Merge pull request #2153 from wojiushixiaobai/docs

[Update]更新文档

Merge pull request #2153 from wojiushixiaobai/docs
[Update]更新文档
835f1c04 · wojiushixiaobai · GitHub · 04d2b53c · 4dbac234 · 835f1c04
Unverified Commit 835f1c04 authored Dec 12, 2018 by wojiushixiaobai Committed by GitHub Dec 12, 2018
13 changed files
--- a/docs/distributed_02.rst
+++ b/docs/distributed_02.rst
@@ -59,7 +59,7 @@
    # 下载 luna
    $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.4/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.5/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna

--- a/docs/distributed_05.rst
+++ b/docs/distributed_05.rst
@@ -82,49 +82,83 @@
    class Config:
-        # Use it to encrypt or decrypt data
+        """
+        Jumpserver Config File
-        # Jumpserver 使用 SECRET_KEY 进行加密,请务必修改以下设置
+        Jumpserver 配置文件
-        # SECRET_KEY = '请随意输入随机字符串(推荐字符大于等于 50位)'
-        SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+        Jumpserver use this config for drive django framework running,
+        You can set is value or set the same envirment value,
-        # Django security setting, if your disable debug model, you should setting that
+        Jumpserver look for config order: file => env => default
-        ALLOWED_HOSTS = ['*']
+        Jumpserver使用配置来驱动Django框架的运行，
-        # DEBUG 模式 True为开启 False为关闭,默认开启,生产环境推荐关闭
+        你可以在该文件中设置，或者设置同样名称的环境变量,
-        # 注意：如果设置了DEBUG = False,访问8080端口页面会显示不正常,需要搭建 nginx 代理才可以正常访问
+        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        DEBUG = os.environ.get("DEBUG") or False
+        """
+        # SECURITY WARNING: keep the secret key used in production secret!
-        # 日志级别,默认为DEBUG,可调整为INFO, WARNING, ERROR, CRITICAL,默认INFO
+        # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
+        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        # SECURITY WARNING: keep the bootstrap token used in production secret!
-        # 使用的数据库配置,支持sqlite3, mysql, postgres等,默认使用sqlite3
+        # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvm'
+        # Development env open this, when error occur display the full process track, Production disable it
+        # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+        # DEBUG = True
+        DEBUG = False
+        # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+        # 日志级别
+        # LOG_LEVEL = 'DEBUG'
+        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        LOG_LEVEL = 'ERROR'
+        # Session expiration setting, Default 24 hour, Also set expired on on browser close
+        # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
+        # SESSION_COOKIE_AGE = 3600 * 24
+        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+        # Database setting, Support sqlite3, mysql, postgres ....
+        # 数据库设置
        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-        # 默认使用SQLite3,如果使用其他数据库请注释下面两行
+        # SQLite setting:
+        # 使用单文件sqlite数据库
        # DB_ENGINE = 'sqlite3'
        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-        # 如果需要使用mysql或postgres,请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)
+        # MySQL or postgres setting like:
-        DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
+        # 使用Mysql作为数据库
-        DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
+        DB_ENGINE = 'mysql'
-        DB_PORT = os.environ.get("DB_PORT") or 3306
+        DB_HOST = '127.0.0.1'
-        DB_USER = os.environ.get("DB_USER") or 'jumpserver'
+        DB_PORT = 3306
-        DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
+        DB_USER = 'jumpserver'
-        DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
+        DB_PASSWORD = 'weakPassword'
+        DB_NAME = 'jumpserver'
-        # Django 监听的ip和端口
+        # When Django start it will bind this host and port
        # ./manage.py runserver 127.0.0.1:8080
+        # 运行时绑定端口
        HTTP_BIND_HOST = '0.0.0.0'
        HTTP_LISTEN_PORT = 8080
-        # Redis 相关设置
+        # Use Redis as broker for celery and web socket
-        REDIS_HOST = os.environ.get("REDIS_HOST") or '192.168.100.20'
+        # Redis配置
-        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
+        REDIS_HOST = '127.0.0.1'
-        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or 'weakPassword'
+        REDIS_PORT = 6379
-        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
+        # REDIS_PASSWORD = ''
-        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
+        # REDIS_DB_CELERY_BROKER = 3
+        # REDIS_DB_CACHE = 4
+        # Use OpenID authorization
+        # 使用OpenID 来进行认证设置
+        # BASE_SITE_URL = 'http://localhost:8080'
+        # AUTH_OPENID = False  # True or False
+        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+        # AUTH_OPENID_REALM_NAME = 'realm-name'
+        # AUTH_OPENID_CLIENT_ID = 'client-id'
+        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
        def __init__(self):
            pass

--- a/docs/distributed_06.rst
+++ b/docs/distributed_06.rst
@@ -47,7 +47,8 @@
        -p 2222:2222 \
        -p 5000:5000 \
        -e CORE_HOST=http://192.168.100.30:8080 \
-        wojiushixiaobai/coco:1.4.4
+        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm \
+        wojiushixiaobai/coco:1.4.5
    # 访问 http://192.168.100.100/terminal/terminal/ 接受 coco 注册
@@ -65,6 +66,7 @@
        -p 2223:2222 \
        -p 5001:5000 \
        -e CORE_HOST=http://192.168.100.30:8080 \
-        wojiushixiaobai/coco:1.4.4
+        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm \
+        wojiushixiaobai/coco:1.4.5
    # 访问 http://192.168.100.100/terminal/terminal/ 接受 coco 注册
--- a/docs/distributed_07.rst
+++ b/docs/distributed_07.rst
@@ -47,7 +47,8 @@
        -p 8081:8081 \
        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
        -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
-        wojiushixiaobai/guacamole:1.4.4
+        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm \
+        wojiushixiaobai/guacamole:1.4.5
    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
@@ -63,6 +64,7 @@
        -p 8082:8081 \
        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
        -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
-        wojiushixiaobai/guacamole:1.4.4
+        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm \
+        wojiushixiaobai/guacamole:1.4.5
    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
--- a/docs/dockerinstall.rst
+++ b/docs/dockerinstall.rst
@@ -14,7 +14,7 @@ Docker 安装见: `Docker官方安装文档 <https://docs.docker.com/install/>`_
 .. code-block:: shell
-    # 1.4.4 版本(最新)
+    # 1.4.5 版本(最新)
    $ docker run --name jms_server -d -p 80:80 -p 2222:2222 wojiushixiaobai/jumpserver:latest
 访问
@@ -47,7 +47,7 @@ XShell等工具请添加connection连接,ssh 端口 2222
 额外环境变量
 ```````````````
+- BOOTSTRAP_TOKEN = nwv4RdXpM82LtSvm
 - DB_ENGINE = mysql
 - DB_HOST = mysql_host
 - DB_PORT = 3306
@@ -70,6 +70,7 @@ XShell等工具请添加connection连接,ssh 端口 2222
        -v /opt/mysql:/var/lib/mysql
        -p 80:80 \
        -p 2222:2222 \
+        -e BOOTSTRAP_TOKEN=xxx
        -e DB_ENGINE=mysql \
        -e DB_HOST=192.168.x.x \
        -e DB_PORT=3306 \

--- a/docs/faq_docker.rst
+++ b/docs/faq_docker.rst
@@ -97,5 +97,5 @@ Docker 使用说明
    # 例:
    $ docker pull wojiushixiaobai/jumpserver:latest
-    $ docker pull wojiushixiaobai/coco:1.4.4
+    $ docker pull wojiushixiaobai/coco:1.4.5
-    $ docker pull wojiushixiaobai/guacamole:1.4.4
+    $ docker pull wojiushixiaobai/guacamole:1.4.5
--- a/docs/faq_rdp.rst
+++ b/docs/faq_rdp.rst
@@ -35,7 +35,7 @@ RDP 协议资产连接错误排查思路
    # docker 部署请直接删除容器后重建,记得一定要先在 终端管理 删除不在线的组件
    $ docker stop jms_guacamole
    $ docker rm jms_guacamole
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> wojiushixiaobai/guacamole:1.4.4
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/guacamole:1.4.5
    # 正常运行后到Jumpserver 会话管理-终端管理 里面接受gua注册

--- a/docs/faq_ssh.rst
+++ b/docs/faq_ssh.rst
@@ -32,7 +32,7 @@ SSH 协议资产连接错误排查思路
    # docker 部署请直接删除容器后重建,记得一定要先在 终端管理 删除不在线的组件
    $ docker stop jms_coco
    $ docker rm jms_coco
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> wojiushixiaobai/coco:1.4.4
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/coco:1.4.5
    # 正常运行后到Jumpserver 会话管理-终端管理 里面接受coco注册

--- a/docs/setup_by_centos7.rst
+++ b/docs/setup_by_centos7.rst
@@ -123,49 +123,83 @@ CentOS 7 安装文档
    class Config:
-        # Use it to encrypt or decrypt data
+        """
+        Jumpserver Config File
-        # Jumpserver 使用 SECRET_KEY 进行加密,请务必修改以下设置
+        Jumpserver 配置文件
-        # SECRET_KEY = '请随意输入随机字符串(推荐字符大于等于 50位)'
-        SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+        Jumpserver use this config for drive django framework running,
+        You can set is value or set the same envirment value,
-        # Django security setting, if your disable debug model, you should setting that
+        Jumpserver look for config order: file => env => default
-        ALLOWED_HOSTS = ['*']
+        Jumpserver使用配置来驱动Django框架的运行，
-        # DEBUG 模式 True为开启 False为关闭,默认开启,生产环境推荐关闭
+        你可以在该文件中设置，或者设置同样名称的环境变量,
-        # 注意：如果设置了DEBUG = False,访问8080端口页面会显示不正常,需要搭建 nginx 代理才可以正常访问
+        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        DEBUG = os.environ.get("DEBUG") or False
+        """
+        # SECURITY WARNING: keep the secret key used in production secret!
-        # 日志级别,默认为DEBUG,可调整为INFO, WARNING, ERROR, CRITICAL,默认INFO
+        # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
+        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        # SECURITY WARNING: keep the bootstrap token used in production secret!
-        # 使用的数据库配置,支持sqlite3, mysql, postgres等,默认使用sqlite3
+        # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvm'
+        # Development env open this, when error occur display the full process track, Production disable it
+        # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+        # DEBUG = True
+        DEBUG = False
+        # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+        # 日志级别
+        # LOG_LEVEL = 'DEBUG'
+        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        LOG_LEVEL = 'ERROR'
+        # Session expiration setting, Default 24 hour, Also set expired on on browser close
+        # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
+        # SESSION_COOKIE_AGE = 3600 * 24
+        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+        # Database setting, Support sqlite3, mysql, postgres ....
+        # 数据库设置
        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-        # 默认使用SQLite3,如果使用其他数据库请注释下面两行
+        # SQLite setting:
+        # 使用单文件sqlite数据库
        # DB_ENGINE = 'sqlite3'
        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-        # 如果需要使用mysql或postgres,请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)
+        # MySQL or postgres setting like:
-        DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
+        # 使用Mysql作为数据库
-        DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
+        DB_ENGINE = 'mysql'
-        DB_PORT = os.environ.get("DB_PORT") or 3306
+        DB_HOST = '127.0.0.1'
-        DB_USER = os.environ.get("DB_USER") or 'jumpserver'
+        DB_PORT = 3306
-        DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
+        DB_USER = 'jumpserver'
-        DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
+        DB_PASSWORD = 'weakPassword'
+        DB_NAME = 'jumpserver'
-        # Django 监听的ip和端口
+        # When Django start it will bind this host and port
        # ./manage.py runserver 127.0.0.1:8080
+        # 运行时绑定端口
        HTTP_BIND_HOST = '0.0.0.0'
        HTTP_LISTEN_PORT = 8080
-        # Redis 相关设置
+        # Use Redis as broker for celery and web socket
-        REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
+        # Redis配置
-        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
+        REDIS_HOST = '127.0.0.1'
-        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
+        REDIS_PORT = 6379
-        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
+        # REDIS_PASSWORD = ''
-        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
+        # REDIS_DB_CELERY_BROKER = 3
+        # REDIS_DB_CACHE = 4
+        # Use OpenID authorization
+        # 使用OpenID 来进行认证设置
+        # BASE_SITE_URL = 'http://localhost:8080'
+        # AUTH_OPENID = False  # True or False
+        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+        # AUTH_OPENID_REALM_NAME = 'realm-name'
+        # AUTH_OPENID_CLIENT_ID = 'client-id'
+        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
        def __init__(self):
            pass
@@ -211,8 +245,8 @@ CentOS 7 安装文档
    $ systemctl start docker
    # 注意,<Jumpserver_url> 请自行修改成 jumpserver 对外的访问地址,如 192.168.100.100:8080
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> wojiushixiaobai/coco:1.4.4
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/coco:1.4.5
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> wojiushixiaobai/guacamole:1.4.4
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/guacamole:1.4.5
    # 允许 容器ip 访问宿主 8080 端口,(容器的 ip 可以进入容器查看)
    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.2" port protocol="tcp" port="8080" accept"
@@ -224,7 +258,7 @@ CentOS 7 安装文档
    # 安装 Web Terminal 前端: Luna  需要 Nginx 来运行访问 访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包,直接解压,不需要编译
    $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.4/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.5/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna
@@ -324,13 +358,13 @@ CentOS 7 安装文档
 .. code-block:: shell
    # coco 服务默认运行在单核心下面, 当负载过高时会导致用户访问变慢, 这时可运行多个 docker 容器缓解
-    $ docker run --name jms_coco01 -d -p 2223:2222 -p 5001:5000 -e CORE_HOST=http://<Jumpserver_url> wojiushixiaobai/coco:1.4.4
+    $ docker run --name jms_coco01 -d -p 2223:2222 -p 5001:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/coco:1.4.5
-    $ docker run --name jms_coco02 -d -p 2224:2222 -p 5002:5000 -e CORE_HOST=http://<Jumpserver_url> wojiushixiaobai/coco:1.4.4
+    $ docker run --name jms_coco02 -d -p 2224:2222 -p 5002:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/coco:1.4.5
    ...
