Skip to content

J
jumpserver
Unverified Commit bf87c739 authored by wojiushixiaobai's avatar wojiushixiaobai Committed by GitHub
Browse files
Options

Merge pull request #2600 from wojiushixiaobai/docs 

[Update]更新文档
parents 0738a557 b47b2938
Hide whitespace changes
Inline Side-by-side
Showing with 38 additions and 219 deletions
docs/faq_install.rst
View file @ bf87c739
...@@ -87,14 +87,22 @@ ...@@ -87,14 +87,22 @@
# 这是严格模式的警告, 可以参考后面的url解决, 或者忽略 # 这是严格模式的警告, 可以参考后面的url解决, 或者忽略
12. 启动 jumpserver 后, 访问 8080 端口页面显示不正常 12. 启动 Jumpserver 或者 coco 报错 Error: expected '<document start>', but found '<scalar>'
.. code-block:: vim
# 这是因为你的 config.yml 文件格式有误
# 常见的错误就是字段为空或者: 后面有一个空格
# SECRET_KEY: xxxxx # 不要忽略: 后面的空格
13. 启动 jumpserver 后, 访问 8080 端口页面显示不正常
.. code-block:: vim .. code-block:: vim
# 这是因为你在 config.yml 里面设置了 DEBUG: false # 这是因为你在 config.yml 里面设置了 DEBUG: false
# 跟着教程继续操作, 后面搭建 nginx 代理即可正常访问 # 跟着教程继续操作, 后面搭建 nginx 代理即可正常访问
13. 执行 ./cocod start 后提示 No module named 'jms' 14. 执行 ./cocod start 后提示 No module named 'jms'
.. code-block:: shell .. code-block:: shell
...@@ -109,7 +117,7 @@ ...@@ -109,7 +117,7 @@
$ pip install -r requirements/requirements.txt $ pip install -r requirements/requirements.txt
# 然后重新执行 ./cocod start 即可 # 然后重新执行 ./cocod start 即可
14. 执行 ./cocod start 后提示 Failed register terminal xxxx exist already 15. 执行 ./cocod start 后提示 Failed register terminal xxxx exist already
.. code-block:: shell .. code-block:: shell
...@@ -121,11 +129,11 @@ ...@@ -121,11 +129,11 @@
$ rm /opt/coco/data/keys/.access_key # coco, 如果你是按文档安装的, key应该在这里, 如果不存在key文件直接下一步 $ rm /opt/coco/data/keys/.access_key # coco, 如果你是按文档安装的, key应该在这里, 如果不存在key文件直接下一步
$ ./cocod start -d # 正常运行后到Jumpserver 会话管理-终端管理 里面接受coco注册 $ ./cocod start -d # 正常运行后到Jumpserver 会话管理-终端管理 里面接受coco注册
15. 执行 ./cocod start 后提示 Failed register terminal unknow: xxxx 16. 执行 ./cocod start 后提示 Failed register terminal unknow: xxxx
.. code-block:: vim .. code-block:: vim
这是因为当前系统的 hostname 有 coco 不支持的字符, 需要手动指定 coco 的 NAME # 这是因为当前系统的 hostname 有 coco 不支持的字符, 需要手动指定 coco 的 NAME
$ cd /opt/coco/ $ cd /opt/coco/
$ vi config.yml $ vi config.yml
...@@ -133,36 +141,36 @@ ...@@ -133,36 +141,36 @@
# NAME: {{ Hostname }} # NAME: {{ Hostname }}
NAME: localhost NAME: localhost
保存后重新执行 ./cocod start 即可 # 保存后重新执行 ./cocod start 即可
16. 运行 ./cocod start 后提示 No such file or directory: '/opt/coco/xxx/xxx' 17. 运行 ./cocod start 后提示 "detail":"身份认证信息未提供。" Failed register terminal
.. code-block:: shell .. code-block:: shell
这是一个小 bug, 之后的版本会修复掉 # 保证 coco 的 BOOTSTRAP_TOKEN 与 jumpserver/config.yml 里面的内容不一致
$ cd /opt/coco $ cat /opt/jumpserver/config.yml | grep BOOTSTRAP_TOKEN
