[Update]更新文档

5400c2b8 · wojiushixiaobai · cd029537 · 5400c2b8 · 5400c2b8 · 5400c2b8
Commit 5400c2b8 authored Jan 09, 2019 by wojiushixiaobai
20 changed files
--- a/docs/_static/img/ldap_setting.jpg
+++ b/docs/_static/img/ldap_setting.jpg
--- a/docs/admin_create_asset.rst
+++ b/docs/admin_create_asset.rst
@@ -39,6 +39,8 @@
    # DN 和 OU 一定要完整(如 "DN:cn=Manage,ou=Jumpserver,dc=jumpserver,ou=org")
    # 注：可借用第三方 gui 工具查看 ldap 用户的属性,新版本已经支持中文名登录,即cn=中文也可正常使用
+.. image:: _static/img/ldap_setting.jpg
 参考 `LDAP 使用说明 <faq_ldap.html>`_
 **1.4 终端设置**

--- a/docs/distributed_02.rst
+++ b/docs/distributed_02.rst
@@ -59,7 +59,7 @@
    # 下载 luna
    $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna

--- a/docs/distributed_05.rst
+++ b/docs/distributed_05.rst
@@ -58,70 +58,45 @@
    # 修改 jumpserver 配置文件
    $ cd /opt/jumpserver
-    $ cp config_example.py config.py
+    $ cp config_example.yml config.yml
-    $ vi config.py
-    # 注意对齐,不要直接复制本文档的内容,实际内容以文件为准,本文仅供参考
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
-.. code-block:: python
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
-    """
+    $ vi config.yml
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
-        Jumpserver project setting file
+.. code-block:: yaml
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
    # SECURITY WARNING: keep the secret key used in production secret!
    # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+    SECRET_KEY:
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
    # SECURITY WARNING: keep the bootstrap token used in production secret!
    # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
    # Development env open this, when error occur display the full process track, Production disable it
    # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
+    DEBUG: false
-        DEBUG = False
    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
    # 日志级别
-        # LOG_LEVEL = 'DEBUG'
+    LOG_LEVEL: ERROR
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    # LOG_DIR:
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
    # Session expiration setting, Default 24 hour, Also set expired on on browser close
    # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
+    # SESSION_COOKIE_AGE: 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
    # Database setting, Support sqlite3, mysql, postgres ....
    # 数据库设置
@@ -129,62 +104,45 @@
    # SQLite setting:
    # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
+    # DB_ENGINE: sqlite3
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_NAME:
    # MySQL or postgres setting like:
    # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
+    DB_ENGINE: mysql
-        DB_HOST = '127.0.0.1'
+    DB_HOST: 127.0.0.1
-        DB_PORT = 3306
+    DB_PORT: 3306
-        DB_USER = 'jumpserver'
+    DB_USER: jumpserver
-        DB_PASSWORD = 'weakPassword'
+    DB_PASSWORD: 你的数据库密码
-        DB_NAME = 'jumpserver'
+    DB_NAME: jumpserver
    # When Django start it will bind this host and port
    # ./manage.py runserver 127.0.0.1:8080
    # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
+    HTTP_BIND_HOST: 0.0.0.0
-        HTTP_LISTEN_PORT = 8080
+    HTTP_LISTEN_PORT: 8080
    # Use Redis as broker for celery and web socket
    # Redis配置
-        REDIS_HOST = '127.0.0.1'
+    REDIS_HOST: 127.0.0.1
-        REDIS_PORT = 6379
+    REDIS_PORT: 6379
-        # REDIS_PASSWORD = ''
+    # REDIS_PASSWORD:
-        # REDIS_DB_CELERY_BROKER = 3
+    # REDIS_DB_CELERY: 3
-        # REDIS_DB_CACHE = 4
+    # REDIS_DB_CACHE: 4
    # Use OpenID authorization
    # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
+    # BASE_SITE_URL: http://localhost:8080
-        # AUTH_OPENID = False  # True or False
+    # AUTH_OPENID: false  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
+    # AUTH_OPENID_REALM_NAME: realm-name
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
+    # AUTH_OPENID_CLIENT_ID: client-id
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
-        def __init__(self):
+    # OTP settings
-            pass
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
-        def __getattr__(self, item):
+    # OTP_ISSUER_NAME: Jumpserver
-            return None
-    class DevelopmentConfig(Config):
-        pass
-    class TestConfig(Config):
-        pass
-    class ProductionConfig(Config):
-        pass
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
 .. code-block:: nginx

