# 一键安装 JumpServer
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.4.0/quick_start.sh | sh
# 下载文件
cd /opt
yum -y install wget git
git clone --depth=1 https://github.com/jumpserver/setuptools.git
cd setuptools
cp config_example.conf config.conf
vi config.conf
# 安装Install
cd /opt/setuptools
./jmsctl.sh install
# 安装koko
---docker
docker run --name jms_koko -d
-p 2222:2222
-p 127.0.0.1:5000:5000
-e CORE_HOST=http://<Jumpserver_url>
-e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN>
-e LOG_LEVEL=ERROR
--restart=always jumpserver/jms_koko:<Tag>
- <Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本
- 例:
docker run --name jms_koko -d
-p 2222:2222
-p 127.0.0.1:5000:5000
-e CORE_HOST=http://192.168.244.144:8080
-e BOOTSTRAP_TOKEN=abcdefg1234
-e LOG_LEVEL=ERROR
--restart=always jumpserver/jms_koko:1.5.8
---编译
cd /opt && \
wget https://github.com/jumpserver/koko/releases/download/v2.3.2/koko-v2.3.2-linux-amd64.tar.gz
tar -xf koko-v2.3.2-linux-amd64.tar.gz && mv koko-v2.3.2-linux-amd64 koko && chown -R root:root koko && \
cd koko && mv kubectl /usr/local/bin/ && wget https://download.jumpserver.org/public/kubectl.tar.gz && \
tar -xf kubectl.tar.gz && chmod 755 kubectl && mv kubectl /usr/local/bin/rawkubectl && rm -rf kubectl.tar.gz \
cp config_example.yml config.yml && \
vi config.yml #BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致
./koko -d
# 部署 Guacamole 组件安装对应的依赖包
yum install -y cairo-devel libjpeg-turbo-devel libpng-devel libtool uuid-devel ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
-没有安装docker,请先安装docker
docker run --name jms_guacamole -d \
-p 127.0.0.1:8081:8080 \
-e JUMPSERVER_SERVER=http://192.168.244.144:8080 \
-e BOOTSTRAP_TOKEN=abcdefg1234 \
-e GUACAMOLE_LOG_LEVEL=ERROR \
jumpserver/jms_guacamole:v2.4.0
-vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}nginx -t
nginx -s reload
-服务全部启动后, 访问 jumpserver 服务器 nginx 代理的 80 端口, 不要通过8080端口访问
-默认账号: admin 密码: admin
# 升级
cd /opt/setuptools
git pull
./jmsctl.sh upgrade
# 重启
./jmsctl.sh restart
