堡垒机Jumpserver部署

   日期:2020-09-02     浏览:102    评论:0    
核心提示:一、安装环境准备1.1 Jumpserver 环境要求:系统: CentOS 7 硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低) 操作系统: Linux 发行版 x86_64 Python = 3.6.x Mysql Server ≥ 5.6 Mariadb Server ≥ 5.5.56 Redis1.2关闭 selinux 和防火墙# CentOS 7[root@centos-02 ~]# setenforce 0 //临时关闭SELinux[roo.

目录

Jumpserver概述

一、安装环境准备

1.1 Jumpserver 环境要求:

1.2 关闭 selinux 和防火墙

1.3 准备 Python3 和 Python 虚拟环境

1.3.1 安装依赖包及安装Python3

1.3.2  建立Python虚拟环境

二、安装Jumpserver

2.1 下载zip包或clone项目

2.2 安装Redis,Jumpserver使用Redis做cache和celery broke

2.3 安装Mysql

2.3.1 yum安装

2.3.2 源码包安装

2.4 创建数据库Jumpserver并授权

2.5 修改Jumpserver配置文件

2.6 生成数据库表结构和初始化数据

2.7 运行Jumpserver

三、部署KoKo组件

3.1 下载安装

3.2 修改配置文件

3.3 运行koko

四、Docker 部署Guacamole组件

4.1 Docker安装 (仅针对CentOS7,安装Docker相对比较复杂)

4.1.1 安装依赖

4.1.2 安装docker

4.1.3 启动Docker

4.2 部署启动Guacamole 

五、下载Lina组件

六、下载Luna组件

七、配置Nginx整合各组件

八、开始使用Jumpserver

Jumpserver概述

是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能。基于ssh协议来管理,客户端无需安装agent。 特点: 完全开源,GPL授权 Python编写,容易再次开发 实现了跳板机基本功能,认证、授权、审计 集成了Ansible

一、安装环境准备

1.1 Jumpserver 环境要求:

  • 系统: CentOS 7
  • 硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
  • 操作系统: Linux 发行版 x86_64
  • Python = 3.6.x
  • Mysql Server ≥ 5.6
  • Mariadb Server ≥ 5.5.56
  • Redis

1.2 关闭 selinux 和防火墙

# CentOS 7
[[root@jumpserver ~]# setenforce 0  //临时关闭SELinux
[[root@jumpserver ~]# sed -i '7s/enforcing/disabled/' /etc/selinux/config  //设置配置文件永久关闭
[[root@jumpserver ~]# systemctl stop iptables.service
[[root@jumpserver ~]# systemctl stop firewalld.service

# 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
[[root@jumpserver ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[[root@jumpserver ~]# export LC_ALL=zh_CN.UTF-8
[[root@jumpserver ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

1.3 准备 Python3 和 Python 虚拟环境

最新的jumpserver环境依赖于Python3

1.3.1 安装依赖包及安装Python3

[root@jumpserver ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel opel-release git
//下载python3 编译安装
[root@jumpserver ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[root@jumpserver ~]# tar zxvf Python-3.6.1.tar.xz && cd Python-3.6.1
[root@jumpserver Python-3.6.1]# ./configure && make && make install

1.3.2  建立Python虚拟环境

CentOS 7 自带的是python2,而yum等工具依赖原来单独python,为了不影响原来等环境我们来使用Python虚拟环境

[root@jumpserver ~]# cd /opt/
[root@jumpserver opt]# python3 -m venv py3
[root@jumpserver opt]# source /opt/py3/bin/activate
看到下面的提示符代表成功,以后运行jumpserver都要先运行以上source命令,以下所有命令均在虚拟环境中运行
(py3) [root@jumpserver opt]#    # 退出虚拟环境可以使用 deactivate 命令

自动载入python虚拟环境配置,防止运行Jumpserver时忘记载入Python虚拟环境导致程序无法运行;使用autoenv

(py3) [root@jumpserver opt]# git clone git://github.com/kennethreitz/autoenv.git
正克隆到 'autoenv'...
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 688 (delta 5), reused 9 (delta 3), pack-reused 672
接收对象中: 100% (688/688), 111.91 KiB | 34.00 KiB/s, done.
处理 delta 中: 100% (362/362), done.
(py3) [root@jumpserver opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
(py3) [root@jumpserver opt]# source ~/.bashrc

二、安装Jumpserver

组件说明
JumpServer 为管理后台, 管理员可以通过 Web 页面进行资产管理、用户管理、资产授权等操作, 用户可以通过 Web 页面进行资产登录, 文件管理等操作
koko 为 SSH Server 和 Web Terminal Server 。用户可以使用自己的账户通过 SSH 或者 Web Terminal 访问 SSH 协议和 Telnet 协议资产
Luna 为 Web Terminal Server 前端页面, 用户使用 Web Terminal 方式登录所需要的组件
Guacamole 为 RDP 协议和 VNC 协议资产组件, 用户可以通过 Web Terminal 来连接 RDP 协议和 VNC 协议资产 (暂时只能通过 Web Terminal 来访问)

端口说明
JumpServer 默认 Web 端口为 8080/tcp, 默认 WS 端口为 8070/tcp, 配置文件 jumpserver/config.yml
koko 默认 SSH 端口为 2222/tcp, 默认 Web Terminal 端口为 5000/tcp 配置文件在 koko/config.yml
Guacamole 默认端口为 8081/tcp, 配置文件 /config/tomcat9/conf/server.xml
Nginx 默认端口为 80/tcp
Redis 默认端口为 6379/tcp
Mysql 默认端口为 3306/tcp

2.1 下载zip包或clone项目

下载zip包

(py3) [root@jumpserver opt]#  wget -O jumpserver.tar.gz https://github.com/jumpserver/jumpserver/archive/2.0.1.tar.gz
(py3) [root@jumpserver opt]# tar xf jumpserver.tar.gz
(py3) [root@jumpserver opt]# mv jumpserver-2.0.1 jumpserver

clone项目

(py3) [root@jumpserver opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver
正克隆到 'jumpserver'...
remote: Enumerating objects: 1195, done.
remote: Counting objects: 100% (1195/1195), done.
remote: Compressing objects: 100% (1049/1049), done.
remote: Total 1195 (delta 185), reused 646 (delta 91), pack-reused 0
接收对象中: 100% (1195/1195), 6.35 MiB | 113.00 KiB/s, done.
处理 delta 中: 100% (185/185), done.
(py3) [root@jumpserver jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
(py3) [root@jumpserver jumpserver]# pwd
/opt/jumpserver

安装编译环境依赖

(py3) [root@jumpserver jumpserver]# cd requirements/
autoenv:
autoenv: WARNING:
autoenv: This is the first time you are about to source /opt/jumpserver/.env:
autoenv:
autoenv:   --- (begin contents) ---------------------------------------
autoenv:     source /opt/py3/bin/activate$
autoenv:
autoenv:   --- (end contents) -----------------------------------------
autoenv:
autoenv: Are you sure you want to allow this? (y/N) y  //# 首次进入 jumpserver 文件夹会有提示,按 y 即可
(py3) [root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@jumpserver requirements]# pip install -r requirements.txt 

安装成功如下图:

2.2 安装Redis,Jumpserver使用Redis做cache和celery broke

(py3) [root@jumpserver requirements]# yum -y install redis
(py3) [root@jumpserver requirements]# systemctl start redis
(py3) [root@jumpserver requirements]# systemctl enable redis

2.3 安装Mysql

安装有两种方式

2.3.1 yum安装

(py3) [root@jumpserver requirements]# yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@jumpserver requirements]# systemctl enable mariadb
(py3) [root@jumpserver requirements]# systemctl start mariadb

2.3.2 源码包安装

这里以源码包安装,之前已安装过的。

参考文章:Mysql安装

2.4 创建数据库Jumpserver并授权

(py3) [root@jumpserver requirements]# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`  # 生成随机数据库密码
(py3) [root@jumpserver requirements]# echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
 你的数据库密码是 uExOpNsl2puwDESYt7ZFeJiM 
(py3) [root@jumpserver requirements]# mysql -uroot -p -h127.0.0.1 -e "create database jumpserver default charset 'utf8' collate 'utf8_bin'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
Enter password:

2.5 修改Jumpserver配置文件

(py3) [root@jumpserver requirements]# cd /opt/jumpserver
(py3) [root@jumpserver jumpserver]# cp config_example.yml config.yml
(py3) [root@jumpserver jumpserver]# egrep -v '^(#|$)' config.yml  # 此文件为没修过之前的
SECRET_KEY:
BOOTSTRAP_TOKEN:
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: 
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
——————————————————————————————————————————————————————————————————————————————————————
(py3) [root@jumpserver jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3) [root@jumpserver jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@jumpserver jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3) [root@jumpserver jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@jumpserver jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# 
(py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
 你的SECRET_KEY是 OTaIqZyeaME94Ghs6yY7GmSxfwuTBgEW1qpGbu4jGpUIdMRqtN 
(py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
 你的BOOTSTRAP_TOKEN是 g6nJQeXTiyAvotqt 
(py3) [root@jumpserver jumpserver]# sed -i '/DB_ENGINE: mysql/i\class DevelopmentConfig(Config):' /opt/jumpserver/config.yml  //一定要添加class这段,不然数据库初始化数据的时候会报错
(py3) [root@jumpserver jumpserver]# egrep -v '^(#|$)' /opt/jumpserver/config.yml # 修改完后的文件
SECRET_KEY: OTaIqZyeaME94Ghs6yY7GmSxfwuTBgEW1qpGbu4jGpUIdMRqtN
BOOTSTRAP_TOKEN: g6nJQeXTiyAvotqt
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
class DevelopmentConfig(Config):
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: uExOpNsl2puwDESYt7ZFeJiM
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379

2.6 生成数据库表结构和初始化数据

(py3) [root@jumpserver jumpserver]# cd /opt/jumpserver/utils
(py3) [root@jumpserver utils]# bash make_migrations.sh
……………………
  Applying orgs.0005_auto_20200721_1937... OK
  Applying orgs.0006_auto_20200721_1937... OK
  Applying orgs.0007_auto_20200728_1805... OK
  Applying orgs.0008_auto_20200819_2041... OK
  Applying users.0020_auto_20190612_1825... OK
  Applying users.0021_auto_20190625_1104... OK
  Applying users.0022_auto_20190625_1105... OK
  Applying users.0023_auto_20190724_1525... OK
  Applying users.0024_auto_20191118_1612... OK
  Applying users.0025_auto_20200206_1216... OK
  Applying users.0026_auto_20200508_2105... OK
  Applying users.0027_auto_20200616_1503... OK
  Applying users.0028_auto_20200728_1805... OK
  Applying perms.0010_auto_20191218_1705... OK
  Applying perms.0011_auto_20200721_1739... OK
  Applying perms.0012_k8sapppermission... OK
  Applying sessions.0001_initial... OK
  Applying settings.0001_initial... OK
  Applying terminal.0001_initial... OK
  Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
  Applying terminal.0010_auto_20180423_1140... OK
  Applying terminal.0011_auto_20180807_1116... OK
  Applying terminal.0012_auto_20180816_1652... OK
  Applying terminal.0013_auto_20181123_1113... OK
  Applying terminal.0014_auto_20181226_1441... OK
  Applying terminal.0015_auto_20190923_1529... OK
  Applying terminal.0016_commandstorage_replaystorage... OK
  Applying terminal.0017_auto_20191125_0931... OK
  Applying terminal.0018_auto_20191202_1010... OK
  Applying terminal.0019_auto_20191206_1000... OK
  Applying terminal.0020_auto_20191218_1721... OK
  Applying terminal.0021_auto_20200213_1316... OK
  Applying terminal.0022_session_is_success... OK
  Applying terminal.0023_command_risk_level... OK
  Applying terminal.0024_auto_20200715_1713... OK
  Applying terminal.0025_auto_20200810_1735... OK
  Applying tickets.0001_initial... OK
  Applying tickets.0002_auto_20200728_1146... OK
  Applying tickets.0003_auto_20200804_1551... OK
  Applying users.0029_auto_20200814_1650... OK
  Applying users.0030_auto_20200819_2041... OK

2.7 运行Jumpserver

(py3) [root@jumpserver utils]# cd /opt/jumpserver/
(py3) [root@jumpserver jumpserver]# ./jms start all -d
//新版本更新了运行脚本, 使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数

