Jumpserver 是全球首款完全開源的堡壘機, 使用 GNU GPL v2.0 開源協議, 是符合 4A 的專業運維審計系統
一、安裝
環境要求
- 硬件配置: 2個CPU核心, 4G 內存, 50G 硬盤(最低)
- 操作系統: Linux 發行版 x86_64
- Python = 3.6.x
- Mysql Server ≥ 5.6
- Mariadb Server ≥ 5.5.56
- Redis
安裝步驟
1、安裝Python3.6 Mysql Redis
# 自行下載以上環境要求的版本
2、創建,載入虛擬環境
$ python3.6 -m venv py3
$ source /opt/py3/bin/activate
3、安裝 Jumpserver
# 下載 Jumpserver 源代碼
$ cd /opt
$ git clone --depth=1 https://github.com/jumpserver/jumpserver.git
# 安裝依賴
$ cd /opt/jumpserver/requirements
yum -y install $(cat rpm_requirements.txt)
# 修改配置文件
$ cd /opt/jumpserver
$ cp config_example.yml config.yml
$ vim config.yml
# 運行 Jumpserver
$ cd /opt/jumpserver
$ ./jms start
4、安裝 koko
$ cd /opt
# 訪問 https://github.com/jumpserver/koko/releases 下載對應 release 包並解壓到 /opt目錄
$ wget https://github.com/jumpserver/koko/releases/download/1.5.6/koko-master-linux-amd64.tar.gz
$ tar xf koko-master-linux-amd64.tar.gz
$ chown -R root:root kokodir
$ cd kokodir
$ cp config_example.yml config.yml
$ vim config.yml
# BOOTSTRAP_TOKEN 需要從 jumpserver/config.yml 裏面獲取, 保證一致
$ ./koko
5、docker 安裝 guacamole
$ docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> wojiushixiaobai/jms_guacamole:<Tag>
# <Jumpserver_url> 爲 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要從 jumpserver/config.yml 裏面獲取, 保證一致, <Tag> 是版本
# 例: docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 wojiushixiaobai/jms_guacamole:1.5.6
6、下載 luna 組件
$ cd /opt
# 訪問 https://github.com/jumpserver/luna/releases 獲取
$ wget https://github.com/jumpserver/luna/releases/download/1.5.6/luna.tar.gz
$ tar xf luna.tar.gz
$ chown -R root:root luna
7、安裝 nginx
# 參考 http://nginx.org/en/linux_packages.html 文檔安裝最新的穩定版 nginx
$ rm -rf /etc/nginx/conf.d/default.conf
$ vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 錄像及文件上傳大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝目錄, 此處需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 靜態資源, 如果修改安裝目錄, 此處需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 重啓 nginx
$ nginx -t
$ nginx -s reload
8、使用 Jumpserver
# 檢查應用是否已經正常運行
# 服務全部啓動後, 訪問 jumpserver 服務器 nginx 代理的 80 端口, 不要通過8080端口訪問
# 默認賬號: admin 密碼: admin
二、功能截圖
1、儀表盤
2、資產列表
3、終端管理
3.1、Web 終端
3.2 文件管理
4、審計管理
三、參考鏈接
1、Jumpserver 測試地址
http://134.175.107.119/auth/login/?next=/
2、官網鏈接
http://www.jumpserver.org/
3、安裝文檔
https://docs.jumpserver.org/zh/docs/snapshot.html
4、GitHub 地址
https://github.com/jumpserver/jumpserver