更新文档

98a2957e · wojiushixiaobai · 2bcfb9c9 · 98a2957e · 98a2957e · 98a2957e
Commit 98a2957e authored Oct 27, 2018 by wojiushixiaobai
5 changed files
--- a/docs/distributed_01.rst
+++ b/docs/distributed_01.rst
@@ -17,16 +17,7 @@
 -  Nginx 代理 IP: 192.168.100.100
+Nginx 多组件注意 upstream 的负载模式，需要解决 session 问题
-数据库服务器运行 mariadb 服务
-Jumpserver 服务器运行 jumpserver、redis 服务
-Coco 服务器运行 coco 服务
-Guacamole 服务器运行 docker 服务
-Nginx 代理服务器运行 nginx 服务，注意 upstream 的负载模式，需要解决 session 问题
 安全
 ~~~~~~~

--- a/docs/distributed_06.rst
+++ b/docs/distributed_06.rst
@@ -23,19 +23,56 @@
    # 安装依赖包
    $ yum install -y yum-utils device-mapper-persistent-data lvm2
-    # 设置 selinux 策略
+    # 设置 selinux 与 防火墙
-    $ chcon -Rt svirt_sandbox_file_t /opt/guacamole/key
+    $ setenforce 0
+    $ sed -i "s/enforcing/disabled/g" `grep enforcing -rl /etc/selinux/config`
-    # 安装 docker（192.168.100.100 是 jumpserver 的 url 地址）
+    $ firewall-cmd --zone=public --add-port=8081/tcp --permanent
-    $ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+    $ firewall-cmd --reload
-    $ yum makecache fast
-    $ yum install docker-ce
+    $ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
-    $ systemctl start docker
+    $ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
-    $ docker run --name jms_guacamole -d \
+    $ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
-      -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-      -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
+    $ yum install -y git gcc java-1.8.0-openjdk libtool
-      -e JUMPSERVER_SERVER=http://192.168.100.100 \
+    $ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
-      jumpserver/guacamole:latest
+    $ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
+    $ cd /opt
+    $ git clone https://github.com/jumpserver/docker-guacamole.git
+    $ cd /opt/docker-guacamole/
+    $ tar -xf guacamole-server-0.9.14.tar.gz
+    $ cd guacamole-server-0.9.14
+    $ autoreconf -fi
+    $ ./configure --with-init-dir=/etc/init.d
+    $ make && make install
+    $ cd ..
+    $ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
+    $ ldconfig
+    $ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions  # 创建 guacamole 目录
+    $ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+    $ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/  # guacamole 配置文件
+    $ cd /config
+    $ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
+    $ tar xf apache-tomcat-8.5.34.tar.gz
+    $ rm -rf apache-tomcat-8.5.34.tar.gz
+    $ mv apache-tomcat-8.5.34 tomcat8
+    $ rm -rf /config/tomcat8/webapps/*
+    $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
+    $ export JUMPSERVER_SERVER=http://192.168.100.100  # 192.168.100.100 指 jumpserver 访问地址
+    $ echo "export JUMPSERVER_SERVER=192.168.100.100" >> ~/.bashrc
+    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
+    $ export GUACAMOLE_HOME=/config/guacamole
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
+    $ /etc/init.d/guacd start
+    $ sh /config/tomcat8/bin/startup.sh
    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册

--- a/docs/setup_by_centos7.rst
+++ b/docs/setup_by_centos7.rst
@@ -33,9 +33,8 @@ CentOS 7 安装文档
    $ firewall-cmd --reload  # 重新载入规则
-    $ setsebool -P httpd_can_network_connect 1  # 设置 selinux 允许 http 访问
+    $ setenforce 0
-    $ mkdir -p /opt/guacamole/key
+    $ sed -i "s/enforcing/disabled/g" `grep enforcing -rl /etc/selinux/config`
-    $ chcon -Rt svirt_sandbox_file_t /opt/guacamole/key  # 设置 selinux 允许容器对目录读写
    # 修改字符集，否则可能报 input/output error的问题，因为日志里打印了中文
    $ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
@@ -307,13 +306,41 @@ CentOS 7 安装文档
    $ chown -R root:root luna
    # 安装 Windows 支持组件（如果不需要管理 windows 资产，可以直接跳过这一步）
-    $ yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine
+    $ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
-    $ yum install -y yum-utils device-mapper-persistent-data lvm2
+    $ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
-    $ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+    $ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
-    $ yum makecache fast
+    $ yum install -y git gcc java-1.8.0-openjdk libtool
-    $ yum install docker-ce
+    $ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
-    $ systemctl start docker
+    $ yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
-    $ docker pull jumpserver/guacamole:latest
+    $ cd /op
+    $ git clone https://github.com/jumpserver/docker-guacamole.git
+    $ cd /opt/docker-guacamole/
+    $ tar -xf guacamole-server-0.9.14.tar.gz
+    $ cd guacamole-server-0.9.14
+    $ autoreconf -fi
+    $ ./configure --with-init-dir=/etc/init.d
+    $ make && make install
+    $ cd ..
+    $ rm -rf guacamole-server-0.9.14.tar.gz guacamole-server-0.9.14
+    $ ldconfig
+    $ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions  # 创建 guacamole 目录
+    $ cp /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+    $ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/  # guacamole 配置文件
+    $ cd /config
+    $ wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
+    $ tar xf apache-tomcat-8.5.34.tar.gz
+    $ rm -rf apache-tomcat-8.5.34.tar.gz
+    $ mv apache-tomcat-8.5.34 tomcat8
+    $ rm -rf /config/tomcat8/webapps/*
+    $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
+    $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
+    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
+    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
+    $ export GUACAMOLE_HOME=/config/guacamole
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
 ::
@@ -398,13 +425,8 @@ CentOS 7 安装文档
    # 新版本更新了运行脚本，使用方式./cocod start|stop|status|restart  后台运行请添加 -d 参数
    # 运行 Guacamole
-    # 注意：这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.244.144:8080 或 http://192.168.244.144 不能使用 127.0.0.1
+    $ /etc/init.d/guacd start
-    $ docker run --name jms_guacamole -d \
+    $ sh /config/tomcat8/bin/startup.sh
-        -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-        -e JUMPSERVER_SERVER=http://<填写jumpserver的url地址> \
-        jumpserver/guacamole:latest
-    # docker 重启容器的方法docker restart jms_guacamole
    # 运行 Nginx
    $ nginx -t   # 确保配置没有问题, 有问题请先解决

--- a/docs/setup_by_ubuntu.rst
+++ b/docs/setup_by_ubuntu.rst
@@ -410,15 +410,15 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
    $ mv apache-tomcat-8.5.34 tomcat8
    $ rm -rf /config/tomcat8/webapps/*
    $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
-    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl"8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
    $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
    $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
-    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> .bashrc
+    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
-    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> .bashrc
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
    $ export GUACAMOLE_HOME=/config/guacamole
-    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> .bashrc
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
    $ /etc/init.d/guacd restart
    $ sh /config/tomcat8/bin/startup.sh

--- a/docs/step_by_step.rst
+++ b/docs/step_by_step.rst
@@ -447,17 +447,17 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
    $ tar xf apache-tomcat-8.5.34.tar.gz
    $ rm -rf apache-tomcat-8.5.34.tar.gz
    $ mv apache-tomcat-8.5.34 tomcat8
-    $ rm -rf /var/lib/tomcat/webapps/*
+    $ rm -rf /config/tomcat8/webapps/*
    $ cp /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war  # guacamole client
-    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl"8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
+    $ sed -i 's/Connector port="8080"/Connector port="8081"/g' `grep 'Connector port="8080"' -rl /config/tomcat8/conf/server.xml`  # 修改默认端口为 8081
    $ sed -i 's/FINE/WARNING/g' `grep 'FINE' -rl /config/tomcat8/conf/logging.properties`  # 修改 log 等级为 WARNING
    $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
-    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> .bashrc
+    $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
    $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
-    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> .bashrc
+    $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
    $ export GUACAMOLE_HOME=/config/guacamole
-    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> .bashrc
+    $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
    $ /etc/init.d/guacd start
    $ sh /config/tomcat8/bin/startup.sh