Merge pull request #2002 from wojiushixiaobai/docs

[Update]更新文档

Merge pull request #2002 from wojiushixiaobai/docs
[Update]更新文档
f62f4c46 · wojiushixiaobai · GitHub · 5da57575 · 86645920 · f62f4c46
Unverified Commit f62f4c46 authored Nov 07, 2018 by wojiushixiaobai Committed by GitHub Nov 07, 2018
10 changed files
--- a/docs/admin_session.rst
+++ b/docs/admin_session.rst
@@ -74,7 +74,12 @@ Web 终端是资产使用界面，管理员和用户都是从这里登录到资

 .. image:: _static/img/admin_web_terminal.jpg

-五、终端管理
+五、文件管理
+```````````````````````
+
+文件管理允许对 SSH 协议资产进行文件上传下载创建删除操作（不支持上传文件夹），目前也不支持系统用户是手动登录的资产
+
+六、终端管理
 ```````````````````````

 终端列表页面列出了 Jumpserver 正在使用的终端有哪些，例如：Coco、Gua 等。终端第一次使用，会首先向 Jumpserver 发送请求注册，在 Jumpserver 中接受注册后就可以正常使用该终端了。

--- a/docs/distributed_01.rst
+++ b/docs/distributed_01.rst
@@ -11,9 +11,10 @@

 -  系统: CentOS 7
 -  数据库 IP: 192.168.100.10
-  Jumpserver IP: 192.168.100.11
-  Coco IP: 192.168.100.12
-  Guacamole IP: 192.168.100.13
+-  Redis ip: 192.168.100.20
+-  Jumpserver IP: 192.168.100.30
+-  Coco IP: 192.168.100.40
+-  Guacamole IP: 192.168.100.50
 -  Nginx 代理 IP: 192.168.100.100



--- a/docs/distributed_02.rst
+++ b/docs/distributed_02.rst
@@ -21,7 +21,7 @@
    $ yum upgrade -y

    # 获取 epel-release 源
-    $ yum -y install epel-release vim
+    $ yum -y install epel-release

    # 设置防火墙，开放 80 443 2222 端口
    $ firewall-cmd --zone=public --add-port=80/tcp --permanent
@@ -31,11 +31,12 @@

    # 设置 http 访问权限
    $ setsebool -P httpd_can_network_connect 1
+    $ semanage port -a -t http_port_t -p tcp 2222

 ::

    # 安装 nginx
-    $ vim /etc/yum.repos.d/nginx.repo
+    $ vi /etc/yum.repos.d/nginx.repo

    [nginx]
    name=nginx repo
@@ -59,7 +60,7 @@
 ::

    # 配置 Nginx
-    $ vim /etc/nginx/nginx.conf
+    $ vi /etc/nginx/nginx.conf

    user  nginx;
    worker_processes  auto;
@@ -82,8 +83,8 @@
        open_log_file_cache off;

        upstream cocossh {
-            server 192.168.100.12:2222 weight=1;
-            server 192.168.100.12:2223 weight=1;  # 多节点
+            server 192.168.100.40:2222 weight=1;
+            server 192.168.100.40:2223 weight=1;  # 多节点
            # 这里是 coco ssh 的后端ip
            least_conn;
        }
@@ -121,23 +122,23 @@
    # 备份默认的配置文件
    $ mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.bak

-    $ vim /etc/nginx/conf.d/jumpserver.conf
+    $ vi /etc/nginx/conf.d/jumpserver.conf

    upstream jumpserver {
-        server 192.168.100.11:80;
+        server 192.168.100.30:80;
        # 这里是 jumpserver 的后端ip
    }

    upstream cocows {
-        server 192.168.100.12:5000 weight=1;
-        server 192.168.100.12:5001 weight=1;  # 多节点
+        server 192.168.100.40:5000 weight=1;
+        server 192.168.100.40:5001 weight=1;  # 多节点
        # 这里是 coco ws 的后端ip
        ip_hash;
    }

    upstream guacamole {
-        server 192.168.100.13:8081 weight=1;
-        server 192.168.100.13:8082 weight=1;  # 多节点
+        server 192.168.100.50:8081 weight=1;
+        server 192.168.100.50:8082 weight=1;  # 多节点
        # 这里是 guacamole 的后端ip
        ip_hash;
    }

--- a/docs/distributed_03.rst
+++ b/docs/distributed_03.rst
@@ -25,7 +25,7 @@
    $ yum install -y install mariadb mariadb-devel mariadb-server

    # 设置防火墙，开放 3306 端口 给 jumpserver 访问
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="3306" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="3306" accept"
    $ firewall-cmd --reload

    # 设置 mariadb 服务
@@ -35,10 +35,10 @@
    # 推荐使用该命令进行一些安全设置（可跳过）
    $ mysql_secure_installation

-    # 创建数据库及授权，192.168.100.11 是 jumpserver 服务器的 ip
+    # 创建数据库及授权，192.168.100.30 是 jumpserver 服务器的 ip
    $ mysql -uroot
    > create database jumpserver default charset 'utf8';
-    > grant all on jumpserver.* to 'jumpserver'@'192.168.100.11' identified by 'weakPassword';
+    > grant all on jumpserver.* to 'jumpserver'@'192.168.100.30' identified by 'weakPassword';
    > flush privileges;
    > quit


--- a/docs/distributed_04.rst
+++ b/docs/distributed_04.rst
-分布式部署文档 - jumpserver 部署
+分布式部署文档 - redis 部署
 ----------------------------------------------------

 说明
@@ -10,7 +10,7 @@
 ~~~~~~~

 -  系统: CentOS 7
-  IP: 192.168.100.11
+-  IP: 192.168.100.20

 开始安装
 ~~~~~~~~~~~~
@@ -20,181 +20,30 @@
    # 升级系统
    $ yum upgrade -y

-    # 安装依赖包
-    $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
+    # 安装 redis 服务
+    $ yum install -y install epel-release
+    $ yum install -y redis

-    # 设置防火墙，开放 80 端口给 nginx 访问，开放 8080 端口给 coco 和 guacamole 访问
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="80" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.12" port protocol="tcp" port="8080" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.13" port protocol="tcp" port="8080" accept"
+    # 设置防火墙，开放 6379 端口 给 jumpserver 访问
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="6379" accept"
    $ firewall-cmd --reload

-    # 安装 redis
-    $ yum -y install redis
+    # 设置 mariadb 自启
    $ systemctl enable redis
-    $ systemctl start redis

-    # 安装 nginx
-    $ yum -y install nginx
-    $ systemctl enable nginx
+    # 修改 redis 配置文件
+    $ vi /etc/redis.conf

-    # 安装 Python3.6
-    $ yum -y install python36 python36-devel
+    ...

-    # 配置 py3 虚拟环境
-    $ python3.6 -m venv /opt/py3
-    $ source /opt/py3/bin/activate
+    # bind 127.0.0.1  # 注释这行，新增如下内容
+    bind 0.0.0.0
+    requirepass weakPassword  # redis 连接密码
+    maxmemory-policy allkeys-lr  # 清理策略，优先移除最近未使用的key

-    # 下载 Jumpserver
-    $ git clone https://github.com/jumpserver/jumpserver.git
+    ...

-    # 安装依赖 RPM 包
-    $ yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
+    # 启动 redis
+    $ systemctl start mariadb

-    # 安装 Python 库依赖
-    $ pip install --upgrade pip && pip install -r /opt/jumpserver/requirements/requirements.txt
-
-    # 修改 jumpserver 配置文件
-    $ cd /opt/jumpserver
-    $ cp config_example.py config.py
-    $ vi config.py
-
-    # 注意对齐，不要直接复制本文档的内容，实际内容以文件为准，本文仅供参考
-
-**注意: 配置文件是 Python 格式，不要用 TAB，而要用空格**
-
-::
-
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
-
-        Jumpserver project setting file
-
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        # Use it to encrypt or decrypt data
-
-        # Jumpserver 使用 SECRET_KEY 进行加密，请务必修改以下设置
-        # SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-        SECRET_KEY = '请随意输入随机字符串（推荐字符大于等于 50位）'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
-
-        # DEBUG 模式 True为开启 False为关闭，默认开启，生产环境推荐关闭
-        # 注意：如果设置了DEBUG = False，访问8080端口页面会显示不正常，需要搭建 nginx 代理才可以正常访问
-        DEBUG = os.environ.get("DEBUG") or False
-
-        # 日志级别，默认为DEBUG，可调整为INFO, WARNING, ERROR, CRITICAL，默认INFO
-        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
-
-        # 使用的数据库配置，支持sqlite3, mysql, postgres等，默认使用sqlite3
-        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-        # 默认使用SQLite3，如果使用其他数据库请注释下面两行
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-
-        # 如果需要使用mysql或postgres，请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)
-        DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
-        DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
-        DB_PORT = os.environ.get("DB_PORT") or 3306
-        DB_USER = os.environ.get("DB_USER") or 'jumpserver'
-        DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
-        DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
-
-        # Django 监听的ip和端口
-        # ./manage.py runserver 127.0.0.1:8080
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
-
-        # Redis 相关设置
-        REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
-        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
-        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
-        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
-        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
-
-::
-
-    # 设置防火墙，开启 80 端口
-    $ firewall-cmd --zone=public --add-port=80/tcp --permanent
-    $ firewall-cmd --reload
-
-    # 设置 http 访问权限
-    $ setsebool -P httpd_can_network_connect 1
-
-    # 修改 nginx 配置文件（如果无法正常访问，请注释掉 nginx.conf 的 server 所有字段）
-    $ vim /etc/nginx/conf.d/jumpserver.conf
-
-    server {
-        listen 80;
-
-        client_max_body_size 100m;  # 录像上传大小限制
-
-        location /media/ {
-            add_header Content-Encoding gzip;
-            root /opt/jumpserver/data/;  # 录像位置，如果修改安装目录，此处需要修改
-        }
-
-        location /static/ {
-            root /opt/jumpserver/data/;  # 静态资源，如果修改安装目录，此处需要修改
-        }
-
-        location / {
-            proxy_pass http://localhost:8080;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-    }
-
-::
-
-    # nginx 测试并启动，如果报错请按报错提示自行解决
-    $ nginx -t
-    $ systemctl start nginx
-
-    # 生成数据库表结构和初始化数据
-    $ cd /opt/jumpserver/utils
-    $ bash make_migrations.sh
-
-    # 运行 Jumpserver
-    $ cd /opt/jumpserver
-    $ ./jms start all  # 后台运行使用 -d 参数./jms start all -d
-    # 新版本更新了运行脚本，使用方式./jms start|stop|status all  后台运行请添加 -d 参数
-
-    # 访问 http://192.168.100.11 默认账号: admin 密码: admin
-
-    # 多节点部署，请参考此文档，设置数据库时请选择从库，其他的一样
+    # redis 的主从设置请参考其官方，之后会补上
--- a/docs/distributed_05.rst
+++ b/docs/distributed_05.rst
-分布式部署文档 - coco 部署
+分布式部署文档 - jumpserver 部署
 ----------------------------------------------------

 说明
@@ -10,7 +10,7 @@
 ~~~~~~~

 -  系统: CentOS 7
-  IP: 192.168.100.12
+-  IP: 192.168.100.30

 开始安装
 ~~~~~~~~~~~~
@@ -23,46 +23,166 @@
    # 安装依赖包
    $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

-    # 设置防火墙，开放 2222 5000 端口 给 nginx 和 jumpserver 访问
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="2222" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="2222" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="5000" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="5000" accept"
+    # 设置防火墙，开放 80 端口给 nginx 访问，开放 8080 端口给 coco 和 guacamole 访问
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="80" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.40" port protocol="tcp" port="8080" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.50" port protocol="tcp" port="8080" accept"
    $ firewall-cmd --reload

-    # 安装 docker
-    $ yum install -y yum-utils device-mapper-persistent-data lvm2
-    $ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-    $ yum makecache fast
-    $ yum -y install docker-ce
-    $ systemctl start docker
-    $ systemctl enable docker
+    # 安装 nginx
+    $ yum -y install nginx
+    $ systemctl enable nginx

-    # 通过 docker 部署
-    $ docker run --name jms_coco -d \
-        -p 2222:2222 \
-        -p 5000:5000 \
-        -e CORE_HOST=http://192.168.100.11:8080 \
-        wojiushixiaobai/coco:1.4.3
+    # 安装 Python3.6
+    $ yum -y install python36 python36-devel

-    # 访问 http://192.168.100.100/terminal/terminal/ 接受 coco 注册
+    # 配置 py3 虚拟环境
+    $ python3.6 -m venv /opt/py3
+    $ source /opt/py3/bin/activate

+    # 下载 Jumpserver
+    $ git clone https://github.com/jumpserver/jumpserver.git

-多节点部署
-~~~~~~~~~~~~~~~~~~
+    # 安装依赖 RPM 包
+    $ yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
+
+    # 安装 Python 库依赖
+    $ pip install --upgrade pip && pip install -r /opt/jumpserver/requirements/requirements.txt
+
+    # 修改 jumpserver 配置文件
+    $ cd /opt/jumpserver
+    $ cp config_example.py config.py
+    $ vi config.py
+
+    # 注意对齐，不要直接复制本文档的内容，实际内容以文件为准，本文仅供参考
+
+**注意: 配置文件是 Python 格式，不要用 TAB，而要用空格**

 ::

-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="2223" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="2223" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="5001" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="5001" accept"
-    $ firewall-cmd --reload
+    """
+        jumpserver.config
+        ~~~~~~~~~~~~~~~~~
+
+        Jumpserver project setting file
+
+        :copyright: (c) 2014-2017 by Jumpserver Team
+        :license: GPL v2, see LICENSE for more details.
+    """
+    import os
+
+    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+
+
+    class Config:
+        # Use it to encrypt or decrypt data
+
+        # Jumpserver 使用 SECRET_KEY 进行加密，请务必修改以下设置
+        # SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+        SECRET_KEY = '请随意输入随机字符串（推荐字符大于等于 50位）'
+
+        # Django security setting, if your disable debug model, you should setting that
