【DB宝48】JumpServer:多云环境下更好用的堡垒机(上)
【摘要】 一、JumpServer简介 1.1、页面展示 1.2、特色优势 1.3、功能列表 1.4、架构图 1.5、端口说明 1.6、产品组件 二、安装JumpServer 2.1、一键自动部署 2.2、手动部署 一、JumpServer简介JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 规范的运维安全审计系统。JumpServer 使用 Py...
一、JumpServer简介
JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 规范的运维安全审计系统。
JumpServer 使用 Python / Django 为主进行开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好。
JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向扩展,无资产数量及并发限制。
**官网网址:**https://www.jumpserver.org/
文档:https://docs.jumpserver.org/zh/master/
GitHub:https://github.com/jumpserver/jumpserver
1.1、页面展示
1.2、特色优势
- 开源: 零门槛,线上快速获取和安装;
- 分布式: 轻松支持大规模并发访问;
- 无插件: 仅需浏览器,极致的 Web Terminal 使用体验;
- 多云支持: 一套系统,同时管理不同云上面的资产;
- 云端存储: 审计录像云端存储,永不丢失;
- 多租户: 一套系统,多个子公司和部门同时使用;
- 多应用支持: 数据库,Windows远程应用,Kubernetes。
1.3、功能列表
| 身份认证 Authentication |
登录认证 | 资源统一登录与认证 |
| LDAP/AD 认证 | ||
| RADIUS 认证 | ||
| OpenID 认证(实现单点登录) | ||
| CAS 认证 (实现单点登录) | ||
| MFA认证 | MFA 二次认证(Google Authenticator) | |
| RADIUS 二次认证 | ||
| 登录复核 | 用户登录行为受管理员的监管与控制:small_orange_diamond: | |
| 账号管理 Account |
集中账号 | 管理用户管理 |
| 系统用户管理 | ||
| 统一密码 | 资产密码托管 | |
| 自动生成密码 | ||
| 自动推送密码 | ||
| 密码过期设置 | ||
| 批量改密 | 定期批量改密:small_orange_diamond: | |
| 多种密码策略:small_orange_diamond: | ||
| 多云纳管 | 对私有云、公有云资产自动统一纳管:small_orange_diamond: | |
| 收集用户 | 自定义任务定期收集主机用户:small_orange_diamond: | |
| 密码匣子 | 统一对资产主机的用户密码进行查看、更新、测试操作:small_orange_diamond: | |
| 授权控制 Authorization |
多维授权 | 对用户、用户组、资产、资产节点、应用以及系统用户进行授权 |
| 资产授权 | 资产以树状结构进行展示 | |
| 资产和节点均可灵活授权 | ||
| 节点内资产自动继承授权 | ||
| 子节点自动继承父节点授权 | ||
| 应用授权 | 实现更细粒度的应用级授权 | |
| MySQL 数据库应用、RemoteApp 远程应用:small_orange_diamond: | ||
| 动作授权 | 实现对授权资产的文件上传、下载以及连接动作的控制 | |
| 时间授权 | 实现对授权资源使用时间段的限制 | |
| 特权指令 | 实现对特权指令的使用(支持黑白名单) | |
| 命令过滤 | 实现对授权系统用户所执行的命令进行控制 | |
| 文件传输 | SFTP 文件上传/下载 | |
| 文件管理 | 实现 Web SFTP 文件管理 | |
| 工单 管理 | 支持对用户登录请求行为进行控制:small_orange_diamond: | |
| 组织管理 | 实现多租户管理与权限隔离:small_orange_diamond: | |
| 安全审计 Audit |
操作审计 | 用户操作行为审计 |
| 会话审计 | 在线会话内容审计 | |
| 历史会话内容审计 | ||
| 录像审计 | 支持对 Linux、Windows 等资产操作的录像进行回放审计 | |
| 支持对 RemoteApp:small_orange_diamond:、MySQL 等应用操作的录像进行回放审计 | ||
| 指令审计 | 支持对资产和应用等操作的命令进行审计 | |
| 文件传输 | 可对文件的上传、下载记录进行审计 | |
| 数据库审计 Database |
连接方式 | 命令方式 |
| Web UI方式 :small_orange_diamond: | ||
| 支持的数据库 | MySQL | |
| Oracle :small_orange_diamond: | ||
| MariaDB :small_orange_diamond: | ||
| PostgreSQL :small_orange_diamond: | ||
| 功能亮点 | 语法高亮 | |
| SQL格式化 | ||
| 支持快捷键 | ||
| 支持选中执行 | ||
| SQL历史查询 | ||
| 支持页面创建 DB, TABLE | ||
| 会话审计 | 命令记录 | |
| 录像回放 |
1.4、架构图
- 首先前端是nginx提供的动态页面,可以通过浏览器来进行访问;
- 接着jumpserver为管理后台,管理员可以通过web页面进行资产管理、用户管理、资产授权等操作,用户可以通过web页面进行资产登录、文件管理等操作;
- coco 为ssh server和 web terminal server,用户可以使用自己的账户通过ssh或者web terminal访问ssh协议和telnet协议资产;
- Luna 为web terminal server前端页面,用户使用web terminal方式登录所需要的组件;
- Guacamole 为RDP协议和vnc协议资产组件,用户可以通过web terminal来连接RDP协议和vnc协议资产(暂时只能通过web terminal来访问);
1.5、端口说明
端口涉及如下端口:
- Jumpserver 默认端口为 8080/tcp ,浏览器访问的端口
- Coco 默认 SSH 端口为 2222/tcp,Web Terminal默认 端口为 5000/tcp ,通过ssh连接的时候使用的端口
- Guacamole 默认端口为 8081/tcp
- Nginx 默认端口为 80/tcp
- Redis 默认端口为 6379/tcp
- Mysql/Mariadb 默认端口为 3306/tcp
1.6、产品组件
-
Jumpserver:管理后台,是核心组件(Core), 使用 Django Class Based View 风格开发,支持 Restful API。
-
Coco:Coco为 SSH Server 和 Web Terminal Server。用户可以通过使用自己的账户登录 SSH 或者 Web Terminal直接访问被授权的资产。不需要知道服务器的账户和密码,现在 Coco 已经被 koko 取代。
-
Luna:luna 为 Web Terminal Server 前端页面,用户使用 Web Terminal 方式登录时所需要的插件。
-
Guacamole:Guacamole是一个开源项目,为远程桌面提供解决方案。Jumpserver 使用其组件实现 RDP和VNC 功能,Jumpserver 并没有修改其代码而是添加了额外的插件,支持 Jumpserver 调用。
二、安装JumpServer
- 极速安装:https://docs.jumpserver.org/zh/master/install/setup_by_fast/
- 完整文档:https://docs.jumpserver.org
- 演示视频:https://www.bilibili.com/video/BV1ZV41127GB
有2种安装方式,可以一键自动部署,也可以手动部署,建议一键自动部署。
2.1、一键自动部署
仅需两步快速安装 JumpServer:
- 准备一台 2核4G (最低)且可以访问互联网的 64 位 Linux 主机;
- 以 root 用户执行如下命令一键安装 JumpServer。
-- 一键安装启动
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.8.2/quick_start.sh | bash
-- 注意:安装过程需要下载docker环境,重启docker,下载很多镜像,最后大约占用空间3g左右,安装时间大约30分钟。
[root@docker36 jumpserver-installer-v2.8.2]# docker images | grep jumpserver
jumpserver/core v2.8.2 f3dd5c1946ec 2 days ago 1.01GB
jumpserver/guacamole v2.8.2 8869e8512eec 2 days ago 824MB
jumpserver/lina v2.8.2 98abb9179db1 2 days ago 27.9MB
jumpserver/luna v2.8.2 d2e17fada2f6 2 days ago 27MB
jumpserver/koko v2.8.2 40cdabc32153 2 days ago 426MB
jumpserver/mysql 5 697daaecf703 3 months ago 448MB
jumpserver/redis 6-alpine f731cd48185c 3 months ago 31.6MB
jumpserver/nginx alpine2 b47070d178ad 18 months ago 18.5MB
-- 若不能下载,请添加以下解析:
echo "
13.229.188.59 github.com
199.232.4.133 raw.githubusercontent.com
" >> /etc/hosts
echo "
nameserver 114.114.114.114
nameserver 8.8.8.8
nameserver 223.5.5.5
" > /etc/resolv.conf
-- 启动
cd /opt/jumpserver-installer-v2.8.2/
./jmsctl.sh start
-- 会启动9个容器,创建一个网络叫jms_net,子网为:"192.168.250.0/24"
-- 首次启动可能会报错,可以使用命令“docker logs -f jms_core --tail 200”查看,等表结构合并完毕后,确定该命令输出都是 ok, 没有 error, 重新 start 即可,详见https://docs.jumpserver.org/zh/master/install/setup_by_fast/
-- Web访问
http://192.168.66.36:8080
https://192.168.66.36:8443
(默认用户名密码为:admin/admin)
-- 启动后的容器和状态
