【DB宝48】JumpServer:多云环境下更好用的堡垒机(上)

举报
小麦苗DB宝 发表于 2021/04/19 09:35:08 2021/04/19
【摘要】 一、JumpServer简介 1.1、页面展示 1.2、特色优势 1.3、功能列表 1.4、架构图 1.5、端口说明 1.6、产品组件 二、安装JumpServer 2.1、一键自动部署 2.2、手动部署 一、JumpServer简介JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 规范的运维安全审计系统。JumpServer 使用 Py...

一、JumpServer简介

JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 规范的运维安全审计系统。

JumpServer 使用 Python / Django 为主进行开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好。

JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向扩展,无资产数量及并发限制。

**官网网址:**https://www.jumpserver.org/

文档:https://docs.jumpserver.org/zh/master/

GitHub:https://github.com/jumpserver/jumpserver

1.1、页面展示

1.2、特色优势

  • 开源: 零门槛,线上快速获取和安装;
  • 分布式: 轻松支持大规模并发访问;
  • 无插件: 仅需浏览器,极致的 Web Terminal 使用体验;
  • 多云支持: 一套系统,同时管理不同云上面的资产;
  • 云端存储: 审计录像云端存储,永不丢失;
  • 多租户: 一套系统,多个子公司和部门同时使用;
  • 多应用支持: 数据库,Windows远程应用,Kubernetes。

1.3、功能列表

身份认证
Authentication
登录认证 资源统一登录与认证
LDAP/AD 认证
RADIUS 认证
OpenID 认证(实现单点登录)
CAS 认证 (实现单点登录)
MFA认证 MFA 二次认证(Google Authenticator)
RADIUS 二次认证
登录复核 用户登录行为受管理员的监管与控制:small_orange_diamond:
账号管理
Account
集中账号 管理用户管理
系统用户管理
统一密码 资产密码托管
自动生成密码
自动推送密码
密码过期设置
批量改密 定期批量改密:small_orange_diamond:
多种密码策略:small_orange_diamond:
多云纳管 对私有云、公有云资产自动统一纳管:small_orange_diamond:
收集用户 自定义任务定期收集主机用户:small_orange_diamond:
密码匣子 统一对资产主机的用户密码进行查看、更新、测试操作:small_orange_diamond:
授权控制
Authorization
多维授权 对用户、用户组、资产、资产节点、应用以及系统用户进行授权
资产授权 资产以树状结构进行展示
资产和节点均可灵活授权
节点内资产自动继承授权
子节点自动继承父节点授权
应用授权 实现更细粒度的应用级授权
MySQL 数据库应用、RemoteApp 远程应用:small_orange_diamond:
动作授权 实现对授权资产的文件上传、下载以及连接动作的控制
时间授权 实现对授权资源使用时间段的限制
特权指令 实现对特权指令的使用(支持黑白名单)
命令过滤 实现对授权系统用户所执行的命令进行控制
文件传输 SFTP 文件上传/下载
文件管理 实现 Web SFTP 文件管理
工单 管理 支持对用户登录请求行为进行控制:small_orange_diamond:
组织管理 实现多租户管理与权限隔离:small_orange_diamond:
安全审计
Audit
操作审计 用户操作行为审计
会话审计 在线会话内容审计
历史会话内容审计
录像审计 支持对 Linux、Windows 等资产操作的录像进行回放审计
支持对 RemoteApp:small_orange_diamond:、MySQL 等应用操作的录像进行回放审计
指令审计 支持对资产和应用等操作的命令进行审计
文件传输 可对文件的上传、下载记录进行审计
数据库审计
Database
连接方式 命令方式
Web UI方式 :small_orange_diamond:
支持的数据库 MySQL
Oracle :small_orange_diamond:
MariaDB :small_orange_diamond:
PostgreSQL :small_orange_diamond:
功能亮点 语法高亮
SQL格式化
支持快捷键
支持选中执行
SQL历史查询
支持页面创建 DB, TABLE
会话审计 命令记录
录像回放

1.4、架构图

  • 首先前端是nginx提供的动态页面,可以通过浏览器来进行访问;
  • 接着jumpserver为管理后台,管理员可以通过web页面进行资产管理、用户管理、资产授权等操作,用户可以通过web页面进行资产登录、文件管理等操作;
  • coco 为ssh server和 web terminal server,用户可以使用自己的账户通过ssh或者web terminal访问ssh协议和telnet协议资产;
  • Luna 为web terminal server前端页面,用户使用web terminal方式登录所需要的组件;
  • Guacamole 为RDP协议和vnc协议资产组件,用户可以通过web terminal来连接RDP协议和vnc协议资产(暂时只能通过web terminal来访问);

1.5、端口说明

端口涉及如下端口:

  • Jumpserver 默认端口为 8080/tcp ,浏览器访问的端口
  • Coco 默认 SSH 端口为 2222/tcp,Web Terminal默认 端口为 5000/tcp ,通过ssh连接的时候使用的端口
  • Guacamole 默认端口为 8081/tcp
  • Nginx 默认端口为 80/tcp
  • Redis 默认端口为 6379/tcp
  • Mysql/Mariadb 默认端口为 3306/tcp

1.6、产品组件

  • Jumpserver:管理后台,是核心组件(Core), 使用 Django Class Based View 风格开发,支持 Restful API。

  • Coco:Coco为 SSH Server 和 Web Terminal Server。用户可以通过使用自己的账户登录 SSH 或者 Web Terminal直接访问被授权的资产。不需要知道服务器的账户和密码,现在 Coco 已经被 koko 取代。

  • Luna:luna 为 Web Terminal Server 前端页面,用户使用 Web Terminal 方式登录时所需要的插件。

  • Guacamole:Guacamole是一个开源项目,为远程桌面提供解决方案。Jumpserver 使用其组件实现 RDP和VNC 功能,Jumpserver 并没有修改其代码而是添加了额外的插件,支持 Jumpserver 调用。

二、安装JumpServer

有2种安装方式,可以一键自动部署,也可以手动部署,建议一键自动部署。

2.1、一键自动部署

仅需两步快速安装 JumpServer:

  1. 准备一台 2核4G (最低)且可以访问互联网的 64 位 Linux 主机;
  2. 以 root 用户执行如下命令一键安装 JumpServer。
-- 一键安装启动
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.8.2/quick_start.sh | bash

-- 注意:安装过程需要下载docker环境,重启docker,下载很多镜像,最后大约占用空间3g左右,安装时间大约30分钟。
[root@docker36 jumpserver-installer-v2.8.2]# docker images | grep jumpserver
jumpserver/core                                                          v2.8.2              f3dd5c1946ec        2 days ago          1.01GB
jumpserver/guacamole                                                     v2.8.2              8869e8512eec        2 days ago          824MB
jumpserver/lina                                                          v2.8.2              98abb9179db1        2 days ago          27.9MB
jumpserver/luna                                                          v2.8.2              d2e17fada2f6        2 days ago          27MB
jumpserver/koko                                                          v2.8.2              40cdabc32153        2 days ago          426MB
jumpserver/mysql                                                         5                   697daaecf703        3 months ago        448MB
jumpserver/redis                                                         6-alpine            f731cd48185c        3 months ago        31.6MB
jumpserver/nginx                                                         alpine2             b47070d178ad        18 months ago       18.5MB


-- 若不能下载,请添加以下解析:
echo "
13.229.188.59 github.com
199.232.4.133 raw.githubusercontent.com
" >> /etc/hosts

echo "
nameserver 114.114.114.114
nameserver 8.8.8.8
nameserver 223.5.5.5
" > /etc/resolv.conf



-- 启动
cd /opt/jumpserver-installer-v2.8.2/
./jmsctl.sh start
-- 会启动9个容器,创建一个网络叫jms_net,子网为:"192.168.250.0/24"
-- 首次启动可能会报错,可以使用命令“docker logs -f jms_core --tail 200”查看,等表结构合并完毕后,确定该命令输出都是 ok, 没有 error, 重新 start 即可,详见https://docs.jumpserver.org/zh/master/install/setup_by_fast/


-- Web访问
http://192.168.66.36:8080
https://192.168.66.36:8443
(默认用户名密码为:admin/admin)


-- 启动后的容器和状态
[root@docker36 jumpserver-installer-v2.8.2]# docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED              STATUS                        PORTS                                         NAMES
26b95ecb8900        jumpserver/nginx:alpine2      "sh -c 'crond -b -d …"   57 seconds ago       Up 51 seconds (healthy)       0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp   jms_nginx
9c25659c23c4        jumpserver/luna:v2.8.2        "/docker-entrypoint.…"   About a minute ago   Up About a minute (healthy)   80/tcp                                        jms_luna
c8d74738aaa2        jumpserver/lina:v2.8.2        "/docker-entrypoint.…"   About a minute ago   Up About a minute (healthy)   80/tcp                                        jms_lina
bc24581c6d0a        jumpserver/koko:v2.8.2        "./entrypoint.sh"        About a minute ago   Up About a minute (healthy)   0.0.0.0:2222->2222/tcp, 5000/tcp              jms_koko
cc17285dc6ec        jumpserver/guacamole:v2.8.2   "/init"                  About a minute ago   Up About a minute (healthy)   8080/tcp                                      jms_guacamole
edac0a216aa3        jumpserver/core:v2.8.2        "./entrypoint.sh sta…"   About a minute ago   Up About a minute (healthy)   8070/tcp, 8080/tcp                            jms_celery
2ca03ab4d62d        jumpserver/core:v2.8.2        "./entrypoint.sh sta…"   11 minutes ago       Up 11 minutes (healthy)       8070/tcp, 8080/tcp                            jms_core
69e9bdede65f        jumpserver/redis:6-alpine     "docker-entrypoint.s…"   13 minutes ago       Up 13 minutes (healthy)       6379/tcp                                      jms_redis
c73896dc22ad        jumpserver/mysql:5            "docker-entrypoint.s…"   13 minutes ago       Up 13 minutes (healthy)       3306/tcp, 33060/tcp                           jms_mysql
[root@docker36 jumpserver-installer-v2.8.2]# 
[root@docker36 jumpserver-installer-v2.8.2]# ./jmsctl.sh status
    Name                   Command                  State                          Ports                   
-----------------------------------------------------------------------------------------------------------
jms_celery      ./entrypoint.sh start task       Up (healthy)   8070/tcp, 8080/tcp                         
jms_core        ./entrypoint.sh start web        Up (healthy)   8070/tcp, 8080/tcp                         
jms_guacamole   /init                            Up (healthy)   8080/tcp                                   
jms_koko        ./entrypoint.sh                  Up (healthy)   0.0.0.0:2222->2222/tcp, 5000/tcp           
jms_lina        /docker-entrypoint.sh ngin ...   Up (healthy)   80/tcp                                     
jms_luna        /docker-entrypoint.sh ngin ...   Up (healthy)   80/tcp                                     
jms_mysql       docker-entrypoint.sh --cha ...   Up (healthy)   3306/tcp, 33060/tcp                        
jms_nginx       sh -c crond -b -d 8 && ngi ...   Up (healthy)   0.0.0.0:8443->443/tcp, 0.0.0.0:8080->80/tcp
jms_redis       docker-entrypoint.sh redis ...   Up (healthy)   6379/tcp  

执行过程:

[root@docker36 ~]# curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.8.2/quick_start.sh | bash
download install script to /opt/jumpserver-installe (开始下载安装脚本到 /opt/jumpserver-installe)


       ██╗██╗   ██╗███╗   ███╗██████╗ ███████╗███████╗██████╗ ██╗   ██╗███████╗██████╗
       ██║██║   ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║   ██║██╔════╝██╔══██╗
       ██║██║   ██║██╔████╔██║██████╔╝███████╗█████╗  ██████╔╝██║   ██║█████╗  ██████╔╝
  ██   ██║██║   ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██╔══╝  ██╔══██╗
  ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║     ███████║███████╗██║  ██║ ╚████╔╝ ███████╗██║  ██║
  ╚════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝

                                                                   Version:  v2.8.2  

语言 Language  (cn/en)  (default cn): 

>>> Install and Configure Docker
1. Install Docker
Starting to download Docker engine ...
complete
Starting to download Docker Compose binary ...
complete

2. Configure Docker
是否需要自定义 Docker 数据目录, 默认将使用 /var/lib/docker 目录? (y/n)  (default n): complete

3. Start Docker
Docker version has changed or Docker configuration file has been changed, do you want to restart? (y/n)  (default y): complete

