Jumpserver 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统
一、安装
环境要求
- 硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
- 操作系统: Linux 发行版 x86_64
- Python = 3.6.x
- Mysql Server ≥ 5.6
- Mariadb Server ≥ 5.5.56
- Redis
安装步骤
1、安装Python3.6 Mysql Redis
# 自行下载以上环境要求的版本
2、创建,载入虚拟环境
$ python3.6 -m venv py3
$ source /opt/py3/bin/activate
3、安装 Jumpserver
# 下载 Jumpserver 源代码
$ cd /opt
$ git clone --depth=1 https://github.com/jumpserver/jumpserver.git
# 安装依赖
$ cd /opt/jumpserver/requirements
yum -y install $(cat rpm_requirements.txt)
# 修改配置文件
$ cd /opt/jumpserver
$ cp config_example.yml config.yml
$ vim config.yml
# 运行 Jumpserver
$ cd /opt/jumpserver
$ ./jms start
4、安装 koko
$ cd /opt
# 访问 https://github.com/jumpserver/koko/releases 下载对应 release 包并解压到 /opt目录
$ wget https://github.com/jumpserver/koko/releases/download/1.5.6/koko-master-linux-amd64.tar.gz
$ tar xf koko-master-linux-amd64.tar.gz
$ chown -R root:root kokodir
$ cd kokodir
$ cp config_example.yml config.yml
$ vim config.yml
# BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致
$ ./koko
5、docker 安装 guacamole
$ docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> wojiushixiaobai/jms_guacamole:<Tag>
# <Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本
# 例: docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 wojiushixiaobai/jms_guacamole:1.5.6
6、下载 luna 组件
$ cd /opt
# 访问 https://github.com/jumpserver/luna/releases 获取
$ wget https://github.com/jumpserver/luna/releases/download/1.5.6/luna.tar.gz
$ tar xf luna.tar.gz
$ chown -R root:root luna
7、安装 nginx
# 参考 http://nginx.org/en/linux_packages.html 文档安装最新的稳定版 nginx
$ rm -rf /etc/nginx/conf.d/default.conf
$ vim /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 重启 nginx
$ nginx -t
$ nginx -s reload
8、使用 Jumpserver
# 检查应用是否已经正常运行
# 服务全部启动后, 访问 jumpserver 服务器 nginx 代理的 80 端口, 不要通过8080端口访问
# 默认账号: admin 密码: admin
二、功能截图
1、仪表盘
2、资产列表
3、终端管理
3.1、Web 终端
3.2 文件管理
4、审计管理
三、参考链接
1、Jumpserver 测试地址
http://134.175.107.119/auth/login/?next=/
2、官网链接
http://www.jumpserver.org/
3、安装文档
https://docs.jumpserver.org/zh/docs/snapshot.html
4、GitHub 地址
https://github.com/jumpserver/jumpserver