Shulou(Shulou.com)06/03 Report--

This article is to share with you a detailed introduction of the installation and deployment of the jumpserver fortress machine. I believe most people have not learned how to deploy it. In order to make you understand better, I have summarized the following content for you. Without saying much, let's move on.

I. Environmental preparation

System: CentOS 7 IP:192.168.20.3 Database: mariadb reverse Agent: nginx

Note: if the test environment, at least 4G memory, dual-core CPU.

Please download each source package I provided before doing the following.

First of all, set the environment font to Chinese, because the contents of the jumpserver log file will contain medium characters, which may be garbled if not supported.

[root@jumpserver ~] # localedef-c-f UTF-8-I zh_CN zh_CN.UTF-8 [root@jumpserver ~] # export LC_ALL=zh_CN.UTF-8 [root@jumpserver ~] # echo 'LC_ALL=zh_CN.UTF-8' > / etc/locale.conf

2. Configure the Python 3 environment

[root@jumpserver ~] # wget-O / etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo[root@jumpserver ~] # yum-y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git [root@jumpserver ~] # tar xf Python-3.6.1.tar.xz-C / usr/src [root@jumpserver ~] # cd / usr/src/Python-3.6.1/ [root@jumpserver Python-3.6.1] #. / configure & & make & & make install [root@jumpserver Python-3.6.1] # cd / opt [root@jumpserver opt] # python3-m venv py3 [root@jumpserver opt] # source / opt/py3/bin/activate # set up automatic loading of the py3 virtual environment (py3) [root@jumpserver opt] # unzip autoenv.zip (py3) [root@jumpserver opt] # echo "source / opt/autoenv/activate.sh" > > / root/.bashrc (py3) [root@jumpserver opt] # ~ / .bashrc

Third, install Jumpserver

(py3) [root@jumpserver opt] # unzip jumpserver.zip (py3) [root@jumpserver opt] # echo "source / opt/py3/bin/activate" > / opt/jumpserver/.env (py3) [root@jumpserver opt] # cd jumpserver/autoenv:autoenv: WARNING:autoenv: This is the first time you are about to source / opt/jumpserver/.env:autoenv:autoenv:-- (begin contents)- -autoenv: source / opt/py3/bin/activate$autoenv:autoenv:-- (end contents)-- autoenv:autoenv: Are you sure you want to allow this? Enter "y" here to automatically load the py3 environment (py3) [root@jumpserver jumpserver] # cd requirements/ (py3) [root@jumpserver requirements] # yum-y install $(cat rpm_requirements.txt) (py3) [root@jumpserver requirements] # pip install-- upgrade pip (py3) [root@jumpserver requirements] # pip install-r requirements.txt-I https://mirrors.aliyun.com/pypi/simple/

4. Install MySQL and Redis

# install MySQL (py3) [root@jumpserver requirements] # yum-y install mariadb* (py3) [root@jumpserver requirements] # systemctl start mariadb (py3) [root@jumpserver requirements] # mysqladmin-u root password 123.com (py3) [root@jumpserver requirements] # mysql-u root-p123.comMariaDB [(none)] > create database jumpserver default charset 'utf8'; MariaDB [(none)] > grant all on jumpserver.* to jumpserver@127.0.0.1 identified by' 123.com' # install Redis (py3) [root@jumpserver ~] # yum-y install redis (py3) [root@jumpserver ~] # systemctl start redis (py3) [root@jumpserver ~] # netstat-anput | grep 637 modify jumpserver configuration file (py3) [root@jumpserver ~] # cd / opt/jumpserver/ (py3) [root@jumpserver jumpserver] # cp config_example.yml config.yml # generate key token (py3) [root@jumpserver jumpserver] # SECRET_KEY= `cat / dev/ Urandom | tr-dc A-Za-z0-9 | head-c 50` (py3) [root@jumpserver jumpserver] # echo "SECRET_KEY=$SECRET_KEY" > ~ / .bashrc (py3) [root@jumpserver jumpserver] # BOOTSTRAP_TOKEN= `cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 16` (py3) [root@jumpserver jumpserver] # echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" > > ~ / .bashrc (py3) [root@jumpserver jumpserver] # sed-I "s/SECRET_KEY: / SECRET_KEY: $SECRET_KEY/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I" s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I" s DEBUG # DEBUG: true/DEBUG: false/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I" s Bank # LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I" s opt/jumpserver/config.yml # SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g "/ opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver] # sed-I" s/DB_PASSWORD: / DB_PASSWORD: 123.com/g "/ opt/jumpserver/config.yml (py3) [root @ jumpserver jumpserver] # echo-e "\ 033 [31m your SECRET_KEY is $SECRET_KEY\ 033 [0m" your SECRET_KEY is Z6bUvXTZRpc73pnRp4qNwn1eMWNYrgzbEWkVJqIVXc6cXfpKDU (py3) [root@jumpserver jumpserver] # echo-e "\ 033 [31m your BOOTSTRAP_TOKEN is $BOOTSTRAP_TOKEN\ 033 [0m" your BOOTSTRAP_TOKEN is aGXZtXKnhP3StNA3 (py3) [root@jumpserver jumpserver] # egrep-v'^ $| ^ # 'config.yml # make sure the configuration file is modified SECRET_KEY: jS1ph0yvliBHdMV7YopAkBrEdIkZ3DjAq6HsftIPpQriNNBO2kBOOTSTRAP_TOKEN: fUXgq00wg6XCD5lpDEBUG: FalseLOG_LEVEL: ERRORSESSION_EXPIRE_AT_BROWSER_CLOSE: trueDB_ENGINE: mysqlDB_HOST: 127.0.0.1DB_PORT: 3306DB_USER: jumpserverDB_PASSWORD: jumpserverHTTP_BIND_HOST: 0.0.0.0HTTP_LISTEN_PORT: 8080REDIS_HOST: 127.0.0.1REDIS_PORT: 6379 (py3) [root@jumpserver jumpserver]. / jms start all-d # launch jumpserver (py3) [root@jumpserver jumpserver] # netstat-anpt | grep 8080tcp 0 0 0.0.0.0 8080 0.0.0.015 * LISTEN 17420/python3

Install and configure coco components

(py3) [root@jumpserver opt] # unzip coco.zip (py3) [root@jumpserver opt] # cd coco (py3) [root@jumpserver coco] # echo "source / opt/py3/bin/activate" > / opt/coco/.env (py3) [root@jumpserver coco] # cd requirements/autoenv:autoenv: WARNING:autoenv: This is the first time you are about to source / opt/coco/.env:autoenv:autoenv:-- (begin contents)- -- autoenv: source / opt/py3/bin/activate$autoenv:autoenv:-(end contents)-- autoenv:autoenv: Are you sure you want to allow this? Enter "y" (py3) [root@jumpserver requirements] # yum-y install $(cat rpm_requirements.txt) (py3) [root@jumpserver requirements] # pip install-r requirements.txt# modify the configuration file (py3) [root@jumpserver requirements] # cd.. (py3) [root@jumpserver coco] # cp config_example.yml config.yml (py3) [root@jumpserver coco] # echo-e "\ 033 [31m your BOOTSTRAP_TOKEN Is $BOOTSTRAP_TOKEN\ 033 [0m "# check the value of BOOTSTRAP_TOKEN and your BOOTSTRAP_TOKEN is fUXgq00wg6XCD5lp # Note When executing the following command You need to modify the value to be checked out by yourself: (py3) [root@jumpserver coco] # sed-I 's/BOOTSTRAP_TOKEN: / BOOTSTRAP_TOKEN: fUXgq00wg6XCD5lp/g' config.yml (py3) [root@jumpserver coco] # sed-I's use # LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g' config.yml (py3) [root@jumpserver coco] # egrep-v' ^ $| ^ # 'config.yml # determine the modified configuration file CORE_ HOST: http://127.0.0.1:8080BOOTSTRAP_TOKEN: fUXgq00wg6XCD5lpLOG_LEVEL: ERROR# background launch coco (py3) [root@jumpserver coco] #. / cocod start-d

6. Install guacamole and luna

This is deployed as a docker container. # deploy docker environment (py3) [root@jumpserver ~] # yum install-y yum-utils device-mapper-persistent-data lvm2 (py3) [root@jumpserver ~] # yum-config-manager-- add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo(py3) [root@jumpserver ~] # yum makecache fast (py3) [root@jumpserver ~] # yum- y install docker-ce (py3) [root@jumpserver ~] # Systemctl start docker (py3) [root@jumpserver ~] # docker load-- input guacamole.tar# launch Container (py3) [root@jumpserver ~] # docker run-- name jms_guacamole-d-p 8081 JUMPSERVER_KEY_DIR=/config/guacamole/key 8080-v / opt/guacamole/key:/config/guacamole/key-e JUMPSERVER_KEY_DIR=/config/guacamole/key-e JUMPSERVER_SERVER= jumpserver/guacamole:latest (py3) [root@jumpserver ~] # netstat- Anput | grep 8081 # make sure the port is listening to tcp6 0 0:: 8081: * LISTEN 19162/docker-proxy (py3) [root@jumpserver ~] # tar zxf luna.tar.gz-C / opt/ # decompress luna to / opt

7. Install Nginx

(py3) [root@jumpserver /] # tar zxf nginx-1.2.4.tar.gz-C / usr/src (py3) [root@jumpserver /] # cd / usr/src/nginx-1.2.4/ (py3) [root@jumpserver nginx-1.2.4]. / configure-- prefix=/usr/local/nginx & & make & & make install (py3) [root@jumpserver nginx-1.2.4] # ln-sf / usr/local/nginx/sbin / nginx/ usr/local/bin/ (py3) [root@jumpserver nginx-1.2.4] # cd / usr/local/nginx/conf/ (py3) [root@jumpserver conf] # mv nginx.conf nginx.conf.bak (py3) [root@jumpserver conf] # rz # upload the Nginx configuration file (py3) [root@jumpserver conf] # ls provided by me | grep nginx.confnginx.conf # this file nginx is found in the link to the network disk at the beginning of the blog post .conf.baknginx.conf.default (py3) [root@jumpserver conf] # nginx-t # confirm that the Nginx configuration is correct nginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful (py3) [root@jumpserver conf] # nginx # launch Nginx

VIII. Client access testing

Visit the IP address of the Nginx server to see the login page (the default user name and password are "admin"):

1. Create a user

2. Create an administrative user

3. Create a system user

Try to use root as the user name and choose to log in manually, which is used to connect to the back-end assets.

4. Create assets

I started a host with an IP of 192.168.20.4 as a back-end asset for testing.

5. Create authorization rules

6. Connect the back-end asset test

After reading the above, have you mastered the method of installing and deploying the jumpserver fortress machine? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.