    # guacamole 也是一样
-    $ docker run --name jms_guacamole01 -d -p 8082:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> wojiushixiaobai/guacamole:1.4.4
+    $ docker run --name jms_guacamole01 -d -p 8082:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/guacamole:1.4.5
-    $ docker run --name jms_guacamole02 -d -p 8083:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> wojiushixiaobai/guacamole:1.4.4
+    $ docker run --name jms_guacamole02 -d -p 8083:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm wojiushixiaobai/guacamole:1.4.5
    ...
    # 注意开放防火墙, ip 请根据实际情况修改

--- a/docs/setup_by_ubuntu.rst
+++ b/docs/setup_by_ubuntu.rst
@@ -148,49 +148,83 @@
    class Config:
-        # Use it to encrypt or decrypt data
+        """
+        Jumpserver Config File
-        # Jumpserver 使用 SECRET_KEY 进行加密,请务必修改以下设置
+        Jumpserver 配置文件
-        # SECRET_KEY = '请随意输入随机字符串(推荐字符大于等于 50位)'
-        SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-        # Django security setting, if your disable debug model, you should setting that
+        Jumpserver use this config for drive django framework running,
-        ALLOWED_HOSTS = ['*']
+        You can set is value or set the same envirment value,
+        Jumpserver look for config order: file => env => default
-        # DEBUG 模式 True为开启 False为关闭,默认开启,生产环境推荐关闭
+        Jumpserver使用配置来驱动Django框架的运行，
-        # 注意：如果设置了DEBUG = False,访问8080端口页面会显示不正常,需要搭建 nginx 代理才可以正常访问
+        你可以在该文件中设置，或者设置同样名称的环境变量,
-        DEBUG = os.environ.get("DEBUG") or False
+        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
+        """
+        # SECURITY WARNING: keep the secret key used in production secret!
+        # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+        # SECURITY WARNING: keep the bootstrap token used in production secret!
+        # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvm'
+        # Development env open this, when error occur display the full process track, Production disable it
+        # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+        # DEBUG = True
+        DEBUG = False
+        # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+        # 日志级别
+        # LOG_LEVEL = 'DEBUG'
+        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        LOG_LEVEL = 'ERROR'
-        # 日志级别,默认为DEBUG,可调整为INFO, WARNING, ERROR, CRITICAL,默认INFO
+        # Session expiration setting, Default 24 hour, Also set expired on on browser close
-        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
+        # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        # SESSION_COOKIE_AGE = 3600 * 24
+        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
-        # 使用的数据库配置,支持sqlite3, mysql, postgres等,默认使用sqlite3
+        # Database setting, Support sqlite3, mysql, postgres ....
+        # 数据库设置
        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-        # 默认使用SQLite3,如果使用其他数据库请注释下面两行
+        # SQLite setting:
+        # 使用单文件sqlite数据库
        # DB_ENGINE = 'sqlite3'
        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-        # 如果需要使用mysql或postgres,请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)
+        # MySQL or postgres setting like:
-        DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
+        # 使用Mysql作为数据库
-        DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
+        DB_ENGINE = 'mysql'
-        DB_PORT = os.environ.get("DB_PORT") or 3306
+        DB_HOST = '127.0.0.1'
-        DB_USER = os.environ.get("DB_USER") or 'jumpserver'
+        DB_PORT = 3306
-        DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
+        DB_USER = 'jumpserver'
-        DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
+        DB_PASSWORD = 'weakPassword'
+        DB_NAME = 'jumpserver'
-        # Django 监听的ip和端口
+        # When Django start it will bind this host and port
        # ./manage.py runserver 127.0.0.1:8080
+        # 运行时绑定端口
        HTTP_BIND_HOST = '0.0.0.0'
        HTTP_LISTEN_PORT = 8080
-        # Redis 相关设置
+        # Use Redis as broker for celery and web socket
-        REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
+        # Redis配置
-        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
+        REDIS_HOST = '127.0.0.1'
-        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
+        REDIS_PORT = 6379
-        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
+        # REDIS_PASSWORD = ''
-        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
+        # REDIS_DB_CELERY_BROKER = 3
+        # REDIS_DB_CACHE = 4
+        # Use OpenID authorization
+        # 使用OpenID 来进行认证设置
+        # BASE_SITE_URL = 'http://localhost:8080'
+        # AUTH_OPENID = False  # True or False
+        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+        # AUTH_OPENID_REALM_NAME = 'realm-name'
+        # AUTH_OPENID_CLIENT_ID = 'client-id'
+        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
        def __init__(self):
            pass
@@ -292,6 +326,11 @@
        # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
        CORE_HOST = 'http://127.0.0.1:8080'
+        # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
+        # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
+        # BOOTSTRAP_TOKEN = "PleaseChangeMe"
+        BOOTSTRAP_TOKEN = "nwv4RdXpM82LtSvmV"
        # 启动时绑定的ip, 默认 0.0.0.0
        # BIND_HOST = '0.0.0.0'
@@ -313,7 +352,7 @@
        # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
        # LOG_LEVEL = 'INFO'
-        LOG_LEVEL = 'WARN'
+        LOG_LEVEL = 'ERROR'
        # 日志存放的目录
        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
@@ -377,7 +416,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
 .. code-block:: shell
    $ cd /opt/
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.4/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.5/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna
@@ -439,6 +478,8 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
    $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
+    $ export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm
+    $ echo "export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm" >> ~/.bashrc
    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
    $ export GUACAMOLE_HOME=/config/guacamole

--- a/docs/start_automatically.rst
+++ b/docs/start_automatically.rst
@@ -39,6 +39,7 @@
    export GUACAMOLE_HOME=/config/guacamole
    export JUMPSERVER_KEY_DIR=/config/guacamole/keys
    export JUMPSERVER_SERVER=http://127.0.0.1:8080
+    export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm
    /etc/init.d/guacd start
    cd /config/tomcat8/bin && ./startup.sh
@@ -192,7 +193,7 @@ Systemd 管理启动 Jumpserver
    [Service]
    Type=forking
    PIDFile=/config/tomcat8/tomcat.pid
-    Environment="JUMPSERVER_SERVER=http://127.0.0.1:8080" "JUMPSERVER_KEY_DIR=/config/guacamole/keys" "GUACAMOLE_HOME=/config/guacamole"
+    Environment="JUMPSERVER_SERVER=http://127.0.0.1:8080" "JUMPSERVER_KEY_DIR=/config/guacamole/keys" "GUACAMOLE_HOME=/config/guacamole" "BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm"
    ExecStart=/config/tomcat8/bin/startup.sh
    ExecReload=
    ExecStop=/config/tomcat8/bin/shutdown.sh

--- a/docs/step_by_step.rst
+++ b/docs/step_by_step.rst
@@ -179,49 +179,83 @@
    class Config:
-        # Use it to encrypt or decrypt data
+        """
+        Jumpserver Config File
-        # Jumpserver 使用 SECRET_KEY 进行加密,请务必修改以下设置
+        Jumpserver 配置文件
-        # SECRET_KEY = '请随意输入随机字符串(推荐字符大于等于 50位)'
-        SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-        # Django security setting, if your disable debug model, you should setting that
+        Jumpserver use this config for drive django framework running,
-        ALLOWED_HOSTS = ['*']
+        You can set is value or set the same envirment value,
+        Jumpserver look for config order: file => env => default
-        # DEBUG 模式 True为开启 False为关闭,默认开启,生产环境推荐关闭
+        Jumpserver使用配置来驱动Django框架的运行，
-        # 注意：如果设置了DEBUG = False,访问8080端口页面会显示不正常,需要搭建 nginx 代理才可以正常访问
+        你可以在该文件中设置，或者设置同样名称的环境变量,
-        DEBUG = os.environ.get("DEBUG") or True
+        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
+        """
+        # SECURITY WARNING: keep the secret key used in production secret!
+        # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+        # SECURITY WARNING: keep the bootstrap token used in production secret!
+        # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvm'
+        # Development env open this, when error occur display the full process track, Production disable it
+        # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+        # DEBUG = True
+        DEBUG = False
+        # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+        # 日志级别
+        # LOG_LEVEL = 'DEBUG'
+        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        LOG_LEVEL = 'ERROR'
-        # 日志级别,默认为DEBUG,可调整为INFO, WARNING, ERROR, CRITICAL,默认INFO
+        # Session expiration setting, Default 24 hour, Also set expired on on browser close
-        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
+        # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+        # SESSION_COOKIE_AGE = 3600 * 24
+        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
-        # 使用的数据库配置,支持sqlite3, mysql, postgres等,默认使用sqlite3
+        # Database setting, Support sqlite3, mysql, postgres ....
+        # 数据库设置
        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-        # 默认使用SQLite3,如果使用其他数据库请注释下面两行
+        # SQLite setting:
+        # 使用单文件sqlite数据库
        # DB_ENGINE = 'sqlite3'
        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-        # 如果需要使用mysql或postgres,请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)
+        # MySQL or postgres setting like:
-        DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
+        # 使用Mysql作为数据库
-        DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
+        DB_ENGINE = 'mysql'
-        DB_PORT = os.environ.get("DB_PORT") or 3306
+        DB_HOST = '127.0.0.1'
-        DB_USER = os.environ.get("DB_USER") or 'jumpserver'
+        DB_PORT = 3306
-        DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
+        DB_USER = 'jumpserver'
-        DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
+        DB_PASSWORD = 'weakPassword'
+        DB_NAME = 'jumpserver'
-        # Django 监听的ip和端口
+        # When Django start it will bind this host and port
        # ./manage.py runserver 127.0.0.1:8080
+        # 运行时绑定端口
        HTTP_BIND_HOST = '0.0.0.0'
        HTTP_LISTEN_PORT = 8080
-        # Redis 相关设置
+        # Use Redis as broker for celery and web socket
-        REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
+        # Redis配置
-        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
+        REDIS_HOST = '127.0.0.1'
-        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
+        REDIS_PORT = 6379
-        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
+        # REDIS_PASSWORD = ''
-        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
+        # REDIS_DB_CELERY_BROKER = 3
+        # REDIS_DB_CACHE = 4
+        # Use OpenID authorization
+        # 使用OpenID 来进行认证设置
+        # BASE_SITE_URL = 'http://localhost:8080'
+        # AUTH_OPENID = False  # True or False
+        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+        # AUTH_OPENID_REALM_NAME = 'realm-name'
+        # AUTH_OPENID_CLIENT_ID = 'client-id'
+        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
        def __init__(self):
            pass
@@ -324,6 +358,11 @@
        # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
        CORE_HOST = 'http://127.0.0.1:8080'
+        # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
+        # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
+        # BOOTSTRAP_TOKEN = "PleaseChangeMe"
+        BOOTSTRAP_TOKEN = "nwv4RdXpM82LtSvmV"
        # 启动时绑定的ip, 默认 0.0.0.0
        # BIND_HOST = '0.0.0.0'
@@ -345,7 +384,7 @@
        # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
        # LOG_LEVEL = 'INFO'
-        LOG_LEVEL = 'WARN'
+        LOG_LEVEL = 'ERROR'
        # 日志存放的目录
        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
@@ -407,7 +446,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
 .. code-block:: shell
    $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.4/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.5/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna
@@ -475,6 +514,8 @@ Guacamole 需要 Tomcat 来运行
    $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
+    $ export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm
+    $ echo "export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvm" >> ~/.bashrc
    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
    $ export GUACAMOLE_HOME=/config/guacamole

--- a/docs/upgrade.rst
+++ b/docs/upgrade.rst
@@ -368,7 +368,7 @@
    $ cd /opt
    $ rm -rf luna
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.4/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.5/luna.tar.gz
    $ tar xf luna.tar.gz
    $ chown -R root:root luna