官方教程版 CentOS7安装Jumpserver堡垒机( 三 )

【官方教程版 CentOS7安装Jumpserver堡垒机】5.4 配置环境变量
# 勿多次执行以下环境设置$ export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN$ export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN$ echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc$ export JUMPSERVER_KEY_DIR=/config/guacamole/keys$ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc$ export GUACAMOLE_HOME=/config/guacamole$ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc5.5 启动 Guacamole
$ systemctl start guacd$ sh /config/tomcat9/bin/startup.sh六. 配置 Nginx 整合各组件6.1 安装 Nginx
$ yum install yum-utils$ vi /etc/yum.repos.d/nginx.repo[nginx-stable]name=nginx stable repobaseurl=http://nginx.org/packages/centos/$releasever/$basearch/gpgcheck=1enabled=1gpgkey=https://nginx.org/keys/nginx_signing.key$ yum makecache fast$ yum install -y nginx$ rm -rf /etc/nginx/conf.d/default.conf$ systemctl enable nginx6.2 准备配置文件 修改 /etc/nginx/conf.d/jumpserver.conf
$ vi /etc/nginx/conf.d/jumpserver.confserver { listen 80; # 代理端口, 以后将通过此端口进行访问, 不再通过8080端口 # server_name demo.jumpserver.org; # 修改成你的域名或者注释掉 client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器, 请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器, 请填写它的ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器, 请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}6.3 运行 Nginx
nginx -t # 确保配置没有问题, 有问题请先解决# CentOS 7$ systemctl start nginx$ systemctl enable nginx6.4 开始使用 Jumpserver
检查应用是否已经正常运行
服务全部启动后, 访问 http://192.168.244.144, 访问nginx代理的端口, 不要再通过8080端口访问
默认账号: admin 密码: admin
到Jumpserver 会话管理-终端管理 检查 Coco Guacamole 等应用的注册 。
测试连接如果登录客户端是 macOS 或 Linux, 登录语法如下$ ssh -p2222 admin@192.168.244.144$ sftp -P2222 admin@192.168.244.144密码: admin如果登录客户端是 Windows, Xshell Terminal 登录语法如下$ ssh admin@192.168.244.144 2222$ sftp admin@192.168.244.144 2222密码: admin如果能登陆代表部署成功# sftp默认上传的位置在资产的 /tmp 目录下# windows拖拽上传的位置在资产的 Guacamole RDP上的 G 目录下以上具体可参考官方文档:https://jumpserver.readthedocs.io/zh/master/setup_by_centos.html




推荐阅读