$ mkdir keys logs $ cat /opt/coco/config.yml | grep BOOTSTRAP_TOKEN
保存后重新执行 ./cocod start 即可 # 修改成一致保存后 重新执行 ./cocod start 即可
17. 运行 ./cocod start 后提示 Connect endpoint http://xxxx:8080 error: HTTPConnectionPool(host='xxxx', port=8080) 18. 运行 ./cocod start 后提示 Connect endpoint http://xxxx:8080 error: HTTPConnectionPool(host='xxxx', port=8080)
.. code-block:: vim .. code-block:: vim
# 这是因为 coco 无法连接到 jumpserver 报的错误, 确定 http://xxxx:8080 设置正确(配置文件 coco/config.yml) # 这是因为 coco 无法连接到 jumpserver 报的错误, 确定 http://xxxx:8080 设置正确(配置文件 coco/config.yml)
# 如果 jumpserver 的IP和端口不对, 请手动修改 config.yml 的 CORE_HOST # 如果 jumpserver 的IP和端口不对, 请手动修改 config.yml 的 CORE_HOST
18. 运行 ./cocod start 后提示 Unexpected error occur: 'AppService' object has no attribute 'get_system_user_cmd_filter_rules' 19. 运行 ./cocod start 后提示 Unexpected error occur: 'AppService' object has no attribute 'get_system_user_cmd_filter_rules'
.. code-block:: vim .. code-block:: vim
# 这是因为你的 pip 依赖包未正确安装, 参考本文档第 4 条 # 这是因为你的 pip 依赖包未正确安装, 参考本文档第 4 条
19. 通过 nginx 代理的端口访问 jumpserver 页面显示不正常 20. 通过 nginx 代理的端口访问 jumpserver 页面显示不正常
.. code-block:: nginx .. code-block:: nginx
这是因为你没有按照教程进行安装, 修改了安装目录, 需要在 nginx 的配置文件里面修改资源路径 # 这是因为你没有按照教程进行安装, 修改了安装目录, 需要在 nginx 的配置文件里面修改资源路径
$ vi /etc/nginx/conf.d/jumpserver.conf $ vi /etc/nginx/conf.d/jumpserver.conf
... ...
...@@ -222,7 +230,7 @@ ...@@ -222,7 +230,7 @@
... ...
20. 访问 luna 页面提示 Luna是单独部署的一个程序, 你需要部署luna, coco, 配置nginx做url分发... 21. 访问 luna 页面提示 Luna是单独部署的一个程序, 你需要部署luna, coco, 配置nginx做url分发...
.. code-block:: vim .. code-block:: vim
......
docs/quick_start.rst
View file @ bf87c739
...@@ -109,7 +109,7 @@ ...@@ -109,7 +109,7 @@
# "管理用户"是资产上的 root, 或拥有 NOPASSWD: ALL sudo 权限的用户, Jumpserver 使用该用户来推送系统用户、获取资产硬件信息等。 Windows或其它硬件可以随意设置一个 # "管理用户"是资产上的 root, 或拥有 NOPASSWD: ALL sudo 权限的用户, Jumpserver 使用该用户来推送系统用户、获取资产硬件信息等。 Windows或其它硬件可以随意设置一个
# "名称" 不能重复 # "名称" 不能重复
# "ssh私钥" 如果有密码, 请把key的密码填在密码栏上 # "ssh私钥" 如果私钥有密码, 请把key的密码填在密码栏上, 目前仅支持 RSA DSA 格式私钥
.. image:: _static/img/admin_assets_admin-user_create.jpg .. image:: _static/img/admin_assets_admin-user_create.jpg
...@@ -122,6 +122,7 @@ ...@@ -122,6 +122,7 @@
# "自动生成密码"、"自动推送"、"Sudo"等功能需要对应资产的"管理用户"是且有root权限, 否则自动推送失败 # "自动生成密码"、"自动推送"、"Sudo"等功能需要对应资产的"管理用户"是且有root权限, 否则自动推送失败
# ssh 协议的 "Sudo" 栏设定用户的 sudo 权限, # ssh 协议的 "Sudo" 栏设定用户的 sudo 权限,
# ssh 协议如果创建的"系统用户"已在资产上面存在, "推送"将会覆盖掉原用户的"home"目录权限(注: 替换成700权限) # ssh 协议如果创建的"系统用户"已在资产上面存在, "推送"将会覆盖掉原用户的"home"目录权限(注: 替换成700权限)
# ssh 协议的 "ssh私钥" 如果私钥有密码, 请把key的密码填在密码栏上, 目前仅支持 RSA DSA 格式私钥
# 这里简单举几个 "sudo" 设置例子 # 这里简单举几个 "sudo" 设置例子
Sudo /bin/su # 当前系统用户可以免sudo密码执行sudo su命令 Sudo /bin/su # 当前系统用户可以免sudo密码执行sudo su命令
......
docs/setup_by_huaweicloud.rst
View file @ bf87c739
...@@ -57,75 +57,12 @@ ...@@ -57,75 +57,12 @@
&& systemctl restart docker \ && systemctl restart docker \
&& docker pull jumpserver/jms_coco:1.4.9 \ && docker pull jumpserver/jms_coco:1.4.9 \
&& docker pull jumpserver/jms_guacamole:1.4.9 \ && docker pull jumpserver/jms_guacamole:1.4.9 \
&& rm -rf /etc/nginx/conf.d/default.conf && rm -rf /etc/nginx/conf.d/default.conf \
&& curl -o /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf
.. code-block:: shell .. code-block:: shell
$ echo -e "\033[31m 4. 配置nginx \033[0m" \ $ echo -e "\033[31m 4. 处理配置文件 \033[0m" \
&& cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files \$uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$http_connection;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
.. code-block:: shell
$ echo -e "\033[31m 5. 处理配置文件 \033[0m" \
&& if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \ && if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \
&& if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \ && if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \
&& if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \ && if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \
...@@ -135,7 +72,7 @@ ...@@ -135,7 +72,7 @@
.. code-block:: shell .. code-block:: shell
$ echo -e "\033[31m 6. 启动 Jumpserver \033[0m" \ $ echo -e "\033[31m 5. 启动 Jumpserver \033[0m" \
&& systemctl start nginx \ && systemctl start nginx \
&& cd /opt/jumpserver \ && cd /opt/jumpserver \
&& ./jms start all -d \ && ./jms start all -d \
......
docs/setup_by_localcloud.rst
View file @ bf87c739
...@@ -22,7 +22,6 @@ ...@@ -22,7 +22,6 @@
&& yum update -y \ && yum update -y \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& yum -y install kde-l10n-Chinese \ && yum -y install kde-l10n-Chinese \
&& yum -y reinstall glibc-common \
&& localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \ && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
&& export LC_ALL=zh_CN.UTF-8 \ && export LC_ALL=zh_CN.UTF-8 \
&& echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf \ && echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf \
...@@ -53,75 +52,12 @@ ...@@ -53,75 +52,12 @@
&& systemctl restart docker \ && systemctl restart docker \
&& docker pull jumpserver/jms_coco:1.4.9 \ && docker pull jumpserver/jms_coco:1.4.9 \
&& docker pull jumpserver/jms_guacamole:1.4.9 \ && docker pull jumpserver/jms_guacamole:1.4.9 \
&& rm -rf /etc/nginx/conf.d/default.conf && rm -rf /etc/nginx/conf.d/default.conf \
&& curl -o /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf
.. code-block:: shell .. code-block:: shell
$ echo -e "\033[31m 4. 配置nginx \033[0m" \ $ echo -e "\033[31m 4. 处理配置文件 \033[0m" \
&& cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files \$uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$http_connection;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
.. code-block:: shell
$ echo -e "\033[31m 5. 处理配置文件 \033[0m" \
&& if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \ && if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \
&& if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \ && if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \
&& if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \ && if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \
...@@ -131,7 +67,7 @@ ...@@ -131,7 +67,7 @@
.. code-block:: shell .. code-block:: shell
$ echo -e "\033[31m 6. 启动 Jumpserver \033[0m" \ $ echo -e "\033[31m 5. 启动 Jumpserver \033[0m" \
&& systemctl start nginx \ && systemctl start nginx \
&& cd /opt/jumpserver \ && cd /opt/jumpserver \
&& ./jms start all -d \ && ./jms start all -d \
......
docs/setup_by_tencentcloud.rst
View file @ bf87c739
...@@ -52,75 +52,12 @@ ...@@ -52,75 +52,12 @@
&& systemctl restart docker \ && systemctl restart docker \
&& docker pull jumpserver/jms_coco:1.4.9 \ && docker pull jumpserver/jms_coco:1.4.9 \
&& docker pull jumpserver/jms_guacamole:1.4.9 \ && docker pull jumpserver/jms_guacamole:1.4.9 \
&& rm -rf /etc/nginx/conf.d/default.conf && rm -rf /etc/nginx/conf.d/default.conf \
&& curl -o /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf
.. code-block:: shell .. code-block:: shell
$ echo -e "\033[31m 4. 配置nginx \033[0m" \ $ echo -e "\033[31m 4. 处理配置文件 \033[0m" \
&& cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files \$uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$http_connection;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
.. code-block:: shell
$ echo -e "\033[31m 5. 处理配置文件 \033[0m" \
&& if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \ && if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \
&& if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \ && if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \
&& if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \ && if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \
...@@ -130,7 +67,7 @@ ...@@ -130,7 +67,7 @@
.. code-block:: shell .. code-block:: shell
$ echo -e "\033[31m 6. 启动 Jumpserver \033[0m" \ $ echo -e "\033[31m 5. 启动 Jumpserver \033[0m" \
&& systemctl start nginx \ && systemctl start nginx \
&& cd /opt/jumpserver \ && cd /opt/jumpserver \
&& ./jms start all -d \ && ./jms start all -d \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment