概述

前面已经介绍了跳板机中nginx和mariadb搭建部分的教程，下面主要介绍redis和jumpserver部署部分，一起来看看吧~

一、redis部署

1、安装redis服务

yum install -y epel-release #如果之前有epel-release,需移除重新安装，在/etc/yum.repos.d/下产生epel.repo，epel-testing.repo
yum install -y redis
//设置 redis 自启
systemctl enable redis

2、修改redis配置

vi /etc/redis.conf

# bind 127.0.0.1 # 注释这行, 新增如下内容
bind 0.0.0.0
requirepass fswl@1234 # redis 连接密码
maxmemory-policy allkeys-lru # 清理策略, 优先移除最近未使用的key

3、启动redis

systemctl start redis

二、jumpserver部署

1、安装python3.6

yum -y install python36 python36-devel
//配置 py3 虚拟环境
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate

2、下载 Jumpserver

cd /opt
git clone --depth=1 https://github.com/jumpserver/jumpserver.git

3、安装依赖 RPM 包和 Python 库依赖

yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
pip install --upgrade pip setuptools
pip install -r /opt/jumpserver/requirements/requirements.txt

4、修改 jumpserver 配置文件

cd /opt/jumpserver
cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # 生成随机SECRET_KEY
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # 生成随机BOOTSTRAP_TOKEN
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml

查看key和token

(py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
 你的SECRET_KEY是 UOqMW7FoEfOhbvP6Rr0cdgukoCuXITulDkSYxo5nXpwiIN9HrR 
(py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
 你的BOOTSTRAP_TOKEN是 yLzKMF0EaY81GCJk 

vi /opt/jumpserver/config.yml

SECRET_KEY: UOqMW7FoEfOhbvP6Rr0cdgukoCuXITulDkSYxo5nXpwiIN9HrR
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号, 不在使用原来的注册接受机制
BOOTSTRAP_TOKEN: yLzKMF0EaY81GCJk
# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
DEBUG: false
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志级别
LOG_LEVEL: ERROR
# LOG_DIR:
# Session expiration setting, Default 24 hour, Also set expired on on browser close
# 浏览器Session过期时间, 默认24小时, 也可以设置浏览器关闭则过期
# SESSION_COOKIE_AGE: 86400
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# Database setting, Support sqlite3, mysql, postgres ....
# 数据库设置
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# SQLite setting:
# 使用单文件sqlite数据库
# DB_ENGINE: sqlite3
# DB_NAME:
# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: fswl@1234
DB_NAME: jumpserver
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD: fswl@1234

5、修改nginx配置文件

vi /etc/nginx/conf.d/jumpserver.conf

server {
 listen 8000;
 server_name www.jumpserver.org; # 自行修改成你的域名
 return 301 https://$server_name$request_uri;
 client_max_body_size 100m; # 录像上传大小限制
 location /media/ {
 add_header Content-Encoding gzip;
 root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
 }
 location /static/ {
 root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
 }
 location / {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }
}

6、nginx 测试并启动

nginx -t
systemctl start nginx

7、运行 Jumpserver

cd /opt/jumpserver
./jms start all # 后台运行使用 -d 参数./jms start all -d
# 新版本更新了运行脚本, 使用方式./jms start|stop|status all 后台运行请添加 -d 参数

到这里你以为就结束了？不，不，跳板机还要有ssh连接那些工具呢，也就是接下来docker部分的搭建，后面会分享最后jumpserver方面的内容，感兴趣的朋友可以关注一下~