安装koko(原coco)
下载&解压
cd ~/tarball/ wget https://github.com/jumpserver/koko/releases/download/1.5.9/koko-master-linux-amd64.tar.gz tar zxf koko-master-linux-amd64.tar.gz -C /opt/ chown -R root.root /opt/kokodir
编辑配置文件
cd /opt/kokodir/ cp config_example.yml config.yml sed -i "s/BOOTSTRAP_TOKEN:.*/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/kokodir/config.yml sed -i 's/# REDIS_HOST/REDIS_HOST/' /opt/kokodir/config.yml sed -i 's/# REDIS_PORT/REDIS_PORT/' /opt/kokodir/config.yml
启动
./koko -d
安装guacamole
下载&解压
cd ~/tarball/ wget https://github.com/jumpserver/docker-guacamole/archive/1.5.9.tar.gz -O docker-guacamole-1.5.9.tar.gz tar zxf docker-guacamole-1.5.9.tar.gz -C /opt/ mv /opt/docker-guacamole-1.5.9/ /opt/docker-guacamole cd /opt/docker-guacamole/ tar zxf guacamole-server-1.0.0.tar.gz tar zxf ssh-forward.tar.gz mv ssh-forward /bin/
安装依赖
yum install -y cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel ffmpeg-devel
配置JAVA环境
tar zxf jdk-8u241-linux-x64.tar.gz -C /usr/local/ echo 'export JAVA_HOME=/usr/local/jdk1.8.0_241' > /etc/profile.d/java.sh echo 'export PATH=$JAVA_HOME/bin:$PATH' >> /etc/profile.d/java.sh source /etc/profile.d/java.sh java -version
编译安装server
cd /opt/docker-guacamole/guacamole-server-1.0.0/ autoreconf -fi ./configure --with-systemd-dir=/usr/lib/systemd/system/ make make install
创建配置目录
mkdir -p /opt/guacamole/{extensions,record,drive}
chown daemon:daemon /opt/guacamole/{record,drive}
配置tomcat
cd ~/tarball/ tar zxf apache-tomcat-9.0.35.tar.gz -C /opt/ mv /opt/apache-tomcat-9.0.35/ /opt/guacamole/tomcat9 cd /opt/guacamole/tomcat9/ rm -rf webapps/* sed -i 's/Connector port="8080"/Connector port="8081"/g' conf/server.xml echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> conf/logging.properties cp /opt/docker-guacamole/guacamole-1.0.0.war webapps/ cp /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar webapps/ cp /opt/docker-guacamole/root/app/guacamole/guacamole.properties /opt/guacamole/
设置环境
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc echo "export JUMPSERVER_KEY_DIR=/opt/guacamole/keys" >> ~/.bashrc echo "export GUACAMOLE_HOME=/opt/guacamole" >> ~/.bashrc echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
变量说明:
- JUMPSERVER_SERVER 指 core 访问地址
- BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
- JUMPSERVER_KEY_DIR 认证成功后 key 存放目录
- GUACAMOLE_HOME 为properties 配置文件所在目录
- GUACAMOLE_LOG_LEVEL 为生成日志的等级
- JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘
启动guacamole
systemctl enable guacd.service systemctl start guacd.service /opt/guacamole/tomcat9/bin/startup.sh
安装luna
下载&解压
cd ~/tarball/ https://github.com/jumpserver/luna/releases/download/1.5.9/luna.tar.gz tar zxf luna.tar.gz -C /opt/
安装Nginx
wget https://nginx.org/download/nginx-1.18.0.tar.gz groupadd -g 211 ngx useradd -g ngx -u 211 -s /sbin/nologin -c "Nginx Server" -M ngx tar zxf nginx-1.18.0.tar.gz -C /usr/local/src/ cd /usr/local/src/nginx-1.18.0 ./configure --prefix=/data/nginx --user=ngx --group=ngx --with-threads --with-http_realip_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_slice_module --with-cc-opt="-I/usr/local/openssl/include" --with-ld-opt="-L/usr/local/openssl/lib" make -j `cat /proc/cpuinfo | grep processor | wc -l` && make install cd /data/nginx sed -i '1s/^$/# Nginx Main Configure File./' conf/nginx.conf sed -i '2s/^#//' conf/nginx.conf sed -i '2s/nobody/ngx/' conf/nginx.conf sed -i '35,116d' conf/nginx.conf sed -i '$ i \ \ \ \ include vhosts/*.conf;' conf/nginx.conf mkdir conf/vhosts chown -R ngx.ngx /opt/luna vim /usr/lib/systemd/system/nginx.service
# systemd service file for Nginx server [Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network.target remote-fs.target nss-lookup.target [Install] WantedBy=multi-user.target [Service] Type=forking PIDFile=/data/nginx/logs/nginx.pid ExecStartPre=/data/nginx/sbin/nginx -t ExecStart=/data/nginx/sbin/nginx ExecReload=/data/nginx/sbin/nginx -t ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true
systemctl start nginx systemctl enable nginx
整合Nginx站点
vim /data/nginx/conf/vhosts/jump.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
systemctl reload nginx systemctl status nginx
安装完访问
直接访问主机Nginx80端口即可,默认用户名密码都是admin:
后续使用可参考官方文档。
页码: 1 2