+        ALLOWED_HOSTS = ['*']
+
+        # DEBUG 模式 True为开启 False为关闭，默认开启，生产环境推荐关闭
+        # 注意：如果设置了DEBUG = False，访问8080端口页面会显示不正常，需要搭建 nginx 代理才可以正常访问
+        DEBUG = os.environ.get("DEBUG") or False
+
+        # 日志级别，默认为DEBUG，可调整为INFO, WARNING, ERROR, CRITICAL，默认INFO
+        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
+        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+
+        # 使用的数据库配置，支持sqlite3, mysql, postgres等，默认使用sqlite3
+        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+        # 默认使用SQLite3，如果使用其他数据库请注释下面两行
+        # DB_ENGINE = 'sqlite3'
+        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+
+        # 如果需要使用mysql或postgres，请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)
+        DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
+        DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
+        DB_PORT = os.environ.get("DB_PORT") or 3306
+        DB_USER = os.environ.get("DB_USER") or 'jumpserver'
+        DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
+        DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
+
+        # Django 监听的ip和端口
+        # ./manage.py runserver 127.0.0.1:8080
+        HTTP_BIND_HOST = '0.0.0.0'
+        HTTP_LISTEN_PORT = 8080
+
+        # Redis 相关设置
+        REDIS_HOST = os.environ.get("REDIS_HOST") or '192.168.100.20'
+        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
+        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or 'weakPassword'
+        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
+        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
+
+        def __init__(self):
+            pass
+
+        def __getattr__(self, item):
+            return None
+
+
+    class DevelopmentConfig(Config):
+        pass
+
+
+    class TestConfig(Config):
+        pass
+
+
+    class ProductionConfig(Config):
+        pass
+
+
+    # Default using Config settings, you can write if/else for different env
+    config = DevelopmentConfig()
+
+::
+
+    # 修改 nginx 配置文件（如果无法正常访问，请注释掉 nginx.conf 的 server 所有字段）
+    $ vim /etc/nginx/conf.d/jumpserver.conf
+
+    server {
+        listen 80;
+
+        client_max_body_size 100m;  # 录像上传大小限制
+
+        location /media/ {
+            add_header Content-Encoding gzip;
+            root /opt/jumpserver/data/;  # 录像位置，如果修改安装目录，此处需要修改
+        }
+
+        location /static/ {
+            root /opt/jumpserver/data/;  # 静态资源，如果修改安装目录，此处需要修改
+        }
+
+        location / {
+            proxy_pass http://localhost:8080;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+
+::
+
+    # nginx 测试并启动，如果报错请按报错提示自行解决
+    $ nginx -t
+    $ systemctl start nginx
+
+    # 生成数据库表结构和初始化数据
+    $ cd /opt/jumpserver/utils
+    $ bash make_migrations.sh
+
+    # 运行 Jumpserver
+    $ cd /opt/jumpserver
+    $ ./jms start all  # 后台运行使用 -d 参数./jms start all -d
+    # 新版本更新了运行脚本，使用方式./jms start|stop|status all  后台运行请添加 -d 参数

