CentOS 7.x installation open source fort machine Jumpserver

Environment

  Virtual machine system: centos 7

  IP:192.168.168.8
  Directory: /opt
  Proxy: nginx
  Database: mysql version is greater than or equal to 5.6 mariadb version is greater than or equal to 5.5.6

Update yum
  yum update -y

Turn off firewall and selinux
  firewall-cmd –state
  systemctl stop firewalld
  systemctl disable firewalld

  vi /etc/sysconfig/selinux
  SELINUX=enforcing 改为 SELINUX=disabled


  reboot< br>
Modify the character set, otherwise it may report input/output error, because Chinese is printed in the log
  localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
  export LC_ALL= zh_CN.UTF-8
  echo ‘LANG=”zh_CN.UTF-8″‘ > /etc/locale.conf

安装依赖包
  yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

安装redis,Jumpserver 使用Redis 做cache 和celery broke
  yum -y install redis
  systemctl enable redis
  systemctl start redis

 安装Mysql 作为数据库,如果不使用Mysql 可以跳过相关Mysql 安装和配置
  yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb
  systemc tl enable mariadb
  systemctl start mariadb

创建数据库Jumpserver 并授权
  mysql -uroot
  > create database jumpserver default charset ‘utf8’;
  > grant all on jumpserver.* to ‘jumpserver’@’127.0.0.1’ identified by ‘weakPassword’;
  > flush privileges;
  > quit

安装Nginx,用代理服务器整合Jumpserver与各个组件
  yum -y install nginx
  systemctl enable nginx

下载编译Python3.6.1
  cd /opt
  wget https://www.python.org/ftp/python/3.6.1/Python-3.6 .1.tar.xz
  tar xf Python-3.6.1.tar.xz && cd Python-3.6.1
  ./configure && make && make install

配置并载入Python3虚拟Environment
  cd /opt
  python3 -m venv py3
  source /opt/py3/bin/activate
  # If you see the following prompt, you must run the above source command first. ,以下所有命令均在该虚拟环境中运行
  (py3) [[email protected] opt]#

自动载入Python虚拟环境
  cd /opt
  git clone git: //github.com/kennethreitz/autoenv.git
  echo ‘source /opt/autoenv/activate.sh’ >> ~/.bashrc
  source ~/.bashrc

下载Jumpserver 与Coco < br>   cd /opt
  git clone https://github.com/jumpserver/jumpserver.git —-&& cd jumpserver && git checkout master
  echo “source /opt/py3/bin/activate”> /opt/jumpserver/.env

  cd /opt
  git clone https://github.com/jumpserver/coco.git —-&& cd coco && git checkout master && git pull
  echo “source /opt/py3/bin/activate” > /opt/coco/.env

安装依赖RPM 包
  yum -y install $(cat /opt/jumpserver/requirements /rpm_requirements.txt)
  yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt)

安装python库依赖
  pip install –upgrade pip
  pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
  pip install -r /opt/coco/requirements/requirements.txt

Modify Jumpserver configuration file
  cd /opt/jumpserver
  cp config_example.py config.py

< em> vi config.py

< em id="__mc eDel">Note: The configuration file is in Python format, do not use TAB, but use spaces< /em>

#!/usr/bin/env python3
#
-*- coding : utf-8 -*-
"""
jumpserver. config
~~~~~~~~~~~~~~~~

Jumpserver project setting file

:copyright: (c) 2014- 2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os

BASE_DIR
= os.path.dirname(os. path.abspath(__file__))


< span style="color: #0000ff">class Config:
"""
Jumpserver Config File
Jumpserver Config File< br />
Jumpserver use this config for drive django framework running,
You can set is value or set the same envirment value,
Jumpserver look for config order: file => env => default

Jumpserver uses configuration to drive the operation of the Django framework.
You can set it in this file or set the environment variable with the same name.
Jumpserver uses the order of configuration: file= > Environment variable => Default value
"""
#< /span> SECURITY WARNING: keep the secret key used in production secret!
# In the production environment of the encryption key, please modify it to a random string and do not disclose it.
SECRET_KEY = ' 2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'

# SECURITY WARNING: keep the bootstrap token used in production secret!
# The pre-shared Token coco and guacamole are used to register service accounts, instead of using the original registration acceptance mechanism
# BOOTSTRAP_TOKEN ='PleaseChangeMe'

ALLOWED_HOSTS
= ['* ']

# Development env open this, when error occur display the full process track, Production disable it
# In DEBUG mode, you can see more logs when you encounter errors after enabling DEBUG
DEBUG = False
< br />
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# Log level
LOG_LEVEL = 'ERROR'
LOG_DIR
= os.path.join(BASE_DIR, 'logs ')

# Session expiration setting, Default 24 hour, Also set expired on on browser close
# The browser session expiration time, the default is 24 hours, you can also set the browser to expire when it is closed
# SESSION_COOKIE_AGE = 3600 * 24
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = True


# Database setting, Support sqlite3, mysql, postgres ....
# Database Settings
# See https://docs.djangoproject.com/en/1.10 /ref/settings/#databases

# SQLite setting:< /span>
# Use a single-file sqlite database
# DB_ENGINE ='sqlite3'
#< /span> DB_NAME = os. path.join(BASE_DIR,'data','db.sqlite3')

# MySQL or postgres setting like:
# Use Mysql as the database
DB_ENGINE = 'mysql'
DB_HOST
= '127.0.0.1'
DB_PORT
= 3306
DB_USER
= 'jumpserver '
DB_PASSWORD
= 'weakPassword'
DB_NAME
= 'jumpserver span>'

# When Django start it will bind this host and port
# ./ manage.py runserver 127.0.0.1:8080
# Bind port during runtime< /span>
HTTP_BIND_HOST = '0.0.0.0'
HTTP_LISTEN_PORT
= 8080

# Use Redis as broker for celery and web socket
#< span style="color: #008000"> Redis configuration

REDIS_HOST = '127.0.0.1'
REDIS_PORT
= 6379
REDIS_PASSWORD
= ' ':
REDIS_DB_CELERY
= 3
REDIS_DB_CACHE
= 4

# Use OpenID authorization
# Use OpenID for authentication settings
#< /span> BASE_SITE_URL ='http://localhost:8080'
#< span style="color: #008000"> AUTH_OPENID = False # True or False

# AUTH_OPENID_SERVER_URL ='https://openid-auth-server.com/'
# AUTH_OPENID_REALM_NAME ='realm-name'
# AUTH_OPENID_CLIENT_ID ='client-id'
# AUTH_OPENID_CLIENT_SECRET ='client-secret'

#
# OTP_VALID_WINDOW = 0

def __init__(self):
< /span>pass

def __getattr__(self, item):
return None


class DevelopmentConfig(Config):
pass


class TestConfig(Config):
pass


class ProductionConfig(Config):
pass


# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()

Modify Coco configuration file
  cd /opt/coco
  cp conf_example .py conf.py # If coco and jumpserver are deployed separately, please manually modify conf.py
  vi conf.py
# Pay attention to alignment and do not directly copy the content of this document

# !/usr/bi n/env python3
#
-*- coding: utf-8 -*-
#

import os

BASE_DIR
= os.path.dirname(__file__)


class Config:
"""
Coco config file, coco also load config from server update setting below
"""
#< /span> The name of the project, which will be used to register with Jumpserver for identification purposes, and cannot be repeated
NAME = "coco"

# Jumpserver project URL, api request registration will be used

CORE_HOST = os.environ.get("
CORE_HOST = os.environ.get("
span>CORE_HOST") or 'http://127.0.0.1:8080'

# Bootstrap Token, pre-shared key, Used to register the service account and terminal used by coco
# Please configure the file with jumpserver Keep the same, you can delete after registration.
# BOOTSTRAP_TOKEN = "PleaseChangeMe"< /span>

# The ip bound at startup, default 0.0.0.0< /span>
# BIND_HOST = '0.0.0.0'
< br / > # listening SSH port number, default 2222
# SSHD_PORT = 2222

# Listening HTTP/WS port number, default 5000
# HTTPD_PORT = 5000

# The ACCESS KEY used by the project will be registered by default and saved in ACCESS_KEY_STORE,
# If you need it, you can write it in the configuration file in the format access_key_id:access_key_secret
# ACCESS_KEY = None

# The address saved by ACCESS KEY, default It will be saved to this file after registration
# ACCESS_KEY_STORE = os. path.join(BASE_DIR,'keys','.access_key')

# Encryption key
# SECRET_KEY = None< br />
# Set log level ['DEBUG','INFO','WARN', 'ERROR','FATAL','CRITICAL']
LOG_LEVEL = 'ERROR '

# Directory where logs are stored
# LOG_DIR = os.path. join(BASE_DIR,'logs')

# Session video storage Directory
# SESSION_DIR = os.path.join(BASE_DIR,'sessions')

# Asset display sorting method, ['ip','hostname']
# ASSET_LIST_SORT_BY ='ip'

# Does login support password authentication
# PASSWORD_AUTH = True

# Does login support key authentication
# PUBLIC_KEY_AUTH = True

# SSH whitelist
# ALLOW_SSH_USER ='all' # ['test','test2']

# SSH blacklist, if the user is in the whitelist and blacklist at the same time, the blacklist takes precedence
# BLOCK_SSH_USER = []

# Keep the heartbeat interval with Jumpserver
# HEARTBEAT_INTERVAL = 5

# Admin Name, the user will be prompted if something goes wrong
# ADMINS =''
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE
= {
"TYP E": "server "
}

# SSH connection timeout (default 15 seconds)
# SSH_TIMEOUT = 15

# Language = en
LANGUAGE_CODE = 'zh'


config
= Config()

Install the Web Terminal front-end: Luna
  cd /opt
  wget https:/ /github.com/jumpserver/luna/releases/download/1.4.1/luna.tar.gz
  tar xf luna.tar.gz
  chown -R root:root luna

安装windows Support components
  yum remove docker-late st-logrotate docker-logrotate docker-selinux dockdocker-engine
  yum install -y yum-utils device-mapper-persistent-data lvm2
  yum-config-manager –add-repo https://download.docker .com/linux/centos/docker-ce.repo
  yum makecache fast
  yum -y install docker-ce
  systemctl start docker -d
  docker pull jumpserver/guacamole:latest
< br>Reopen a terminal
Configure Nginx integration components
  source /opt/py3/bin/activate
  cd /opt/
  vi /etc/nginx/conf.d/jumpserver.conf

server {
listen
80; # The proxy port, which will be accessed in the future, and will no longer be through port 8080< br /> # server_name demo.jumpserver.org; # Modify to your domain name or comment out

client_max_body_size 100m;
# Video and file upload size limit

location
/luna/ {
try_files $uri
/ /index.html;
alias
/opt/luna/; # luna path, if you modify the installation directory, you need to modify it here
}

location
/media/ {
add_header Content
-Encoding gzip;
root
/ opt/jumpserver/data/; # Video location, if you modify the installation directory, you need to modify it here
}

location
/static/ {
root < /span>/opt/jumpserver/data/; # static resources, if you modify the installation directory, you need to modify it here
}

location
/socket.io/ {
proxy_pass http:
//localhost:5000/socket.io/; # If coco is installed on another server, please fill in its ip
proxy_buffering off;
proxy_http_version
1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection
"upgrade";
proxy_set_header X
span>-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location
/coco/ {
proxy_pass http:
//localhost:5000/coco/; # If coco is installed on another server, please fill in its ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location
/guacamole/ {
proxy_pass http:
//localhost:8081/; # If guacamole is installed on another server, please fill in its ip span>
proxy_buffering off;
proxy_http_version
1.1;
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection $http_connection;
proxy_set_header X
-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_ header X
-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location
/ {
proxy_pass http:
//localhost:8080; # If jumpserver is installed on another server, please fill in its ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
}
}
pre>

  cd /opt/
  cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
  vim /etc /nginx/nginx.conf

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;< br /> error_log
/var/log/nginx/error.log;
pid
/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
< br /> events {
worker_connections
1024;
}

http {
log_format main '$remote_addr-$remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log
/var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout
65;
types_hash_max_size
2048;

include
/etc/nginx/< span style="color: #000000">mime.types;
default_type application
/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

#server {
#listen 80 default_server;
#listen [::]:80 default_server;
#server_name _;
#roo t /usr/share/nginx/html;

# Load configuration files for the default server block.
#include /etc/nginx/default .d/*.conf;

#location / {< /span>
# }

#error_page 404 /404.html;
#location = /40x.html {
#}

#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#}
#}

# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load conf iguration files for the default server block.
include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }

}

  nginx -t


生成数据库表结构和初始化数据
  cd /opt/jumpserver/utils
  bash make_migrations.sh

运行 Jumpserver
  cd ..
  ./jms start all -d
# 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数

  运行Coco
  cd /opt/coco
  ./cocod start -d

#在第一个终端里
启动 Guacamole
# 注意:这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.168.8, 否则会出错
# 不能使用 127.0.0.1 ,可以更换 registry.jumpserver.org/public/guacamole:latest

  docker run --name jms_guacamole -d \
  -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
  -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
  -e JUMPSERVER_SERVER=http://192.168.168.8:8080 \
  jumpserver/guacamole:latest

  systemctl start nginx

  登录Web管理界面:192.168.168.8

参考链接1:http://docs.jumpserver.org/zh/docs/step_by_step.html

参考链接2:http://docs.jumpserver.org/zh/docs/setup_by_centos7.html

参考链接3:https://www.cnblogs.com/bigdevilking/p/9427941.html

参考链接4:http://docs.jumpserver.org/zh/docs/faq_install.html

#!/usr/bin/env python3
#
-*- coding: utf-8 -*-
"""
jumpserver.config
~~~~~~~~~~~~~~~~~

Jumpserver project settin g file

:copyright: (c) 2014-2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os

BASE_DIR
= os.path.dirname(os.path.abspath(__file__))


class Config:
"""
Jumpserver Config File
Jumpserver 配置文件

Jumpserver use this config for drive django framework running,
You can set is value or set the same envirment value,
Jumpserver look for config order: file => env => default

Jumpserver使用配置来驱动Django框架的运行,
你可以在该文件中设置,或者设置同样名称的环境变量,
Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
"""
# SECURITY WARNING: keep the secret key used in production secret!
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄
SECRET_KEY = 2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x

# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
# BOOTSTRAP_TOKEN = ‘PleaseChangeMe‘

ALLOWED_HOSTS
= [*]

# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
DEBUG = False

# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志级别
LOG_LEVEL = ERROR
LOG_DIR
= os.path.join(BASE_DIR, logs)

# Session expiration setting, Default 24 hour, Also set expired on on browser close
# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期
# SESSION_COOKIE_AGE = 3600 * 24
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = True


# Database setting, Support sqlite3, mysql, postgres ....
# 数据库设置
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases

# SQLite setting:
# 使用单文件sqlite数据库
# DB_ENGINE = ‘sqlite3‘
# DB_NAME = os.path.join(BASE_DIR, ‘data‘, ‘db.sqlite3‘)

# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE = mysql
DB_HOST
= 127.0.0.1
DB_PORT
= 3306
DB_USER
= jumpserver
DB_PASSWORD
= weakPassword
DB_NAME
= jumpserver

# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST = 0.0.0.0
HTTP_LISTEN_PORT
= 8080

# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST = 127.0.0.1
REDIS_PORT
= 6379
REDIS_PASSWORD
= ‘‘:
REDIS_DB_CELERY
= 3
REDIS_DB_CACHE
= 4

# Use OpenID autho rization
# 使用OpenID 来进行认证设置
# BASE_SITE_URL = ‘http://localhost:8080‘
# AUTH_OPENID = False # True or False
# AUTH_OPENID_SERVER_URL = ‘https://openid-auth-server.com/‘
# AUTH_OPENID_REALM_NAME = ‘realm-name‘
# AUTH_OPENID_CLIENT_ID = ‘client-id‘
# AUTH_OPENID_CLIENT_SECRET = ‘client-secret‘

#
# OTP _VALID_WINDOW = 0

def __init__(self):
pass

def __getattr__(self, item):
return None


class DevelopmentConfig(Config):
pass


class TestConfig(Config):
pass


class ProductionConfig(Config):
pass


# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()

#!/usr/bin/env python3
#
-*- coding: utf-8 -*-
#

import os

BASE_DIR
= os.path.dirname(__file__)


class Config:
"""
Coco config file, coco also load config from server update setting below
"""
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
NAME = "coco"

# Jumpserver项目的url, api请求注册会使用
CORE_HOST = os.environ.get("CORE_HOST") or http://127.0.0.1:8080

# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
# B OOTSTRAP_TOKEN = "PleaseChangeMe"

# 启动时绑定的ip, 默认 0.0.0.0
# BIND_HOST = ‘0.0.0.0‘

# 监听的SSH端口号, 默认2222
# SSHD_PORT = 2222

# 监听的HTTP/WS端口号,默认5000
# HTTPD_PORT = 5000

# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY = None

# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_STORE = os.path.join(BASE_DIR, ‘keys‘, ‘.access_key‘)

# 加密密钥
# SECRET_KEY = None

# 设置日志级别 [‘DEBUG‘, ‘INFO‘, ‘WARN‘, ‘ERROR‘, ‘FATAL‘, ‘CRITICAL‘]
LOG_LEVEL = ERROR

# 日志存放的目录
# LOG_DIR = os.path.join(BASE _DIR, ‘logs‘)

# Session录像存放目录
# SESSION_DIR = os.path.join(BASE_DIR, ‘sessions‘)

# 资产显示排序方式, [‘ip‘, ‘hostname‘]
# ASSET_LIST_SORT_BY = ‘ip‘

# 登录是否支持密码认证
# PASSWORD_AUTH = True

# 登录是否支持秘钥认证
# PUBLIC_KEY_AUTH = True

# SSH白名单
# ALLOW_SSH_USER = ‘all‘ # [‘test‘, ‘test2‘]

# SSH黑名单, 如果用户同时在白名单和黑名单,黑名单优先生效
# BLOCK_SSH_USER = []

# 和Jumpserver 保持心跳时间间隔
# HEARTBEAT_INTERVAL = 5

# Admin的名字,出问题会提示给用户
# ADMINS = ‘‘
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE
= {
"TYPE": "server"
}

# SSH连接超时时间 (default 15 seconds)
# SSH_TIMEOUT = 15

# 语言 = en
LANGUAGE_CODE = zh


config
= Config ()

server {
listen
80; # 代理端口,以后将通过此端口进行访问,不再通过8080端口
# server_name demo.jumpserver.org; # 修改成你的域名或者注释掉

client_max_body_size 100m;
# 录像及文件上传大小限制

location
/luna/ {
try_files $uri
/ /index.html;
alias
/opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
}

location
/media/ {
add_header Content
-Encoding gzip;
root
/opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
}

location
/static/ {
root
/opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改
}

location
/socket.io/ {
proxy_pass http:
//localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version
1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection
"upgrade";
proxy_set_header X
-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location
/coco/ {
proxy_pass http:
//localhost:5000/coco/; # 如果coco安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location
/guacamole/ {
proxy_pass http:
//localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version
1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X
-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location
/ {
proxy_pass http:
//localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log
/var/log/nginx/error.log;
pid
/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections
1024;
}

http {
log_format main
$remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for";

access_log
/var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout
65;
types_hash_max_size
2048;

include
/etc/nginx/mime.types;
default_type application
/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

#server {
#listen 80 default_ser ver;
#listen [::]:80 default_server;
#server_name _;
#root /usr/share/nginx/html;

# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;

#location / {
# }

#error_page 404 /404.html;
#location = /40x.html {
#}

#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#}
#}

# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_ser ver;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }

}

参考链接1:http://docs.jumpserver.org/zh/docs/step_by_step.html

参考链接2:http://docs.jumpserver.org/zh/docs/setup_by_centos7.html

参考链接3:https://www.cnblogs.com/bigdevilking/p/9427941.html

参考链接4:http://docs.jumpserver.org/zh/docs/faq_install.html

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 4843 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.