三、部署KoKo组件

3.1 下载安装

(py3) [root@jumpserver jumpserver]# cd /opt/
(py3) [root@jumpserver opt]# wget https://github.com/jumpserver/koko/releases/download/2.0.1/koko-master-linux-amd64.tar.gz
(py3) [root@jumpserver opt]# tar -xf koko-master-linux-amd64.tar.gz
(py3) [root@jumpserver opt]# chown -R root:root kokodir
(py3) [root@jumpserver opt]# cd kokodir
(py3) [root@jumpserver kokodir]# cp config_example.yml config.yml

3.2 修改配置文件

(py3) [root@jumpserver kokodir]# egrep -v '^(#|$)' config.yml  # 修改之前
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>
——————————————————————————————————————————————————————————————————————————————————————
(py3) [root@jumpserver kokodir]# sed -i.bak 's/<PleasgeChangeSameWithJumpserver>//g' /opt/kokodir/config.yml
(py3) [root@jumpserver kokodir]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/kokodir/config.yml
(py3) [root@jumpserver kokodir]# sed -i 's/# REDIS_HOST: 127.0.0.1/REDIS_HOST: 127.0.0.1/g' /opt/kokodir/config.yml
(py3) [root@jumpserver kokodir]# sed -i 's/# REDIS_PORT: 6379/REDIS_PORT: 6379/g' /opt/kokodir/config.yml
(py3) [root@jumpserver kokodir]# sed -i 's/# REDIS_DB_ROOM:/REDIS_DB_ROOM: 6/g' /opt/kokodir/config.yml
(py3) [root@jumpserver kokodir]# egrep -v '^(#|$)' config.yml  # 修改之后的配置
CORE_HOST: http://127.0.0.1:8080
//BOOTSTRAP_TOKEN请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: g6nJQeXTiyAvotqt  
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_DB_ROOM: 6

3.3 运行koko

(py3) [root@jumpserver kokodir]# ./koko -d  (-d参数在后台运行)

四、Docker 部署Guacamole组件

安装 Windows 支持组件(如果不需要管理 windows 资产,可以直接跳过这一步)

因为手动安装 guacamole 组件比较复杂,这里提供打包好的 docker 使用, 启动 guacamole

 

4.1 Docker安装 (仅针对CentOS7,安装Docker相对比较复杂)

4.1.1 安装依赖

(py3) [root@jumpserver kokodir]# cd
(py3) [root@jumpserver ~]# yum remove docker-latest-logrotate  docker-logrotate  docker-selinux dockdocker-engine
(py3) [root@jumpserver ~]# yum install -y yum-utils  device-mapper-persistent-data lvm2

4.1.2 安装docker

①添加docker官方源

(py3) [root@jumpserver ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
(py3) [root@jumpserver ~]# yum makecache fast
(py3) [root@jumpserver ~]# yum install docker-ce

② 国内部分用户可能无法连接docker官网提供的源,这里提供阿里云的镜像节点供测试使用

(py3) [root@jumpserver ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(py3) [root@jumpserver ~]# rpm --import http://mirrors.aliyun.com/docker-ce/linux/centos/gpg
(py3) [root@jumpserver ~]# yum makecache fast
(py3) [root@jumpserver ~]# yum -y install docker-ce

4.1.3 启动Docker

(py3) [root@jumpserver ~]# systemctl start docker
(py3) [root@jumpserver ~]# systemctl status docker

4.2 部署启动Guacamole 

这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义
修改 JUMPSERVER_SERVER 环境变量的配置,填上 Jumpserver 的内网地址

 说明:

docker run --name jms_guacamole -d \
  -p 127.0.0.1:8081:8080 \
  -e JUMPSERVER_SERVER=http://<Jumpserver_url> \
  -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> \
  -e GUACAMOLE_LOG_LEVEL=ERROR \
  jumpserver/jms_guacamole:<Tag>
<Jumpserver_url> 为 JumpServer 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本

# http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.1.128:8080
# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 

(py3) [root@jumpserver ~]# Server_IP=`ifconfig |grep -A3 ens33|awk NR==2'{print $2}'`
(py3) [root@jumpserver ~]# echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
 你的服务器IP是 192.168.1.128 
(py3) [root@jumpserver ~]# docker run --name jms_guacamole -d \
  -p 127.0.0.1:8081:8080 \
  -e JUMPSERVER_SERVER=http://${Server_IP}:8080 \
  -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
  -e GUACAMOLE_LOG_LEVEL=ERROR \
  jumpserver/jms_guacamole:v2.2.1

五、下载Lina组件

(py3) [root@jumpserver ~]# cd /opt/
(py3) [root@jumpserver opt]# wget https://github.com/jumpserver/lina/releases/download/2.0.1/lina.tar.gz
(py3) [root@jumpserver opt]# tar -xf lina.tar.gz
(py3) [root@jumpserver opt]# chown -R root:root lina

六、下载Luna组件

(py3) [root@jumpserver opt]# wget https://github.com/jumpserver/luna/releases/download/2.0.1/luna.tar.gz
(py3) [root@jumpserver opt]# tar -xf luna.tar.gz
(py3) [root@jumpserver opt]# chown -R root. luna

七、配置Nginx整合各组件

安装参考文章:Nginx安装配置

配置jumpserver需要站点nginx虚拟目录

cat > /usr/local/nginx/conf/vhost/web.jumpserver.com.conf << \EOF 
server {
    listen 80;      # 代理端口,以后将通过此端口进行访问,不再通过8080端口
    server_name jumpserver.server.com;
    root        /opt/lina;
    index       index.html;
    access_log /data/logs/nginx/jumpserver-access.log main;
    error_log  /data/logs/nginx/jumpserver-error.log error;
    client_max_body_size 100m;  # 录像及文件上传大小限制
 
    location /ui/ {
        try_files $uri / /index.html;
        alias /opt/lina/;
    }
 
    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }
 
    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }
 
    location /static/ {
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }
 
    location /koko/ {
        proxy_pass       http://localhost:5000;      # 如果coco安装在别的服务器,请填写它的ip
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }
 
    location /guacamole/ {
        proxy_pass       http://localhost:8081/;    # 如果guacamole安装在别的服务器,请填写它的ip
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }
 
    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
 
    location /api/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
 
    location /core/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
 
    location / {
        rewrite ^/(.*)$ /ui/$1 last;
    }
}
EOF

八、开始使用Jumpserver

浏览器访问 http://jumpserver.server.com/   默认账号:admin 密码:admin

如果登录客户端是 Linux ,登录语法如下
[root@jumpserver ~]# ssh -p2222 admin@192.168.1.128
The authenticity of host '[192.168.1.128]:2222 ([192.168.1.128]:2222)' can't be established.
RSA key fingerprint is SHA256:7MIlKcB9gqabJe/gOcmsdj60DG5eHzSKtHEEBtR3szc.
RSA key fingerprint is MD5:58:23:25:b7:84:3c:50:41:e8:78:40:54:b5:b6:0f:54.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.128]:2222' (RSA) to the list of known hosts.
admin@192.168.1.128's password: 
		Administrator,  欢迎使用Jumpserver开源堡垒机系统

	1) 输入 部分IP、主机名、备注 进行搜索登录(如果唯一).
	2) 输入 / + IP,主机名 or 备注 进行搜索,如:/192.168.
	3) 输入 p 进行显示您有权限的主机.
	4) 输入 g 进行显示您有权限的节点.
	5) 输入 d 进行显示您有权限的数据库.
	6) 输入 r 进行刷新最新的机器和节点信息.
	7) 输入 h 进行显示帮助.
	8) 输入 q 进行退出.
Opt> 

                                                                                                    ——没有激流就称不上进,没有山峰则谈不上攀登!

 
打赏
 本文转载自:网络 
所有权利归属于原作者,如文章来源标示错误或侵犯了您的权利请联系微信13520258486
更多>最近资讯中心
更多>最新资讯中心
0相关评论

推荐图文
推荐资讯中心
点击排行
最新信息
新手指南
采购商服务
供应商服务
交易安全
关注我们
手机网站:
新浪微博:
微信关注:

13520258486

周一至周五 9:00-18:00
(其他时间联系在线客服)

24小时在线客服