-    $ docker run --name jms_coco1 -d \
-        -p 2223:2222 \
-        -p 5001:5000 \
-        -e CORE_HOST=http://192.168.100.11:8080 \
-        wojiushixiaobai/coco:1.4.3
+    # 访问 http://192.168.100.30 默认账号: admin 密码: admin

-    # 访问 http://192.168.100.100/terminal/terminal/ 接受 coco 注册
+    # 多节点部署，请参考此文档，设置数据库时请选择从库，其他的一样
--- a/docs/distributed_06.rst
+++ b/docs/distributed_06.rst
-分布式部署文档 - guacamole 部署
+分布式部署文档 - coco 部署
 ----------------------------------------------------

 说明
@@ -10,7 +10,7 @@
 ~~~~~~~

 -  系统: CentOS 7
-  IP: 192.168.100.13
+-  IP: 192.168.100.40

 开始安装
 ~~~~~~~~~~~~
@@ -21,15 +21,17 @@
    $ yum upgrade -y

    # 安装依赖包
-    $ yum install -y yum-utils device-mapper-persistent-data lvm2
+    $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

-    # 设置防火墙，开放 8081 端口 给 nginx 和 jumpserver 访问
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="8081" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="8081" accept"
+    # 设置防火墙，开放 2222 5000 端口 给 nginx 和 jumpserver 访问
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="2222" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="2222" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="5000" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="5000" accept"
    $ firewall-cmd --reload

    # 安装 docker
-    $ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
+    $ yum install -y yum-utils device-mapper-persistent-data lvm2
    $ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    $ yum makecache fast
    $ yum -y install docker-ce
@@ -37,13 +39,13 @@
    $ systemctl enable docker

    # 通过 docker 部署
-    $ docker run --name jms_guacamole -d \
-        -p 8081:8081 \
-        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-        -e JUMPSERVER_SERVER=http://192.168.100.11:8080 \
-        wojiushixiaobai/guacamole:1.4.3
+    $ docker run --name jms_coco -d \
+        -p 2222:2222 \
+        -p 5000:5000 \
+        -e CORE_HOST=http://192.168.100.30:8080 \
+        wojiushixiaobai/coco:1.4.3

