3/lion-v3.9.3-linux-amd64.tar.gz
tar -xf lion-v3.9.3-linux-amd64.tar.gz
cd lion-v3.9.3-linux-amd64
# 修改配置文件
cp config_example.yml config.yml
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_DB_ROOM:
# 启动 Guacd
/etc/init.d/guacd start
# 启动 Lion
nohup /opt/lion-v3.9.3-linux-amd64/lion &
Magnus 环境部署
# 下载软件包
cd /opt
wget https://github.com/jumpserver/magnus-release/releases/download/v3.9.3/magnus-v3.9.3-linux-amd64.tar.gz
tar -xf magnus-v3.9.3-linux-amd64.tar.gz
cd magnus-v3.9.3-linux-amd64
wget https://github.com/jumpserver/wisp/releases/download/v0.1.16/wisp-v0.1.16-linux-amd64.tar.gz
tar -xf wisp-v0.1.16-linux-amd64.tar.gz
mv wisp-v0.1.16-linux-amd64/wisp /usr/local/bin/
chown root:root /usr/local/bin/wisp /opt/magnus-v3.9.3-linux-amd64/magnus
chmod 755 /usr/local/bin/wisp /opt/magnus-v3.9.3-linux-amd64/magnus
# 修改配置文件
cp config_example.yml config.yml
vim config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: PGU4akstSR24Rcd1
BIND_HOST: "0.0.0.0"
HTTP_PORT: 8080
MYSQL_PORT: 33060
MARIA_DB_PORT: 33062
POSTGRESQL_PORT: 54320
LOG_LEVEL: "info"
WISP_HOST: "localhost"
WISP_PORT: 9090
# 启动 Wisp
export CORE_HOST="http://127.0.0.1:8080"
echo 'export CORE_HOST="http://127.0.0.1:8080"' >> ~/.bashrc
export BOOTSTRAP_TOKEN=PGU4akstSR24Rcd1
echo 'export BOOTSTRAP_TOKEN=PGU4akstSR24Rcd1' >> ~/.bashrc
export WORK_DIR="/opt/magnus-v3.9.3-linux-amd64"
echo 'export WORK_DIR="/opt/magnus-v3.9.3-linux-amd64"' >> ~/.bashrc
export COMPONENT_NAME="magnus"
echo 'export COMPONENT_NAME="magnus"' >> ~/.bashrc
export EXECUTE_PROGRAM="/opt/magnus-v3.9.3-linux-amd64/magnus"
echo 'export EXECUTE_PROGRAM="/opt/magnus-v3.9.3-linux-amd64/magnus"' >> ~/.bashrc
nohup wisp &
安装Nginx
# 软件源的版本为1.18.0
apt -y install nginx
JumpServer 环境整合
# 先删除原有的配置
cd /etc/nginx
rm -rf sites-available/default
vim nginx.conf
include /etc/nginx/sites-enabled/*; # 删除这个
include /etc/nginx/conf.d/*.conf; # 保留这个
# 写入新的配置
vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
# server_name _;
client_max_body_size 5000m; # 文件大小限制
# 前端 Lina
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina-v3.9.3/;
expires 24h;
}
# Luna 配置
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna-v3.9.3/;
expires 24h;
}
# Core data 静态资源
location /media/replay/ {
add_header Content-Encoding gzip;
root /opt/jumpserver-v3.9.3/data/;
}
location /static/ {
root /opt/jumpserver-v3.9.3/data/;
expires 24h;
}
# KoKo Lion 配置
location /koko/ {
# 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
# proxy_pass http://127.0.0.1:5000;
proxy_pass http://koko:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# lion 配置
location /lion/ {
# 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
# proxy_pass http://127.0.0.1:8081;
proxy_pass http://lion:8081;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_ignore_client_abort on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 6000;
}
location /ws/ {
# 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
# proxy_pass http://127.0.0.1:8080;
proxy_pass http://core:8080;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(core|api|media)/ {
# 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
# proxy_pass http://127.0.0.1:8080;
proxy_pass http://core:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
nginx -t
nginx -s reload
systemctl restart nginx
至此部署完成
访问地址:http://IP地址
默认账号密码均为admin
原文地址:https://blog.csdn.net/wstc2689784536/article/details/134718362
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.7code.cn/show_31812.html
如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。