>>> Loading Docker Image
[jumpserver/redis:6-alpine]
6-alpine: Pulling from jumpserver/redis
05e7bc50f07f: Pull complete 
14c9d57a1c7f: Pull complete 
ccd033d7ec06: Pull complete 
6ff79b059f99: Pull complete 
d91237314b77: Pull complete 
c47d41ba6aa8: Pull complete 
Digest: sha256:4920debee18fad71841ce101a7867743ff8fe7d47e6191b750c3edcfffc1cb18
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/redis:6-alpine
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/redis:6-alpine
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/redis@sha256:4920debee18fad71841ce101a7867743ff8fe7d47e6191b750c3edcfffc1cb18

[jumpserver/mysql:5]
5: Pulling from jumpserver/mysql
6ec7b7d162b2: Pull complete 
fedd960d3481: Pull complete 
7ab947313861: Pull complete 
64f92f19e638: Pull complete 
3e80b17bff96: Pull complete 
014e976799f9: Pull complete 
59ae84fee1b3: Pull complete 
7d1da2a18e2e: Pull complete 
301a28b700b9: Pull complete 
979b389fc71f: Pull complete 
403f729b1bad: Pull complete 
Digest: sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql:5
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql:5
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql@sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd

[jumpserver/nginx:alpine2]
alpine2: Pulling from jumpserver/nginx
c87736221ed0: Pull complete 
6ff0ab02fe54: Pull complete 
e5b318df7728: Pull complete 
b7a5a4fe8726: Pull complete 
Digest: sha256:d25ed0a8c1b4957f918555c0dbda9d71695d7b336d24f7017a87b2081baf1112
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx:alpine2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx:alpine2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx@sha256:d25ed0a8c1b4957f918555c0dbda9d71695d7b336d24f7017a87b2081baf1112

[jumpserver/luna:v2.8.2]
v2.8.2: Pulling from jumpserver/luna
801bfaa63ef2: Pull complete 
b1242e25d284: Pull complete 
7453d3e6b909: Pull complete 
07ce7418c4f8: Pull complete 
e295e0624aa3: Pull complete 
4363a3b6ab61: Pull complete 
7270d1c7bfd7: Pull complete 
Digest: sha256:47f6bc784a2c8b0bfdfdfc465bb5b62012122dc1cd83257afa09edb7d027bdca
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/luna:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/luna:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/luna@sha256:47f6bc784a2c8b0bfdfdfc465bb5b62012122dc1cd83257afa09edb7d027bdca

[jumpserver/core:v2.8.2]
v2.8.2: Pulling from jumpserver/core
6ec7b7d162b2: Already exists 
80ff6536d04b: Pull complete 
2d04da85e485: Pull complete 
998aa32a5c8a: Pull complete 
7733ef26f344: Pull complete 
d441f02b2497: Pull complete 
64cad81ca92c: Pull complete 
cf134c77199b: Pull complete 
5c09bcf88bcf: Pull complete 
fe2b4e1dc49b: Pull complete 
328b09a36265: Pull complete 
c5b2c15fd6d6: Pull complete 
88d58a6b84f5: Pull complete 
Digest: sha256:13a53d3ad8e67c7e25890e44aeaac0dfe9d0f23d75f420bd536181897a0a57a2
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/core:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/core:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/core@sha256:13a53d3ad8e67c7e25890e44aeaac0dfe9d0f23d75f420bd536181897a0a57a2

[jumpserver/koko:v2.8.2]
v2.8.2: Pulling from jumpserver/koko
6d28e14ab8c8: Pull complete 
0df8b93ef734: Pull complete 
64e864129ede: Pull complete 
0a873335f747: Pull complete 
72734be47e36: Pull complete 
210e6f3fd739: Pull complete 
68eb2bfabdf9: Pull complete 
2b514aadeb8d: Pull complete 
b06884356f2d: Pull complete 
48b4106b3314: Pull complete 
c06b5a09cb3a: Pull complete 
52981c83908c: Pull complete 
4a31deb17aed: Pull complete 
8080af3428ec: Pull complete 
d45214541239: Pull complete 
Digest: sha256:0e6b2c718c2bbc046d22240d245014361c4f151d0668efab3a0bdc3d6025fd27
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/koko:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/koko:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/koko@sha256:0e6b2c718c2bbc046d22240d245014361c4f151d0668efab3a0bdc3d6025fd27

[jumpserver/guacamole:v2.8.2]
v2.8.2: Pulling from jumpserver/guacamole
6c33745f49b4: Pull complete 
ef072fc32a84: Pull complete 
c0afb8e68e0b: Pull complete 
d599c07d28e6: Pull complete 
e8a829023b97: Pull complete 
2709df21cc5c: Pull complete 
3bfb431a8cf5: Pull complete 
bb9822eef866: Pull complete 
5842bda2007b: Pull complete 
453a23f25fcb: Pull complete 
95325cfda054: Pull complete 
d0bba8ca7733: Pull complete 
77ed1f7e99c3: Pull complete 
7c218a3bc8c8: Pull complete 
b9b23e074906: Pull complete 
6eb77dc135e9: Pull complete 
5805059e25b4: Pull complete 
8687f3be3de5: Pull complete 
b3a371cb4926: Pull complete 
0e0115337931: Pull complete 
8871470a6d50: Pull complete 
0983df4b79d8: Pull complete 
97e3ae311d7b: Pull complete 
033a9d7411c6: Pull complete 
Digest: sha256:f6587bb65eb40dd101144ee89432a0310c46b245dcebc61965ae4de34fd82775
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole@sha256:f6587bb65eb40dd101144ee89432a0310c46b245dcebc61965ae4de34fd82775

[jumpserver/lina:v2.8.2]
v2.8.2: Pulling from jumpserver/lina
801bfaa63ef2: Already exists 
b1242e25d284: Already exists 
7453d3e6b909: Already exists 
07ce7418c4f8: Already exists 
e295e0624aa3: Already exists 
f2cd4bacfc5e: Pull complete 
16594fe0b0fc: Pull complete 
Digest: sha256:f809b70fcdcbb9216dfa40c6ab1bd293ca85e3eaf2d2c4d77ae9a1e80e0c82e5
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/lina:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/lina:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/lina@sha256:f809b70fcdcbb9216dfa40c6ab1bd293ca85e3eaf2d2c4d77ae9a1e80e0c82e5


>>> Install and Configure JumpServer
1. Check Configuration File
Path to Configuration file: /opt/jumpserver/config
/opt/jumpserver/config/config.txt  []
/opt/jumpserver/config/nginx/lb_http_server.conf  []
/opt/jumpserver/config/nginx/lb_ssh_server.conf  []
/opt/jumpserver/config/core/config.yml  []
/opt/jumpserver/config/koko/config.yml  []
/opt/jumpserver/config/mysql/my.cnf  []
/opt/jumpserver/config/redis/redis.conf  []
complete

2. Configure Nginx
configuration file: /opt/jumpserver/config/nginx/cert
/opt/jumpserver/config/nginx/cert/server.crt  []
/opt/jumpserver/config/nginx/cert/server.key  []
complete

3. Backup Configuration File
Back up to /opt/jumpserver/config/backup/config.txt.2021-03-26_10-26-53
complete

4. Configure Network
Do you want to support IPv6? (y/n)  (default n): complete

5. Configure Private Key
SECRETE_KEY:     ICAgICAgICBUWCBlcnJvcnMgMCAgZHJvcHBlZCAwIG92ZXJyd
BOOTSTRAP_TOKEN: ICAgICAgICBUWCBl
complete

6. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /opt/jumpserver? (y/n)  (default n): complete

7. Configure MySQL
Do you want to use external MySQL? (y/n)  (default n): complete

8. Configure Redis
Do you want to use external Redis? (y/n)  (default n): complete

>>> The Installation is Complete
1. You can use the following command to start, and then visit
./jmsctl.sh start

2. Other management commands
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
For more commands, you can enter ./jmsctl.sh --help to understand

3. Web access
http://172.17.0.3:8080
https://172.17.0.3:8443
Default username: admin  Default password: admin

4. SSH/SFTP access
ssh admin@172.17.0.3 -p2222
sftp -P2222 admin@172.17.0.3

5. More information
Offical Website: https://www.jumpserver.org/
Documentation: https://docs.jumpserver.org/


[root@docker36 ~]# cd /opt/jumpserver-installer-v2.8.2/
[root@docker36 jumpserver-installer-v2.8.2]# ll
总用量 28
drwxrwxr-x 3 root root 4096 318 14:41 compose
-rw-rw-r-- 1 root root 1863 3月  18 14:41 config-example.txt
drwxrwxr-x 7 root root   80 318 14:41 config_init
-rwxrwxr-x 1 root root 5503 318 14:41 jmsctl.sh
drwxrwxr-x 4 root root   27 318 14:41 locale
-rw-rw-r-- 1 root root 2603 3月  18 14:41 README.md
drwxrwxr-x 2 root root 4096 318 14:41 scripts
-rw-rw-r-- 1 root root   46 3月  26 11:54 static.env
drwxrwxr-x 2 root root   39 318 14:41 utils

[root@docker36 jumpserver-installer-v2.8.2]# ./jmsctl.sh start              
Creating network "jms_net" with driver "bridge"
Creating jms_redis ... done
Creating jms_mysql ... done
Creating jms_core  ... done
Creating jms_celery    ... done
Creating jms_guacamole ... done
Creating jms_lina      ... done
Creating jms_koko      ... done
Creating jms_luna      ... done
Creating jms_nginx     ... done

https://192.168.66.36:8443

http://192.168.66.36:8080/

提示:第一次登陆时,它会让我们重设密码;

提示:重设密码后,重新登录,jumpserver的首页就是下图这样;后续我们就可以在这个界面来管理内网服务器了;到此jumpserver服务器就搭建好了;

2.2、手动部署

cd /opt
yum -y install wget
wget https://github.com/jumpserver/installer/releases/download/v2.8.2/jumpserver-installer-v2.8.2.tar.gz
tar -xf jumpserver-installer-v2.8.2.tar.gz
cd jumpserver-installer-v2.8.2

cat config-example.txt
# 以下设置如果为空系统会自动生成随机字符串填入
## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置

## 安装配置
DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/var/lib/docker
SECRET_KEY=
BOOTSTRAP_TOKEN=
LOG_LEVEL=ERROR

## 使用外置 MySQL 配置
USE_EXTERNAL_MYSQL=0
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=
DB_NAME=jumpserver

## 使用外置 Redis 配置
USE_EXTERNAL_REDIS=0
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=

## Compose 项目设置
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=192.168.250.0/24

## IPV6
DOCKER_SUBNET_IPV6=2001:db8:10::/64
USE_IPV6=0

## Nginx 配置,这个 Nginx 是用来分发路径到不同的服务
HTTP_PORT=80
HTTPS_PORT=443
SSH_PORT=2222

## LB 配置, 这个 Nginx 是 HA 时可以启动负载均衡到不同的主机
USE_LB=0
LB_HTTP_PORT=80
LB_HTTPS_PORT=443
LB_SSH_PORT=2222

## Task 配置
USE_TASK=1

## XPack
USE_XPACK=0

# Mysql 容器配置
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=jumpserver

# Core 配置
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true

### Keycloak 配置方式
### AUTH_OPENID=true
### BASE_SITE_URL=https://jumpserver.company.com/
### AUTH_OPENID_SERVER_URL=https://keycloak.company.com/auth
### AUTH_OPENID_REALM_NAME=cmp
### AUTH_OPENID_CLIENT_ID=jumpserver
### AUTH_OPENID_CLIENT_SECRET=
### AUTH_OPENID_SHARE_SESSION=true
### AUTH_OPENID_IGNORE_SSL_VERIFICATION=true

# Koko 配置
CORE_HOST=http://core:8080

# Guacamole 配置
JUMPSERVER_SERVER=http://core:8080
JUMPSERVER_KEY_DIR=/config/guacamole/data/key/
JUMPSERVER_RECORD_PATH=/config/guacamole/data/record/
JUMPSERVER_DRIVE_PATH=/config/guacamole/data/drive/
JUMPSERVER_ENABLE_DRIVE=true
JUMPSERVER_CLEAR_DRIVE_SESSION=true
JUMPSERVER_CLEAR_DRIVE_SCHEDULE=24
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。