Skip to content

J
jumpserver
Unverified Commit 3d3428dd authored by wojiushixiaobai's avatar wojiushixiaobai Committed by GitHub
Browse files
Options

Merge pull request #1955 from wojiushixiaobai/docs 

[Update]更新文档
parents c5728404 98a2957e
Hide whitespace changes
Inline Side-by-side
Showing with 173 additions and 115 deletions
docs/distributed_01.rst
View file @ 3d3428dd
......@@ -17,16 +17,7 @@
- Nginx 代理 IP: 192.168.100.100
数据库服务器运行 mariadb 服务
Jumpserver 服务器运行 jumpserver、redis 服务
Coco 服务器运行 coco 服务
Guacamole 服务器运行 docker 服务
Nginx 代理服务器运行 nginx 服务,注意 upstream 的负载模式,需要解决 session 问题
Nginx 多组件注意 upstream 的负载模式,需要解决 session 问题
安全
~~~~~~~
......
docs/distributed_06.rst
View file @ 3d3428dd
......@@ -23,19 +23,56 @@
# 安装依赖包
$ yum install -y yum-utils device-mapper-persistent-data lvm2
# 设置 selinux 策略
$ chcon -Rt svirt_sandbox_file_t /opt/guacamole/key
# 安装 docker(192.168.100.100 是 jumpserver 的 url 地址)
$ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ yum makecache fast
$ yum install docker-ce
$ systemctl start docker
$ docker run --name jms_guacamole -d \
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://192.168.100.100 \
jumpserver/guacamole:latest
# 设置 selinux 与 防火墙
$ setenforce 0
$ sed -i "s/enforcing/disabled/g" `grep enforcing -rl /etc/selinux/config`
$ firewall-cmd --zone=public --add-port=8081/tcp --permanent
$ firewall-cmd --reload
$ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
$ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
$ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
$ yum install -y git gcc java-1.8.0-openjdk libtool
$ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
$ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
$ cd /opt
$ git clone https://github.com/jumpserver/docker-guacamole.git
$ cd /opt/docker-guacamole/
$ tar -xf guacamole-server-0.9.14.tar.gz
$ cd guacamole-server-0.9.14
$ autoreconf -fi
$ ./configure --with-init-dir=/etc/init.d
$ make && make install
$ cd ..
$ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
$ ldconfig
$ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions # 创建 guacamole 目录
$ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
$ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/ # guacamole 配置文件
$ cd /config
$ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
$ tar xf apache-tomcat-8.5.34.tar.gz
$ rm -rf apache-tomcat-8.5.34.tar.gz
$ mv apache-tomcat-8.5.34 tomcat8
$ rm -rf /config/tomcat8/webapps/*
$ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war # guacamole client
$ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml` # 修改默认端口为 8081
$ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties` # 修改 log 等级为 WARNING
$ export JUMPSERVER_SERVER=http://192.168.100.100 # 192.168.100.100 指 jumpserver 访问地址
$ echo "export JUMPSERVER_SERVER=192.168.100.100" >> ~/.bashrc
$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
$ export GUACAMOLE_HOME=/config/guacamole
$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
$ /etc/init.d/guacd start
$ sh /config/tomcat8/bin/startup.sh
# 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
......
docs/setup_by_centos7.rst
View file @ 3d3428dd
......@@ -33,9 +33,8 @@ CentOS 7 安装文档
$ firewall-cmd --reload # 重新载入规则
$ setsebool -P httpd_can_network_connect 1 # 设置 selinux 允许 http 访问
$ mkdir -p /opt/guacamole/key
$ chcon -Rt svirt_sandbox_file_t /opt/guacamole/key # 设置 selinux 允许容器对目录读写
$ setenforce 0
$ sed -i "s/enforcing/disabled/g" `grep enforcing -rl /etc/selinux/config`
# 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文
$ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
......@@ -307,13 +306,41 @@ CentOS 7 安装文档
$ chown -R root:root luna
# 安装 Windows 支持组件(如果不需要管理 windows 资产,可以直接跳过这一步)
$ yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine
$ yum install -y yum-utils device-mapper-persistent-data lvm2
$ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ yum makecache fast
$ yum install docker-ce
$ systemctl start docker
$ docker pull jumpserver/guacamole:latest
$ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
$ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
$ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
$ yum install -y git gcc java-1.8.0-openjdk libtool
$ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
$ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
$ cd /op
$ git clone https://github.com/jumpserver/docker-guacamole.git
$ cd /opt/docker-guacamole/
$ tar -xf guacamole-server-0.9.14.tar.gz
$ cd guacamole-server-0.9.14
$ autoreconf -fi
$ ./configure --with-init-dir=/etc/init.d
$ make && make install
$ cd ..
$ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
$ ldconfig
$ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions # 创建 guacamole 目录
$ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
$ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/ # guacamole 配置文件
$ cd /config
$ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
$ tar xf apache-tomcat-8.5.34.tar.gz
$ rm -rf apache-tomcat-8.5.34.tar.gz
$ mv apache-tomcat-8.5.34 tomcat8
$ rm -rf /config/tomcat8/webapps/*
$ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war # guacamole client
$ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml` # 修改默认端口为 8081
$ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties` # 修改 log 等级为 WARNING
$ export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址
$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
$ export GUACAMOLE_HOME=/config/guacamole
$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
::
......@@ -398,13 +425,8 @@ CentOS 7 安装文档
# 新版本更新了运行脚本,使用方式./cocod start|stop|status|restart 后台运行请添加 -d 参数
# 运行 Guacamole
# 注意:这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.244.144:8080 或 http://192.168.244.144 不能使用 127.0.0.1
$ docker run --name jms_guacamole -d \
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://<填写jumpserver的url地址> \
jumpserver/guacamole:latest
# docker 重启容器的方法docker restart jms_guacamole
$ /etc/init.d/guacd start
$ sh /config/tomcat8/bin/startup.sh
# 运行 Nginx
$ nginx -t # 确保配置没有问题, 有问题请先解决
......
docs/setup_by_ubuntu.rst
View file @ 3d3428dd
......@@ -379,40 +379,55 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
五. 安装 Windows 支持组件(如果不需要管理 windows 资产,可以直接跳过这一步)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
因为手动安装 guacamole 组件比较复杂,这里提供打包好的 docker 使用, 启动 guacamole
::
# 安装 docker 参考官方教程 https://docs.docker.com/install/linux/docker-ce/ubuntu/
# apt-get install linux-image-extra-$(uname -r) linux-image-extra-virtual # Ubuntu 14.04 需要先执行这一行
$ apt-get remove docker docker-engine docker.io
$ apt-get install apt-transport-https ca-certificates curl software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
## 如果 docker 官网无法下载可以使用国内其他镜像源(以阿里云为例)
# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
$ apt-get update
$ apt-get install docker-ce
$ apt-get -y install libtool autoconf
$ apt-get -y install libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev
$ apt-get -y install libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev
$ apt-get -y install default-jre
$ apt-get -y install default-jdk
# 注意:这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.244.144:8080 或者 http://192.168.244.144 不能使用 127.0.0.1 ,可以更换 registry.jumpserver.org/public/guacamole:latest
$ docker run --name jms_guacamole -d \
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://<填写jumpserver的url地址> \
jumpserver/guacamole:latest
$ cd /opt
$ git clone https://github.com/jumpserver/docker-guacamole.git
$ cd docker-guacamole
$ tar xf guacamole-server-0.9.14.tar.gz
$ cd guacamole-server-0.9.14
$ autoreconf -fi
$ ./configure --with-init-dir=/etc/init.d
$ make && make install
$ cd ..
$ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14 \
$ ldconfig
$ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions # 创建 guacamole 目录
$ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/
$ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/ # guacamole 配置文件
$ cd /config
$ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
$ tar xf apache-tomcat-8.5.34.tar.gz
$ rm -rf apache-tomcat-8.5.34.tar.gz
$ mv apache-tomcat-8.5.34 tomcat8
$ rm -rf /config/tomcat8/webapps/*
$ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war # guacamole client
$ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml` # 修改默认端口为 8081
$ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties` # 修改 log 等级为 WARNING
$ export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址
$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
$ export GUACAMOLE_HOME=/config/guacamole
$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
$ /etc/init.d/guacd restart
$ sh /config/tomcat8/bin/startup.sh
这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义一下。
启动成功后去 Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册,如果页面显示不正常可以等部署完成后再处理
六. 配置 Nginx 整合各组件
~~~~~~~~~~~~~~~~~~~~~~~~~
......@@ -503,20 +518,6 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
6.4 开始使用 Jumpserver
检查应用是否已经正常运行
::
$ cd /opt/jumpserver
$ ./jms status # 确定jumpserver已经运行,如果没有运行请重新启动jumpserver
$ cd /opt/coco
$ ./cocod status # 确定jumpserver已经运行,如果没有运行请重新启动coco
# 如果安装了 Guacamole
$ docker ps # 检查容器是否已经正常运行,如果没有运行请重新启动Guacamole
服务全部启动后,访问 http://192.168.244.144
默认账号: admin 密码: admin
......
docs/step_by_step.rst
View file @ 3d3428dd
......@@ -415,45 +415,52 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
五. 安装 Windows 支持组件(如果不需要管理 windows 资产,可以直接跳过这一步)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
因为手动安装 guacamole 组件比较复杂,这里提供打包好的 docker 使用, 启动 guacamole
5.1 Docker安装 (仅针对CentOS7,CentOS6安装Docker相对比较复杂)
::
$ yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine
$ yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加docker官方源
$ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ yum makecache fast
$ yum install docker-ce
# 国内部分用户可能无法连接docker官网提供的源,这里提供阿里云的镜像节点供测试使用
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ rpm --import http://mirrors.aliyun.com/docker-ce/linux/centos/gpg
$ yum makecache fast
$ yum -y install docker-ce
$ systemctl start docker
$ systemctl status docker
$ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
$ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
$ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
5.2 启动 Guacamole
$ yum install -y git gcc java-1.8.0-openjdk libtool
$ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
$ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义
.. code:: shell
# 注意:这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.244.144, 否则会出错, 带宽有限, 下载时间可能有点长,可以喝杯咖啡,撩撩对面的妹子
# 不能使用 127.0.0.1 ,可以更换 registry.jumpserver.org/public/guacamole:latest
$ docker run --name jms_guacamole -d \
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://<填写jumpserver的url地址> \
jumpserver/guacamole:latest
$ cd /opt
$ git clone https://github.com/jumpserver/docker-guacamole.git
$ cd /opt/docker-guacamole/
$ tar -xf guacamole-server-0.9.14.tar.gz
$ cd guacamole-server-0.9.14
$ autoreconf -fi
$ ./configure --with-init-dir=/etc/init.d
$ make && make install
$ cd ..
$ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
$ ldconfig
$ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions # 创建 guacamole 目录
$ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
$ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/ # guacamole 配置文件
$ cd /config
$ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
$ tar xf apache-tomcat-8.5.34.tar.gz
$ rm -rf apache-tomcat-8.5.34.tar.gz
$ mv apache-tomcat-8.5.34 tomcat8
$ rm -rf /config/tomcat8/webapps/*
$ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war # guacamole client
$ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml` # 修改默认端口为 8081
$ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties` # 修改 log 等级为 WARNING
$ export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址
$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
$ export GUACAMOLE_HOME=/config/guacamole
$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
$ /etc/init.d/guacd start
$ sh /config/tomcat8/bin/startup.sh
启动成功后去Jumpserver 会话管理-终端管理(http://192.168.244.144:8080/terminal/terminal/)接受[Gua]开头的一个注册
......@@ -563,7 +570,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
$ ./cocod status # 确定jumpserver已经运行,如果没有运行请重新启动coco
# 如果安装了 Guacamole
$ docker ps # 检查容器是否已经正常运行,如果没有运行请重新启动Guacamole
$ systemctl status tomcat # 检查容器是否已经正常运行,如果没有运行请重新启动Guacamole
服务全部启动后,访问 http://192.168.244.144,访问nginx代理的端口,不要再通过8080端口访问
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment