更新文档

docs/distributed_01.rst

@@ -17,16 +17,7 @@
 -  Nginx 代理 IP: 192.168.100.100
 
 
-
-数据库服务器运行 mariadb 服务
-
-Jumpserver 服务器运行 jumpserver、redis 服务
-
-Coco 服务器运行 coco 服务
-
-Guacamole 服务器运行 docker 服务
-
-Nginx 代理服务器运行 nginx 服务，注意 upstream 的负载模式，需要解决 session 问题
+Nginx 多组件注意 upstream 的负载模式，需要解决 session 问题
 
 安全
 ~~~~~~~

docs/distributed_06.rst

@@ -23,19 +23,56 @@
     # 安装依赖包
     $ yum install -y yum-utils device-mapper-persistent-data lvm2
 
-    # 设置 selinux 策略
-    $ chcon -Rt svirt_sandbox_file_t /opt/guacamole/key
-
-    # 安装 docker（192.168.100.100 是 jumpserver 的 url 地址）
-    $ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-    $ yum makecache fast
-    $ yum install docker-ce
-    $ systemctl start docker
-    $ docker run --name jms_guacamole -d \
-      -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-      -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-      -e JUMPSERVER_SERVER=http://192.168.100.100 \
-      jumpserver/guacamole:latest
+    # 设置 selinux 与 防火墙
+    $ setenforce 0
+    $ sed -i "s/enforcing/disabled/g" `grep enforcing -rl /etc/selinux/config`
+    $ firewall-cmd --zone=public --add-port=8081/tcp --permanent
+    $ firewall-cmd --reload
+
+    $ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
+    $ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
+    $ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
+
+    $ yum install -y git gcc java-1.8.0-openjdk libtool
+    $ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
+    $ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
+
+    $ cd /opt
+    $ git clone https://github.com/jumpserver/docker-guacamole.git
+
+    $ cd /opt/docker-guacamole/
+    $ tar -xf guacamole-server-0.9.14.tar.gz
+    $ cd guacamole-server-0.9.14
+    $ autoreconf -fi
+    $ ./configure --with-init-dir=/etc/init.d
+    $ make && make install
+    $ cd ..
+    $ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
+    $ ldconfig
+
+    $ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions  # 创建 guacamole 目录
+    $ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+    $ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/  # guacamole 配置文件
+
+    $ cd /config
+    $ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
+    $ tar xf apache-tomcat-8.5.34.tar.gz
+    $ rm -rf apache-tomcat-8.5.34.tar.gz
+    $ mv apache-tomcat-8.5.34 tomcat8
+    $ rm -rf /config/tomcat8/webapps/*
+    $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
+
+    $ export JUMPSERVER_SERVER=http://192.168.100.100  # 192.168.100.100 指 jumpserver 访问地址
+    $ echo "export JUMPSERVER_SERVER=192.168.100.100" >> ~/.bashrc
+    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
+    $ export GUACAMOLE_HOME=/config/guacamole
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
+
+    $ /etc/init.d/guacd start
+    $ sh /config/tomcat8/bin/startup.sh
 
     # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
 

docs/setup_by_centos7.rst

@@ -33,9 +33,8 @@ CentOS 7 安装文档
 
     $ firewall-cmd --reload  # 重新载入规则
 
-    $ setsebool -P httpd_can_network_connect 1  # 设置 selinux 允许 http 访问
-    $ mkdir -p /opt/guacamole/key
-    $ chcon -Rt svirt_sandbox_file_t /opt/guacamole/key  # 设置 selinux 允许容器对目录读写
+    $ setenforce 0
+    $ sed -i "s/enforcing/disabled/g" `grep enforcing -rl /etc/selinux/config`
 
     # 修改字符集，否则可能报 input/output error的问题，因为日志里打印了中文
     $ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
@@ -307,13 +306,41 @@ CentOS 7 安装文档
     $ chown -R root:root luna
 
     # 安装 Windows 支持组件（如果不需要管理 windows 资产，可以直接跳过这一步）
-    $ yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine
-    $ yum install -y yum-utils device-mapper-persistent-data lvm2
-    $ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-    $ yum makecache fast
-    $ yum install docker-ce
-    $ systemctl start docker
-    $ docker pull jumpserver/guacamole:latest
+    $ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
+    $ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
+    $ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
+    $ yum install -y git gcc java-1.8.0-openjdk libtool
+    $ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
+    $ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
+    $ cd /op
+    $ git clone https://github.com/jumpserver/docker-guacamole.git
+    $ cd /opt/docker-guacamole/
+    $ tar -xf guacamole-server-0.9.14.tar.gz
+    $ cd guacamole-server-0.9.14
+    $ autoreconf -fi
+    $ ./configure --with-init-dir=/etc/init.d
+    $ make && make install
+    $ cd ..
+    $ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
+    $ ldconfig
+    $ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions  # 创建 guacamole 目录
+    $ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+    $ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/  # guacamole 配置文件
+    $ cd /config
+    $ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
+    $ tar xf apache-tomcat-8.5.34.tar.gz
+    $ rm -rf apache-tomcat-8.5.34.tar.gz
+    $ mv apache-tomcat-8.5.34 tomcat8
+    $ rm -rf /config/tomcat8/webapps/*
+    $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
+    $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
+    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
+    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
+    $ export GUACAMOLE_HOME=/config/guacamole
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
 
 ::
 
@@ -398,13 +425,8 @@ CentOS 7 安装文档
     # 新版本更新了运行脚本，使用方式./cocod start|stop|status|restart  后台运行请添加 -d 参数
 
     # 运行 Guacamole
-    # 注意：这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.244.144:8080 或 http://192.168.244.144 不能使用 127.0.0.1
-    $ docker run --name jms_guacamole -d \
-        -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-        -e JUMPSERVER_SERVER=http://<填写jumpserver的url地址> \
-        jumpserver/guacamole:latest
-    # docker 重启容器的方法docker restart jms_guacamole
+    $ /etc/init.d/guacd start
+    $ sh /config/tomcat8/bin/startup.sh
 
     # 运行 Nginx
     $ nginx -t   # 确保配置没有问题, 有问题请先解决

docs/setup_by_ubuntu.rst

@@ -410,15 +410,15 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
     $ mv apache-tomcat-8.5.34 tomcat8
     $ rm -rf /config/tomcat8/webapps/*
     $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
-    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl"8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
     $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
 
     $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
-    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> .bashrc
+    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
     $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
-    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> .bashrc
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
     $ export GUACAMOLE_HOME=/config/guacamole
-    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> .bashrc
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
 
     $ /etc/init.d/guacd restart
     $ sh /config/tomcat8/bin/startup.sh

docs/step_by_step.rst

@@ -447,17 +447,17 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
     $ tar xf apache-tomcat-8.5.34.tar.gz
     $ rm -rf apache-tomcat-8.5.34.tar.gz
     $ mv apache-tomcat-8.5.34 tomcat8
-    $ rm -rf /var/lib/tomcat/webapps/*
+    $ rm -rf /config/tomcat8/webapps/*
     $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
-    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl"8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
     $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
 
     $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
-    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> .bashrc
+    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
     $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
-    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> .bashrc
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
     $ export GUACAMOLE_HOME=/config/guacamole
-    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> .bashrc
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
 
     $ /etc/init.d/guacd start
     $ sh /config/tomcat8/bin/startup.sh