--- a/docs/distributed_06.rst
+++ b/docs/distributed_06.rst
@@ -47,8 +47,8 @@
        -p 2222:2222 \
        -p 5000:5000 \
        -e CORE_HOST=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
+        -e BOOTSTRAP_TOKEN=你的token \
-        jumpserver/jms_coco:1.4.6
+        jumpserver/jms_coco:1.4.7
    # 访问 http://192.168.100.100/terminal/terminal/ 检查 coco 注册
@@ -66,7 +66,7 @@
        -p 2223:2222 \
        -p 5001:5000 \
        -e CORE_HOST=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
+        -e BOOTSTRAP_TOKEN=你的token \
-        jumpserver/jms_coco:1.4.6
+        jumpserver/jms_coco:1.4.7
    # 访问 http://192.168.100.100/terminal/terminal/ 检查 coco 注册
--- a/docs/distributed_07.rst
+++ b/docs/distributed_07.rst
@@ -47,8 +47,8 @@
        -p 8081:8081 \
        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
        -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
+        -e BOOTSTRAP_TOKEN=你的token \
-        jumpserver/jms_guacamole:1.4.6
+        jumpserver/jms_guacamole:1.4.7
    # 访问 http://192.168.100.100/terminal/terminal/ 检查 guacamole 注册
@@ -64,7 +64,7 @@
        -p 8082:8081 \
        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
        -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
+        -e BOOTSTRAP_TOKEN=你的token \
-        jumpserver/jms_guacamole:1.4.6
+        jumpserver/jms_guacamole:1.4.7
    # 访问 http://192.168.100.100/terminal/terminal/ 检查 guacamole 注册
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -83,7 +83,7 @@ FAQ
 .. code-block:: shell
-    $ vi /opt/coco/conf.py
+    $ vi /opt/coco/conf.yml
    # 把 SSH_TIMEOUT = 15 修改成你想要的数字 单位为：秒
    SSH_TIMEOUT = 60
@@ -92,7 +92,7 @@ FAQ
 .. code-block:: shell
-    $ vi /opt/jumpserver/config.py
+    $ vi /opt/jumpserver/config.yml
 .. code-block:: python

--- a/docs/faq_install.rst
+++ b/docs/faq_install.rst
@@ -36,11 +36,11 @@
    # 如果是 Mariadb 大于 10 版本
    $ yum install MariaDB-shared
-6. sh make_migrations.sh 时报错 from config import config as CONFIG File "/opt/jumpserver/config.py", line 38
+6. sh make_migrations.sh 时报错 from config import config as CONFIG File "/opt/jumpserver/config.yml", line 38
 .. code-block:: vim
-    # 这是由于 config.py 里面的内容格式不对,请参考安装文档的说明,把提示的内容与上一行对齐即可
+    # 这是由于 config.yml 里面的内容格式不对,请参考安装文档的说明,把提示的内容与上一行对齐即可
 7. sh make_migrations.sh 时报错 Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?
@@ -91,7 +91,7 @@
 .. code-block:: vim
-    # 这是因为你在 config.py 里面设置了 DEBUG = False
+    # 这是因为你在 config.yml 里面设置了 DEBUG = False
    # 跟着教程继续操作,后面搭建 nginx 代理即可正常访问
 13. 执行 ./cocod start 后提示 No module named 'jms'
@@ -127,7 +127,7 @@
    这是因为当前系统的 hostname 有 coco 不支持的字符,需要手动指定 coco 的 NAME
    $ cd /opt/coco/
-    $ vi conf.py
+    $ vi conf.yml
    # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
    # NAME = "localhost"
@@ -149,8 +149,8 @@
 .. code-block:: vim
-    # 这是因为 coco 无法连接到 jumpserver 报的错误,确定 http://xxxx:8080 设置正确(配置文件 coco/conf.py)
+    # 这是因为 coco 无法连接到 jumpserver 报的错误,确定 http://xxxx:8080 设置正确(配置文件 coco/conf.yml)
-    # 如果 jumpserver 的IP和端口不对,请手动修改 conf.py 的 CORE_HOST
+    # 如果 jumpserver 的IP和端口不对,请手动修改 conf.yml 的 CORE_HOST
 18. 运行 ./cocod start 后提示 Unexpected error occur: 'AppService' object has no attribute 'get_system_user_cmd_filter_rules'

--- a/docs/faq_ssh.rst
+++ b/docs/faq_ssh.rst
@@ -81,7 +81,7 @@ SSH 协议资产连接错误排查思路
    # 这是因为当前系统的 hostname 有 coco 不支持的字符,需要手动指定 coco 的 NAME
    $ cd /opt/coco/
-    $ vi conf.py
+    $ vi conf.yml
    # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
    # NAME = "localhost"

--- a/docs/faq_upgrade.rst
+++ b/docs/faq_upgrade.rst
@@ -59,8 +59,8 @@
    > quit
    # 修改配置文件
-    $ cp /opt/jumpserver_bak/config.py /opt/jumpserver/
+    $ cp /opt/jumpserver_bak/config.yml /opt/jumpserver/
-    $ vim /opt/jumpserver/config.py
+    $ vim /opt/jumpserver/config.yml
    DB_ENGINE = 'mysql'
    DB_HOST = '127.0.0.1'
    DB_PORT = 3306

--- a/docs/migration.rst
+++ b/docs/migration.rst
@@ -53,7 +53,7 @@
 .. code-block:: shell
    $ cd /opt/jumpserver
-    $ vi conf.py
+    $ vi conf.yml
    # 把数据库和 redis 信息修改并保存
 4. 启动 jumpserver

--- a/docs/quickinstall.rst
+++ b/docs/quickinstall.rst
@@ -11,8 +11,8 @@
 端口说明
 ~~~~~~~~~~~~~~
- Jumpserver 默认端口为 8080/tcp 配置文件在 jumpserver/config.py
+- Jumpserver 默认端口为 8080/tcp 配置文件在 jumpserver/config.yml
- Coco 默认 SSH 端口为 2222/tcp ,默认 Web Terminal 端口为 5000/tcp 配置文件在 coco/conf.py
+- Coco 默认 SSH 端口为 2222/tcp ,默认 Web Terminal 端口为 5000/tcp 配置文件在 coco/conf.yml
 - Guacamole 默认端口为 8081/tcp 在 docker run 时指定
 - Nginx 默认端口为 80/tcp
 - Redis 默认端口为 6379/tcp

--- a/docs/setup_by_centos7.rst
+++ b/docs/setup_by_centos7.rst
--- a/docs/setup_by_fast.rst
+++ b/docs/setup_by_fast.rst
@@ -48,15 +48,15 @@
    $ cd /opt \
      && git clone https://github.com/jumpserver/jumpserver.git \
-      && wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz \
+      && wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz \
      && yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) \
      && source /opt/py3/bin/activate \
      && pip install --upgrade pip setuptools \
      && pip install -r /opt/jumpserver/requirements/requirements.txt \
      && curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io \
      && systemctl restart docker \
-      && docker pull jumpserver/jms_coco:1.4.6 \
+      && docker pull jumpserver/jms_coco:1.4.7 \
-      && docker pull jumpserver/jms_guacamole:1.4.6 \
+      && docker pull jumpserver/jms_guacamole:1.4.7 \
      && cd /opt \
      && tar xf luna.tar.gz \
      && chown -R root:root luna \
@@ -129,22 +129,25 @@
    $ systemctl start nginx \
      && DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` \
+      && SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` \
      && BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` \
-      && cp /opt/jumpserver/config_example.py /opt/jumpserver/config.py \
+      && cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml \
      && Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` \
      && mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';flush privileges;" \
-      && sed -i "s/BOOTSTRAP_TOKEN = 'PleaseChangeMe'/BOOTSTRAP_TOKEN = '$BOOTSTRAP_TOKEN'/g" /opt/jumpserver/config.py \
+      && sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml \
-      && sed -i "s/# DEBUG = True/DEBUG = False/g" /opt/jumpserver/config.py \
+      && sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml \
-      && sed -i "s/# LOG_LEVEL = 'DEBUG'/LOG_LEVEL = 'ERROR'/g" /opt/jumpserver/config.py \
+      && sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml \
-      && sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE = False/SESSION_EXPIRE_AT_BROWSER_CLOSE = True/g" /opt/jumpserver/config.py \
+      && sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml \
-      && sed -i "s/DB_PASSWORD = ''/DB_PASSWORD = '$DB_PASSWORD'/g" /opt/jumpserver/config.py
+      && sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml \
+      && sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
 .. code-block:: shell
    $ cd /opt/jumpserver \
      && ./jms start all -d \
-      && docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.6 \
+      && docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.7 \
-      && docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.6 \
+      && docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.7 \
      && echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m" \
+      && echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" \
      && echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" \
      && echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
--- a/docs/setup_by_optimization.rst
+++ b/docs/setup_by_optimization.rst
@@ -9,23 +9,23 @@
 .. code-block:: shell
    $ cd /opt/jumpserver
-    $ vi config.py
+    $ vi config.yml
    # 调整 debug 模式和 log_level
    ...
-    DEBUG = os.environ.get("DEBUG") or False
+    DEBUG: false
    ...
-    LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'ERROR'
+    LOG_LEVEL: ERROR
    ...
 .. code-block:: shell
    $ cd /opt/coco
-    $ vi conf.py
+    $ vi conf.yml
    # 调整 log_level
    ...
-    LOG_LEVEL = 'ERROR'
+    LOG_LEVEL: ERROR
    ...
    # 设置好后重启 jumpserver 和 coco

--- a/docs/setup_by_ubuntu.rst
+++ b/docs/setup_by_ubuntu.rst
--- a/docs/setup_by_ubuntu18.rst
+++ b/docs/setup_by_ubuntu18.rst
@@ -54,11 +54,9 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
-    $ mysql -uroot
+    $ DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24  # 生成随机数据库密码
-    > create database jumpserver default charset 'utf8';
+    $ echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
-    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
+    $ mysql -uroot -p -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
-    > flush privileges;
-    > quit
 **1.5 安装 Python3.6**
@@ -108,70 +106,48 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
    $ cd /opt/jumpserver
-    $ cp config_example.py config.py
+    $ cp config_example.yml config.yml
-    $ vim config.py
-    # 注意对齐,不要直接复制本文档的内容
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
+    $ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
+    $ Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` \
-.. code-block:: python
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
+    $ echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
-    """
+    $ vim config.yml  # 确认内容有没有错误
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
-        Jumpserver project setting file
+.. code-block:: yaml
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
    # SECURITY WARNING: keep the secret key used in production secret!
    # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+    SECRET_KEY:
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
    # SECURITY WARNING: keep the bootstrap token used in production secret!
    # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
    # Development env open this, when error occur display the full process track, Production disable it
    # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
+    DEBUG: false
-        DEBUG = False
    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
    # 日志级别
-        # LOG_LEVEL = 'DEBUG'
+    LOG_LEVEL: ERROR
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    # LOG_DIR:
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
    # Session expiration setting, Default 24 hour, Also set expired on on browser close
    # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
+    # SESSION_COOKIE_AGE: 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
    # Database setting, Support sqlite3, mysql, postgres ....
    # 数据库设置
@@ -179,62 +155,45 @@ Ubuntu 18.04 安装文档
    # SQLite setting:
    # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
+    # DB_ENGINE: sqlite3
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_NAME:
    # MySQL or postgres setting like:
    # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
+    DB_ENGINE: mysql
-        DB_HOST = '127.0.0.1'
+    DB_HOST: 127.0.0.1
-        DB_PORT = 3306
+    DB_PORT: 3306
-        DB_USER = 'jumpserver'
+    DB_USER: jumpserver
-        DB_PASSWORD = 'weakPassword'
+    DB_PASSWORD:
-        DB_NAME = 'jumpserver'
+    DB_NAME: jumpserver
    # When Django start it will bind this host and port
    # ./manage.py runserver 127.0.0.1:8080
    # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
+    HTTP_BIND_HOST: 0.0.0.0
-        HTTP_LISTEN_PORT = 8080
+    HTTP_LISTEN_PORT: 8080
    # Use Redis as broker for celery and web socket
    # Redis配置
-        REDIS_HOST = '127.0.0.1'
+    REDIS_HOST: 127.0.0.1
-        REDIS_PORT = 6379
+    REDIS_PORT: 6379
-        # REDIS_PASSWORD = ''
+    # REDIS_PASSWORD:
-        # REDIS_DB_CELERY_BROKER = 3
+    # REDIS_DB_CELERY: 3
-        # REDIS_DB_CACHE = 4
+    # REDIS_DB_CACHE: 4
    # Use OpenID authorization
    # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
+    # BASE_SITE_URL: http://localhost:8080
-        # AUTH_OPENID = False  # True or False
+    # AUTH_OPENID: false  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
+    # AUTH_OPENID_REALM_NAME: realm-name
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
+    # AUTH_OPENID_CLIENT_ID: client-id
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
-        def __init__(self):
+    # OTP settings
-            pass
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
-        def __getattr__(self, item):
+    # OTP_ISSUER_NAME: Jumpserver
-            return None
-    class DevelopmentConfig(Config):
-        pass
-    class TestConfig(Config):
-        pass
-    class ProductionConfig(Config):
-        pass
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
 **2.5 运行 Jumpserver**
@@ -266,10 +225,8 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.7
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
-    # http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.244.144:8080
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
 四. 安装 RDP Server 和 VNC Server: Guacamole
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -278,9 +235,8 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.7
-    # http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.244.144:8080
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
 五. 安装 Web Terminal 前端: Luna
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -292,7 +248,7 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
    $ cd /opt/
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna

--- a/docs/step_by_step.rst
+++ b/docs/step_by_step.rst
--- a/docs/upgrade.rst
+++ b/docs/upgrade.rst
--- a/docs/user_api.rst
+++ b/docs/user_api.rst
@@ -6,7 +6,7 @@ API 文档
    通过访问 http://Jumpserver的URL地址/docs 来访问( 如 http://192.168.244.144/docs )
    注：需要打开 debug 模式,
-    $ vi jumpserver/config.py
+    $ vi jumpserver/config.yml
    ...
    Debug=True