[root@docker36 jumpserver-installer-v2.8.2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26b95ecb8900 jumpserver/nginx:alpine2 "sh -c 'crond -b -d …" 57 seconds ago Up 51 seconds (healthy) 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp jms_nginx
9c25659c23c4 jumpserver/luna:v2.8.2 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) 80/tcp jms_luna
c8d74738aaa2 jumpserver/lina:v2.8.2 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) 80/tcp jms_lina
bc24581c6d0a jumpserver/koko:v2.8.2 "./entrypoint.sh" About a minute ago Up About a minute (healthy) 0.0.0.0:2222->2222/tcp, 5000/tcp jms_koko
cc17285dc6ec jumpserver/guacamole:v2.8.2 "/init" About a minute ago Up About a minute (healthy) 8080/tcp jms_guacamole
edac0a216aa3 jumpserver/core:v2.8.2 "./entrypoint.sh sta…" About a minute ago Up About a minute (healthy) 8070/tcp, 8080/tcp jms_celery
2ca03ab4d62d jumpserver/core:v2.8.2 "./entrypoint.sh sta…" 11 minutes ago Up 11 minutes (healthy) 8070/tcp, 8080/tcp jms_core
69e9bdede65f jumpserver/redis:6-alpine "docker-entrypoint.s…" 13 minutes ago Up 13 minutes (healthy) 6379/tcp jms_redis
c73896dc22ad jumpserver/mysql:5 "docker-entrypoint.s…" 13 minutes ago Up 13 minutes (healthy) 3306/tcp, 33060/tcp jms_mysql
[root@docker36 jumpserver-installer-v2.8.2]#
[root@docker36 jumpserver-installer-v2.8.2]# ./jmsctl.sh status
Name Command State Ports
-----------------------------------------------------------------------------------------------------------
jms_celery ./entrypoint.sh start task Up (healthy) 8070/tcp, 8080/tcp
jms_core ./entrypoint.sh start web Up (healthy) 8070/tcp, 8080/tcp
jms_guacamole /init Up (healthy) 8080/tcp
jms_koko ./entrypoint.sh Up (healthy) 0.0.0.0:2222->2222/tcp, 5000/tcp
jms_lina /docker-entrypoint.sh ngin ... Up (healthy) 80/tcp
jms_luna /docker-entrypoint.sh ngin ... Up (healthy) 80/tcp
jms_mysql docker-entrypoint.sh --cha ... Up (healthy) 3306/tcp, 33060/tcp
jms_nginx sh -c crond -b -d 8 && ngi ... Up (healthy) 0.0.0.0:8443->443/tcp, 0.0.0.0:8080->80/tcp
jms_redis docker-entrypoint.sh redis ... Up (healthy) 6379/tcp
执行过程:
[root@docker36 ~]# curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.8.2/quick_start.sh | bash
download install script to /opt/jumpserver-installe (开始下载安装脚本到 /opt/jumpserver-installe)
██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
Version: v2.8.2
语言 Language (cn/en) (default cn):
>>> Install and Configure Docker
1. Install Docker
Starting to download Docker engine ...
complete
Starting to download Docker Compose binary ...
complete
2. Configure Docker
是否需要自定义 Docker 数据目录, 默认将使用 /var/lib/docker 目录? (y/n) (default n): complete
3. Start Docker
Docker version has changed or Docker configuration file has been changed, do you want to restart? (y/n) (default y): complete
>>> Loading Docker Image
[jumpserver/redis:6-alpine]
6-alpine: Pulling from jumpserver/redis
05e7bc50f07f: Pull complete
14c9d57a1c7f: Pull complete
ccd033d7ec06: Pull complete
6ff79b059f99: Pull complete
d91237314b77: Pull complete
c47d41ba6aa8: Pull complete
Digest: sha256:4920debee18fad71841ce101a7867743ff8fe7d47e6191b750c3edcfffc1cb18
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/redis:6-alpine
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/redis:6-alpine
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/redis@sha256:4920debee18fad71841ce101a7867743ff8fe7d47e6191b750c3edcfffc1cb18
[jumpserver/mysql:5]
5: Pulling from jumpserver/mysql
6ec7b7d162b2: Pull complete
fedd960d3481: Pull complete
7ab947313861: Pull complete
64f92f19e638: Pull complete
3e80b17bff96: Pull complete
014e976799f9: Pull complete
59ae84fee1b3: Pull complete
7d1da2a18e2e: Pull complete
301a28b700b9: Pull complete
979b389fc71f: Pull complete
403f729b1bad: Pull complete
Digest: sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql:5
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql:5
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql@sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
[jumpserver/nginx:alpine2]
alpine2: Pulling from jumpserver/nginx
c87736221ed0: Pull complete
6ff0ab02fe54: Pull complete
e5b318df7728: Pull complete
b7a5a4fe8726: Pull complete
Digest: sha256:d25ed0a8c1b4957f918555c0dbda9d71695d7b336d24f7017a87b2081baf1112
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx:alpine2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx:alpine2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx@sha256:d25ed0a8c1b4957f918555c0dbda9d71695d7b336d24f7017a87b2081baf1112
[jumpserver/luna:v2.8.2]
v2.8.2: Pulling from jumpserver/luna
801bfaa63ef2: Pull complete
b1242e25d284: Pull complete
7453d3e6b909: Pull complete
07ce7418c4f8: Pull complete
e295e0624aa3: Pull complete
4363a3b6ab61: Pull complete
7270d1c7bfd7: Pull complete
Digest: sha256:47f6bc784a2c8b0bfdfdfc465bb5b62012122dc1cd83257afa09edb7d027bdca
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/luna:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/luna:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/luna@sha256:47f6bc784a2c8b0bfdfdfc465bb5b62012122dc1cd83257afa09edb7d027bdca
[jumpserver/core:v2.8.2]
v2.8.2: Pulling from jumpserver/core
6ec7b7d162b2: Already exists
80ff6536d04b: Pull complete
2d04da85e485: Pull complete
998aa32a5c8a: Pull complete
7733ef26f344: Pull complete
d441f02b2497: Pull complete
64cad81ca92c: Pull complete
cf134c77199b: Pull complete
5c09bcf88bcf: Pull complete
fe2b4e1dc49b: Pull complete
328b09a36265: Pull complete
c5b2c15fd6d6: Pull complete
88d58a6b84f5: Pull complete
Digest: sha256:13a53d3ad8e67c7e25890e44aeaac0dfe9d0f23d75f420bd536181897a0a57a2
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/core:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/core:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/core@sha256:13a53d3ad8e67c7e25890e44aeaac0dfe9d0f23d75f420bd536181897a0a57a2
[jumpserver/koko:v2.8.2]
v2.8.2: Pulling from jumpserver/koko
6d28e14ab8c8: Pull complete
0df8b93ef734: Pull complete
64e864129ede: Pull complete
0a873335f747: Pull complete
72734be47e36: Pull complete
210e6f3fd739: Pull complete
68eb2bfabdf9: Pull complete
2b514aadeb8d: Pull complete
b06884356f2d: Pull complete
48b4106b3314: Pull complete
c06b5a09cb3a: Pull complete
52981c83908c: Pull complete
4a31deb17aed: Pull complete
8080af3428ec: Pull complete
d45214541239: Pull complete
Digest: sha256:0e6b2c718c2bbc046d22240d245014361c4f151d0668efab3a0bdc3d6025fd27
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/koko:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/koko:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/koko@sha256:0e6b2c718c2bbc046d22240d245014361c4f151d0668efab3a0bdc3d6025fd27
[jumpserver/guacamole:v2.8.2]
v2.8.2: Pulling from jumpserver/guacamole
6c33745f49b4: Pull complete
ef072fc32a84: Pull complete
c0afb8e68e0b: Pull complete
d599c07d28e6: Pull complete
e8a829023b97: Pull complete
2709df21cc5c: Pull complete
3bfb431a8cf5: Pull complete
bb9822eef866: Pull complete
5842bda2007b: Pull complete
453a23f25fcb: Pull complete
95325cfda054: Pull complete
d0bba8ca7733: Pull complete
77ed1f7e99c3: Pull complete
7c218a3bc8c8: Pull complete
b9b23e074906: Pull complete
6eb77dc135e9: Pull complete
5805059e25b4: Pull complete
8687f3be3de5: Pull complete
b3a371cb4926: Pull complete
0e0115337931: Pull complete
8871470a6d50: Pull complete
0983df4b79d8: Pull complete
97e3ae311d7b: Pull complete
033a9d7411c6: Pull complete
Digest: sha256:f6587bb65eb40dd101144ee89432a0310c46b245dcebc61965ae4de34fd82775
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole@sha256:f6587bb65eb40dd101144ee89432a0310c46b245dcebc61965ae4de34fd82775
[jumpserver/lina:v2.8.2]
v2.8.2: Pulling from jumpserver/lina
801bfaa63ef2: Already exists
b1242e25d284: Already exists
7453d3e6b909: Already exists
07ce7418c4f8: Already exists
e295e0624aa3: Already exists
f2cd4bacfc5e: Pull complete
16594fe0b0fc: Pull complete
Digest: sha256:f809b70fcdcbb9216dfa40c6ab1bd293ca85e3eaf2d2c4d77ae9a1e80e0c82e5
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/lina:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/lina:v2.8.2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/lina@sha256:f809b70fcdcbb9216dfa40c6ab1bd293ca85e3eaf2d2c4d77ae9a1e80e0c82e5
>>> Install and Configure JumpServer
1. Check Configuration File
Path to Configuration file: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/nginx/lb_http_server.conf [ √ ]
/opt/jumpserver/config/nginx/lb_ssh_server.conf [ √ ]
/opt/jumpserver/config/core/config.yml [ √ ]
/opt/jumpserver/config/koko/config.yml [ √ ]
/opt/jumpserver/config/mysql/my.cnf [ √ ]
/opt/jumpserver/config/redis/redis.conf [ √ ]
complete
2. Configure Nginx
configuration file: /opt/jumpserver/config/nginx/cert
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
complete
3. Backup Configuration File
Back up to /opt/jumpserver/config/backup/config.txt.2021-03-26_10-26-53
complete
4. Configure Network
Do you want to support IPv6? (y/n) (default n): complete
5. Configure Private Key
SECRETE_KEY: ICAgICAgICBUWCBlcnJvcnMgMCAgZHJvcHBlZCAwIG92ZXJyd
BOOTSTRAP_TOKEN: ICAgICAgICBUWCBl
complete
6. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /opt/jumpserver? (y/n) (default n): complete
7. Configure MySQL
Do you want to use external MySQL? (y/n) (default n): complete
8. Configure Redis
Do you want to use external Redis? (y/n) (default n): complete
>>> The Installation is Complete
1. You can use the following command to start, and then visit
./jmsctl.sh start
2. Other management commands
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
For more commands, you can enter ./jmsctl.sh --help to understand
3. Web access
http://172.17.0.3:8080
https://172.17.0.3:8443
Default username: admin Default password: admin
4. SSH/SFTP access
ssh admin@172.17.0.3 -p2222
sftp -P2222 admin@172.17.0.3
5. More information
Offical Website: https://www.jumpserver.org/
Documentation: https://docs.jumpserver.org/
[root@docker36 ~]# cd /opt/jumpserver-installer-v2.8.2/
[root@docker36 jumpserver-installer-v2.8.2]# ll
总用量 28
drwxrwxr-x 3 root root 4096 3月 18 14:41 compose
-rw-rw-r-- 1 root root 1863 3月 18 14:41 config-example.txt
drwxrwxr-x 7 root root 80 3月 18 14:41 config_init
-rwxrwxr-x 1 root root 5503 3月 18 14:41 jmsctl.sh
drwxrwxr-x 4 root root 27 3月 18 14:41 locale
-rw-rw-r-- 1 root root 2603 3月 18 14:41 README.md
drwxrwxr-x 2 root root 4096 3月 18 14:41 scripts
-rw-rw-r-- 1 root root 46 3月 26 11:54 static.env
drwxrwxr-x 2 root root 39 3月 18 14:41 utils
[root@docker36 jumpserver-installer-v2.8.2]# ./jmsctl.sh start
Creating network "jms_net" with driver "bridge"
Creating jms_redis ... done
Creating jms_mysql ... done
Creating jms_core ... done
Creating jms_celery ... done
Creating jms_guacamole ... done
Creating jms_lina ... done
Creating jms_koko ... done
Creating jms_luna ... done
Creating jms_nginx ... done
提示:第一次登陆时,它会让我们重设密码;
提示:重设密码后,重新登录,jumpserver的首页就是下图这样;后续我们就可以在这个界面来管理内网服务器了;到此jumpserver服务器就搭建好了;
2.2、手动部署
cd /opt
yum -y install wget
wget https://github.com/jumpserver/installer/releases/download/v2.8.2/jumpserver-installer-v2.8.2.tar.gz
tar -xf jumpserver-installer-v2.8.2.tar.gz
cd jumpserver-installer-v2.8.2
cat config-example.txt
# 以下设置如果为空系统会自动生成随机字符串填入
## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
## 安装配置
DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/var/lib/docker
SECRET_KEY=
BOOTSTRAP_TOKEN=
LOG_LEVEL=ERROR
## 使用外置 MySQL 配置
USE_EXTERNAL_MYSQL=0
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=
DB_NAME=jumpserver
## 使用外置 Redis 配置
USE_EXTERNAL_REDIS=0
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
## Compose 项目设置
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=192.168.250.0/24
## IPV6
DOCKER_SUBNET_IPV6=2001:db8:10::/64
USE_IPV6=0
## Nginx 配置,这个 Nginx 是用来分发路径到不同的服务
HTTP_PORT=80
HTTPS_PORT=443
SSH_PORT=2222
## LB 配置, 这个 Nginx 是 HA 时可以启动负载均衡到不同的主机
USE_LB=0
LB_HTTP_PORT=80
LB_HTTPS_PORT=443
LB_SSH_PORT=2222
## Task 配置
USE_TASK=1
## XPack
USE_XPACK=0
# Mysql 容器配置
MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=jumpserver
# Core 配置
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true
### Keycloak 配置方式
### AUTH_OPENID=true
### BASE_SITE_URL=https://jumpserver.company.com/
### AUTH_OPENID_SERVER_URL=https://keycloak.company.com/auth
### AUTH_OPENID_REALM_NAME=cmp
### AUTH_OPENID_CLIENT_ID=jumpserver
### AUTH_OPENID_CLIENT_SECRET=
### AUTH_OPENID_SHARE_SESSION=true
### AUTH_OPENID_IGNORE_SSL_VERIFICATION=true
# Koko 配置
CORE_HOST=http://core:8080
# Guacamole 配置
JUMPSERVER_SERVER=http://core:8080
JUMPSERVER_KEY_DIR=/config/guacamole/data/key/
JUMPSERVER_RECORD_PATH=/config/guacamole/data/record/
JUMPSERVER_DRIVE_PATH=/config/guacamole/data/drive/
JUMPSERVER_ENABLE_DRIVE=true
JUMPSERVER_CLEAR_DRIVE_SESSION=true
JUMPSERVER_CLEAR_DRIVE_SCHEDULE=24
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)