热门标签
热门文章
- 1编程练习的网站_pintia.cn
- 2如何用C语言封装 C++的类,在 C里面使用_c++ 将类封装 extern "c
- 3ssm中ajax传值实例_ssm body传参
- 4Spring 事务和事务传播机制
- 5数学建模-线性规划_用数字模型解线性规划问题
- 6java自动化将用例和截图一起执行测试放入world中直接生成测试报告【搬代码】
- 7[技术经理]01 程序员最优的成长之路是什么?_程序员升级之路
- 8Mongodb启动失败相关问题解决最全
- 9pip install 报错: Microsoft Visual C++ 14.0 is required (10M安装包,5分钟解决)_pip 需要visual studio
- 10K8S之configMap&secret
当前位置: article > 正文
《实战应用-堡垒机》Linux部署JumpServer堡垒机_linux中部署jumperserver
作者:知新_RL | 2024-02-08 16:28:20
赞
踩
linux中部署jumperserver
Linux部署JumpServer堡垒机
一、堡垒机介绍
堡垒机,即为在特定的网络环境下,针对主机、数据库、网络设备等运维权限、运维行为进行管理和审计的工具。从而保障网络和数据不受外部和内部用户的入侵和破坏,避免主机账号服用、数据泄露、运维权限混乱、运维过程不透明等。而通过堡垒机可以对运维行为进行阻断和控制,所有运维、开发人员对服务器的登录、命令、文件传输等都必须是合法,否则就会被阻断。
- 1
1.运维人员在运维端连接堡垒机,向堡垒机发送请求
2.堡垒机向目标端发送请求,并将结果返回给运维端
- 1
- 2
- 3
二、堡垒机部署
1.下载解压
1.1 创建目录
## 创建目录
[root@hadoop apps]# mkdir JumpServer
[root@hadoop apps]# cd JumpServer/
- 1
- 2
- 3
1.2.下载jumpserver压缩包
## 下载jumpserver压缩包
[root@hadoop JumpServer]# wget https://github.com/jumpserver/installer/releases/download/v2.21.0/jumpserver-installer-v2.21.0.tar.gz
--2022-06-21 21:37:48--
.......
2022-06-21 21:37:51 (81.9 KB/s) - ‘jumpserver-installer-v2.21.0.tar.gz’ saved [45558/45558]
## 查看下载结果
[root@hadoop JumpServer]# ls
jumpserver-installer-v2.21.0.tar.gz
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
1.3.解压
## 解压
## tar -zxvf **.tar.gz -C [解压目录]
[root@hadoop JumpServer]# tar -zxvf jumpserver-installer-v2.21.0.tar.gz -C ./
## 查看解压结果
[root@hadoop JumpServer]# ls
jumpserver-installer-v2.21.0 jumpserver-installer-v2.21.0.tar.gz
- 1
- 2
- 3
- 4
- 5
- 6
2.配置文件
config-example.txt配置文件,可根据需要调整,如果没有明确的需求,可以默认不变
[root@hadoop jumpserver-installer-v2.21.0]# vim config-example.txt # 以下设置如果为空系统会自动生成随机字符串填入 ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置 ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/ ## 安装配置, 可以使用华为云加速下载, arm64 用户需要注释掉 DOCKER_IMAGE_PREFIX # DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com VOLUME_DIR=/opt/jumpserver DOCKER_DIR=/var/lib/docker SECRET_KEY= BOOTSTRAP_TOKEN= LOG_LEVEL=ERROR ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息 USE_EXTERNAL_MYSQL=0 DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD= DB_NAME=jumpserver ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置 Redis, 请输入正确的 Redis 信息 USE_EXTERNAL_REDIS=0 REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD= ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer COMPOSE_PROJECT_NAME=jms COMPOSE_HTTP_TIMEOUT=3600 DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效 USE_IPV6=0 DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64 ## 访问配置 HTTP_PORT=80 SSH_PORT=2222 MAGNUS_MYSQL_PORT=33060 MAGNUS_MARIADB_PORT=33061 ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置 # USE_LB=1 # HTTPS_PORT=443 # SERVER_NAME=your_domain_name # SSL_CERTIFICATE=your_cert # SSL_CERTIFICATE_KEY=your_cert_key ## Nginx 文件上传大小 CLIENT_MAX_BODY_SIZE=4096m ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启 USE_TASK=1 ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效 USE_XPACK=0 RDP_PORT=3389 MAGNUS_POSTGRE_PORT=54320 ## Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期 # SESSION_COOKIE_AGE=86400 SESSION_EXPIRE_AT_BROWSER_CLOSE=true ## Koko Lion XRDP 组件配置 CORE_HOST=http://core:8080 JUMPSERVER_ENABLE_FONT_SMOOTHING=true TCP_SEND_BUFFER_BYTES=4194304 TCP_RECV_BUFFER_BYTES=6291456 ## 终端使用宿主 HOSTNAME 标识 SERVER_HOSTNAME=${HOSTNAME} ## 额外的配置 CURRENT_VERSION=
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
3.安装
3.1 安装
[root@hadoop jumpserver-installer-v2.21.0]# ls compose config-example.txt config_init jmsctl.sh LICENSE locale quick_start.sh README.md scripts static.env utils ## 安装 [root@hadoop jumpserver-installer-v2.21.0]# ./jmsctl.sh install ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ Version: v2.21.0 1. 检查配置文件 配置文件位置: /opt/jumpserver/config /opt/jumpserver/config/config.txt [ √ ] /opt/jumpserver/config/nginx/cert/server.crt [ √ ] /opt/jumpserver/config/nginx/cert/server.key [ √ ] 完成 >>> 安装配置 Docker 1. 安装 Docker 开始下载 Docker Compose 程序 ... 完成 2. 配置 Docker 是否需要支持 IPv6? (y/n) (默认为 n): y 完成 3. 启动 Docker 完成 >>> 加载 Docker 镜像 [jumpserver/redis:6-alpine] 6-alpine: Pulling from jumpserver/redis Digest: sha256:8300b885570faad626e569e7b8cfef3407c87050d705ff26e243200cb3f84da8 Status: Image is up to date for jumpserver/redis:6-alpine docker.io/jumpserver/redis:6-alpine [jumpserver/mysql:5] 5: Pulling from jumpserver/mysql Digest: sha256:24fe4f4aaf4dd86920612aa925693da731dd35e6ab2146b860c8a2b3b750bd58 Status: Image is up to date for jumpserver/mysql:5 docker.io/jumpserver/mysql:5 [jumpserver/web:v2.21.0] v2.21.0: Pulling from jumpserver/web Digest: sha256:1fdbb613c610b1a9131d586716a98d8655fe7022b2ef9376aca35601b3f7a697 Status: Image is up to date for jumpserver/web:v2.21.0 docker.io/jumpserver/web:v2.21.0 [jumpserver/core:v2.21.0] v2.21.0: Pulling from jumpserver/core Digest: sha256:9d71ab8155c80f30af2c29ed4c93b738a2f05589259e5f3f06a111aaae8f44b8 Status: Image is up to date for jumpserver/core:v2.21.0 docker.io/jumpserver/core:v2.21.0 [jumpserver/koko:v2.21.0] v2.21.0: Pulling from jumpserver/koko Digest: sha256:32636524d6395ef645dc931cebd83f1617417786f32ef7537d07d14920ce7454 Status: Image is up to date for jumpserver/koko:v2.21.0 docker.io/jumpserver/koko:v2.21.0 [jumpserver/lion:v2.21.0] v2.21.0: Pulling from jumpserver/lion Digest: sha256:0c0c4ebacf2641843bebd34493d0b53813e51c5d6bbeda2fc2d2c3771739e8d4 Status: Image is up to date for jumpserver/lion:v2.21.0 docker.io/jumpserver/lion:v2.21.0 [jumpserver/magnus:v2.21.0] v2.21.0: Pulling from jumpserver/magnus Digest: sha256:edee98923b5fc3081aa49f66ce045c087ed6467764b88ba2478d5fe471c92bba Status: Image is up to date for jumpserver/magnus:v2.21.0 docker.io/jumpserver/magnus:v2.21.0 完成 >>> 安装配置 JumpServer 1. 配置加密密钥 SECRETE_KEY: Mjg2MjRkNTYtYmFkNi04ZWU0LTNkYjQtYzI0MDdlNTM3NDZk BOOTSTRAP_TOKEN: Mjg2MjRkNTYtYmFkNi04ZWU0 完成 2. 配置持久化目录 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): y 修改日志录像等持久化的目录,可以找个最大的磁盘,并创建目录,如 /data/jumpserver 注意:安装后不能更改,否则数据库可能会丢失 文件系统 容量 已用 可用 已用% 挂载点 持久化存储目录 (默认为 /opt/jumpserver): 完成 3. 配置 MySQL 是否使用外部 MySQL? (y/n) (默认为 n): n 完成 4. 配置 Redis 是否使用外部 Redis? (y/n) (默认为 n): n 完成 5. 配置对外端口 是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n): y JumpServer web 端口 (默认为 80): 80 JumpServer ssh 端口 (默认为 2222): 2222 完成 6. 初始化数据库 Recreating jms_redis ... done Recreating jms_mysql ... done Creating jms_core ... done 2022-06-22 15:16:22 Collect static files 2022-06-22 15:16:23 Collect static files done 2022-06-22 15:16:23 Check database structure change ... 2022-06-22 15:16:23 Migrate model change to database ... Operations to perform: ...... After migration, update builtin role permissions 完成 >>> 安装完成了
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
3.2 相关信息
1. 可以使用如下命令启动, 然后访问 cd /opt/apps/JumpServer/jumpserver-installer-v2.21.0 ./jmsctl.sh start 2. 其它一些管理命令 ./jmsctl.sh stop ./jmsctl.sh restart ./jmsctl.sh backup ./jmsctl.sh upgrade 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解 3. Web 访问 http://192.168.130.100:80 默认用户: admin 默认密码: admin 4. SSH/SFTP 访问 ssh -p2222 admin@192.168.130.100 sftp -P2222 admin@192.168.130.100 5. 更多信息 我们的官网: https://www.jumpserver.org/ 我们的文档: https://docs.jumpserver.org/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
4.启动
## 启动 [root@hadoop jumpserver-installer-v2.21.0]# ./jmsctl.sh start jms_redis is up-to-date jms_mysql is up-to-date Creating jms_core ... done Creating jms_magnus ... done Creating jms_web ... done Creating jms_celery ... done Creating jms_koko ... done Creating jms_lion ... done [root@hadoop jumpserver-installer-v2.21.0]# jps 52540 Jps ## 查看启动 [root@hadoop jumpserver-installer-v2.21.0]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea1b07d56bd0 jumpserver/lion:v2.21.0 "./entrypoint.sh" 8 minutes ago Up 8 minutes (healthy) 4822/tcp jms_lion 0d9aae5691b6 jumpserver/koko:v2.21.0 "./entrypoint.sh" 8 minutes ago Up 8 minutes (healthy) 0.0.0.0:2222->2222/tcp, :::2222->2222/tcp, 5000/tcp jms_koko d14d41735f58 jumpserver/core:v2.21.0 "./entrypoint.sh sta…" 8 minutes ago Up 8 minutes (healthy) 8070/tcp, 8080/tcp jms_celery 28a1a3a74bff jumpserver/web:v2.21.0 "/docker-entrypoint.…" 8 minutes ago Up 8 minutes (healthy) 0.0.0.0:80->80/tcp, :::80->80/tcp jms_web be94f6bc955e jumpserver/magnus:v2.21.0 "./entrypoint.sh" 8 minutes ago Up 8 minutes (healthy) 0.0.0.0:33060-33061->33060-33061/tcp, :::33060-33061->33060-33061/tcp, 54320/tcp jms_magnus 9f1876ad1619 jumpserver/core:v2.21.0 "./entrypoint.sh sta…" 10 minutes ago Up 10 minutes (healthy) 8070/tcp, 8080/tcp jms_core c936c7049a12 jumpserver/redis:6-alpine "docker-entrypoint.s…" 22 minutes ago Up 22 minutes (healthy) 6379/tcp jms_redis 7853d7626adb jumpserver/mysql:5 "docker-entrypoint.s…" 23 minutes ago Up 23 minutes (healthy) 3306/tcp, 33060/tcp jms_mysql 39ed40f4c722 portainer/portainer "/portainer" 5 months ago Up About an hour 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp prtainer-test
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
5.关闭
[root@hadoop jumpserver-installer-v2.21.0]# ./jmsctl.sh stop
Stopping jms_core ... done
Stopping jms_koko ... done
Stopping jms_lion ... done
Stopping jms_magnus ... done
Stopping jms_web ... done
Stopping jms_celery ... done
Removing jms_core ... done
Removing jms_koko ... done
Removing jms_lion ... done
Removing jms_magnus ... done
Removing jms_web ... done
Removing jms_celery ... done
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
三、堡垒机登录使用
Web 访问
http://192.168.130.100:80
默认用户: admin 默认密码: admin
使用默认密码登录后,需要重新设置密码即可
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/知新_RL/article/detail/70039
推荐阅读
相关标签