-    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
+    # 访问 http://192.168.100.100/terminal/terminal/ 接受 coco 注册


 多节点部署
@@ -51,13 +53,16 @@

 ::

-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.11" port protocol="tcp" port="8082" accept"
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="8082" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="2223" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="2223" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="5001" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="5001" accept"
    $ firewall-cmd --reload
-    $ docker run --name jms_guacamole1 -d \
-        -p 8082:8081 \
-        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-        -e JUMPSERVER_SERVER=http://192.168.100.11:8080 \
-        wojiushixiaobai/guacamole:1.4.3

-    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
+    $ docker run --name jms_coco1 -d \
+        -p 2223:2222 \
+        -p 5001:5000 \
+        -e CORE_HOST=http://192.168.100.30:8080 \
+        wojiushixiaobai/coco:1.4.3
+
+    # 访问 http://192.168.100.100/terminal/terminal/ 接受 coco 注册
--- a/docs/distributed_07.rst
+++ b/docs/distributed_07.rst
+分布式部署文档 - guacamole 部署
+----------------------------------------------------
+
+说明
+~~~~~~~
+-  # 开头的行表示注释
+-  $ 开头的行表示需要执行的命令
+
+环境
+~~~~~~~
+
+-  系统: CentOS 7
+-  IP: 192.168.100.50
+
+开始安装
+~~~~~~~~~~~~
+
+::
+
+    # 升级系统
+    $ yum upgrade -y
+
+    # 安装依赖包
+    $ yum install -y yum-utils device-mapper-persistent-data lvm2
+
+    # 设置防火墙，开放 8081 端口 给 nginx 和 jumpserver 访问
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="8081" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="8081" accept"
+    $ firewall-cmd --reload
+
+    # 安装 docker
+    $ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
+    $ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
+    $ yum makecache fast
+    $ yum -y install docker-ce
+    $ systemctl start docker
+    $ systemctl enable docker
+
+    # 通过 docker 部署
+    $ docker run --name jms_guacamole -d \
+        -p 8081:8081 \
+        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
+        -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
+        wojiushixiaobai/guacamole:1.4.3
+
+    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
+
+
+多节点部署
+~~~~~~~~~~~~~~~~~~
+
+::
+
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="8082" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.100" port protocol="tcp" port="8082" accept"
+    $ firewall-cmd --reload
+    $ docker run --name jms_guacamole1 -d \
+        -p 8082:8081 \
+        -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
+        -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
+        wojiushixiaobai/guacamole:1.4.3
+
+    # 访问 http://192.168.100.100/terminal/terminal/ 接受 guacamole 注册
--- a/docs/quickinstall.rst
+++ b/docs/quickinstall.rst
@@ -33,6 +33,7 @@
   环境说明 <distributed_01.rst>
   nginx 代理部署 <distributed_02.rst>
   数据库 部署 <distributed_03.rst>
-   jumpserver 部署 <distributed_04.rst>
-   coco 部署 <distributed_05.rst>
-   guacamole 部署 <distributed_06.rst>
+   redis 部署 <distributed_04.rst>
+   jumpserver 部署 <distributed_05.rst>
+   coco 部署 <distributed_06.rst>
+   guacamole 部署 <distributed_07.rst>
--- a/docs/upgrade.rst
+++ b/docs/upgrade.rst
@@ -62,7 +62,7 @@
    ...

    location /socket.io/ {
-        ... 原内容
+        ... 原来的内容，请参考安装文档 nginx 部分
    }

    # 加入下面内容
@@ -76,7 +76,7 @@
    # 到此结束

    location /guacamole/ {
-        ... 原内容
+        ... 原来的内容，请参考安装文档 nginx 部分
    }

    ...