Environment
Virtual machine system: centos 7
IP:192.168.168.8
Directory: /opt
Proxy: nginx
Database: mysql version is greater than or equal to 5.6 mariadb version is greater than or equal to 5.5.6
Update yum
yum update -y
Turn off firewall and selinux
firewall-cmd –state
systemctl stop firewalld
systemctl disable firewalld
vi /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
reboot< br>
Modify the character set, otherwise it may report input/output error, because Chinese is printed in the log
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL= zh_CN.UTF-8
echo ‘LANG=”zh_CN.UTF-8″‘ > /etc/locale.conf
安装依赖包
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
安装redis,Jumpserver 使用Redis 做cache 和celery broke
yum -y install redis
systemctl enable redis
systemctl start redis
安装Mysql 作为数据库,如果不使用Mysql 可以跳过相关Mysql 安装和配置
yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb
systemc tl enable mariadb
systemctl start mariadb
创建数据库Jumpserver 并授权
mysql -uroot
> create database jumpserver default charset ‘utf8’;
> grant all on jumpserver.* to ‘jumpserver’@’127.0.0.1’ identified by ‘weakPassword’;
> flush privileges;
> quit
安装Nginx,用代理服务器整合Jumpserver与各个组件
yum -y install nginx
systemctl enable nginx
下载编译Python3.6.1
cd /opt
wget https://www.python.org/ftp/python/3.6.1/Python-3.6 .1.tar.xz
tar xf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure && make && make install
配置并载入Python3虚拟Environment
cd /opt
python3 -m venv py3
source /opt/py3/bin/activate
# If you see the following prompt, you must run the above source command first. ,以下所有命令均在该虚拟环境中运行
(py3) [[email protected] opt]#
自动载入Python虚拟环境
cd /opt
git clone git: //github.com/kennethreitz/autoenv.git
echo ‘source /opt/autoenv/activate.sh’ >> ~/.bashrc
source ~/.bashrc
下载Jumpserver 与Coco < br> cd /opt
git clone https://github.com/jumpserver/jumpserver.git —-&& cd jumpserver && git checkout master
echo “source /opt/py3/bin/activate”> /opt/jumpserver/.env
cd /opt
git clone https://github.com/jumpserver/coco.git —-&& cd coco && git checkout master && git pull
echo “source /opt/py3/bin/activate” > /opt/coco/.env
安装依赖RPM 包
yum -y install $(cat /opt/jumpserver/requirements /rpm_requirements.txt)
yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt)
安装python库依赖
pip install –upgrade pip
pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
pip install -r /opt/coco/requirements/requirements.txt
Modify Jumpserver configuration file
cd /opt/jumpserver
cp config_example.py config.py
< em> vi config.py
< em id="__mc eDel">Note: The configuration file is in Python format, do not use TAB, but use spaces< /em>
#!/usr/bin/env python3
# -*- coding : utf-8 -*-
"""
jumpserver. config
~~~~~~~~~~~~~~~~
Jumpserver project setting file
:copyright: (c) 2014- 2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os. path.abspath(__file__))
< span style="color: #0000ff">class Config:
"""
Jumpserver Config File
Jumpserver Config File< br />
Jumpserver use this config for drive django framework running,
You can set is value or set the same envirment value,
Jumpserver look for config order: file => env => default
Jumpserver uses configuration to drive the operation of the Django framework.
You can set it in this file or set the environment variable with the same name.
Jumpserver uses the order of configuration: file= > Environment variable => Default value
"""
#< /span> SECURITY WARNING: keep the secret key used in production secret!
# In the production environment of the encryption key, please modify it to a random string and do not disclose it.
SECRET_KEY = ' 2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
# SECURITY WARNING: keep the bootstrap token used in production secret!
# The pre-shared Token coco and guacamole are used to register service accounts, instead of using the original registration acceptance mechanism
# BOOTSTRAP_TOKEN ='PleaseChangeMe'
ALLOWED_HOSTS = ['* ']
# Development env open this, when error occur display the full process track, Production disable it
# In DEBUG mode, you can see more logs when you encounter errors after enabling DEBUG
DEBUG = False
< br /> # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# Log level
LOG_LEVEL = 'ERROR'
LOG_DIR = os.path.join(BASE_DIR, 'logs ')
# Session expiration setting, Default 24 hour, Also set expired on on browser close
# The browser session expiration time, the default is 24 hours, you can also set the browser to expire when it is closed
# SESSION_COOKIE_AGE = 3600 * 24
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# Database setting, Support sqlite3, mysql, postgres ....
# Database Settings
# See https://docs.djangoproject.com/en/1.10 /ref/settings/#databases
# SQLite setting:< /span>
# Use a single-file sqlite database
# DB_ENGINE ='sqlite3'
#< /span> DB_NAME = os. path.join(BASE_DIR,'data','db.sqlite3')
# MySQL or postgres setting like:
# Use Mysql as the database
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver '
DB_PASSWORD = 'weakPassword'= 'jumpserver span>'
DB_NAME
# When Django start it will bind this host and port
# ./ manage.py runserver 127.0.0.1:8080
# Bind port during runtime< /span>
HTTP_BIND_HOST = '0.0.0.0'
HTTP_LISTEN_PORT = 8080
# Use Redis as broker for celery and web socket
#< span style="color: #008000"> Redis configuration
REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379
REDIS_PASSWORD = ' ':
REDIS_DB_CELERY = 3
REDIS_DB_CACHE = 4
# Use OpenID authorization
# Use OpenID for authentication settings
#< /span> BASE_SITE_URL ='http://localhost:8080'
#< span style="color: #008000"> AUTH_OPENID = False # True or False
# AUTH_OPENID_SERVER_URL ='https://openid-auth-server.com/'
# AUTH_OPENID_REALM_NAME ='realm-name'
# AUTH_OPENID_CLIENT_ID ='client-id'
# AUTH_OPENID_CLIENT_SECRET ='client-secret'
#
# OTP_VALID_WINDOW = 0
def __init__(self):
< /span>pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class TestConfig(Config):
pass
class ProductionConfig(Config):
pass
# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()
Modify Coco configuration file
cd /opt/coco
cp conf_example .py conf.py # If coco and jumpserver are deployed separately, please manually modify conf.py
vi conf.py
# Pay attention to alignment and do not directly copy the content of this document
# !/usr/bi n/env python3
# -*- coding: utf-8 -*-
#
import os
BASE_DIR = os.path.dirname(__file__)
class Config:
"""
Coco config file, coco also load config from server update setting below
"""
#< /span> The name of the project, which will be used to register with Jumpserver for identification purposes, and cannot be repeated
NAME = "coco"
#Jumpserver project URL, api request registration will be used
CORE_HOST = os.environ.get("
CORE_HOST = os.environ.get("
span>CORE_HOST") or 'http://127.0.0.1:8080'
# Bootstrap Token, pre-shared key, Used to register the service account and terminal used by coco
# Please configure the file with jumpserver Keep the same, you can delete after registration.
# BOOTSTRAP_TOKEN = "PleaseChangeMe"< /span>
# The ip bound at startup, default 0.0.0.0< /span>
# BIND_HOST = '0.0.0.0'
< br / > # listening SSH port number, default 2222
# SSHD_PORT = 2222
# span> Listening HTTP/WS port number, default 5000
# HTTPD_PORT = 5000
# The ACCESS KEY used by the project will be registered by default and saved in ACCESS_KEY_STORE,
# If you need it, you can write it in the configuration file in the format access_key_id:access_key_secret
# ACCESS_KEY = None
# The address saved by ACCESS KEY, default It will be saved to this file after registration
# ACCESS_KEY_STORE = os. path.join(BASE_DIR,'keys','.access_key')
# Encryption key
# SECRET_KEY = None< br />
# Set log level ['DEBUG','INFO','WARN', 'ERROR','FATAL','CRITICAL']
LOG_LEVEL = 'ERROR '
# Directory where logs are stored
# LOG_DIR = os.path. join(BASE_DIR,'logs')
# Session video storage Directory
# SESSION_DIR = os.path.join(BASE_DIR,'sessions')
# Asset display sorting method, ['ip','hostname']
# ASSET_LIST_SORT_BY ='ip'
# Does login support password authentication
# PASSWORD_AUTH = True
# Does login support key authentication
# PUBLIC_KEY_AUTH = True
# SSH whitelist
# ALLOW_SSH_USER ='all' # ['test','test2']
# SSH blacklist, if the user is in the whitelist and blacklist at the same time, the blacklist takes precedence
# BLOCK_SSH_USER = []
# Keep the heartbeat interval with Jumpserver
# HEARTBEAT_INTERVAL = 5
# Admin Name, the user will be prompted if something goes wrong
# ADMINS =''
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE = {
"TYP E": "server "
}
# SSH connection timeout (default 15 seconds)
# SSH_TIMEOUT = 15
# Language = en
LANGUAGE_CODE = 'zh'
config = Config()
Install the Web Terminal front-end: Luna
cd /opt
wget https:/ /github.com/jumpserver/luna/releases/download/1.4.1/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
安装windows Support components
yum remove docker-late st-logrotate docker-logrotate docker-selinux dockdocker-engine
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager –add-repo https://download.docker .com/linux/centos/docker-ce.repo
yum makecache fast
yum -y install docker-ce
systemctl start docker -d
docker pull jumpserver/guacamole:latest
< br>Reopen a terminal
Configure Nginx integration components
source /opt/py3/bin/activate
cd /opt/
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80; # The proxy port, which will be accessed in the future, and will no longer be through port 8080< br /> # server_name demo.jumpserver.org; # Modify to your domain name or comment out
client_max_body_size 100m; # Video and file upload size limit
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna path, if you modify the installation directory, you need to modify it here
}
location /media/ {
add_header Content-Encoding gzip;
root / opt/jumpserver/data/; # Video location, if you modify the installation directory, you need to modify it here
}
location /static/ {
root < /span>/opt/jumpserver/data/; # static resources, if you modify the installation directory, you need to modify it here
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # If coco is installed on another server, please fill in its ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X span>-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # If coco is installed on another server, please fill in its ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # If guacamole is installed on another server, please fill in its ip span>
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_ header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # If jumpserver is installed on another server, please fill in its ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
} pre>
cd /opt/
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
vim /etc /nginx/nginx.conf
# span> For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;< br /> error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
< br /> events {
worker_connections 1024;
}
http {
log_format main span>'$remote_addr-$remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/< span style="color: #000000">mime.types;
default_type application/octet-stream;
span># Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
#server {
#listen 80 default_server;
#listen [::]:80 default_server;
#server_name _;
#roo t /usr/share/nginx/html;
# Load configuration files for the default server block.
#include /etc/nginx/default .d/*.conf;
#location / {< /span>
# }
#error_page 404 /404.html;
#location = /40x.html {
#}
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#}
#}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load conf iguration files for the default server block.
include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
nginx -t
生成数据库表结构和初始化数据
cd /opt/jumpserver/utils
bash make_migrations.sh
运行 Jumpserver
cd ..
./jms start all -d
# 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数
运行Coco
cd /opt/coco
./cocod start -d
#在第一个终端里
启动 Guacamole
# 注意:这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.168.8, 否则会出错
# 不能使用 127.0.0.1 ,可以更换 registry.jumpserver.org/public/guacamole:latest
docker run --name jms_guacamole -d \
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://192.168.168.8:8080 \
jumpserver/guacamole:latest
systemctl start nginx
登录Web管理界面:192.168.168.8
参考链接1:http://docs.jumpserver.org/zh/docs/step_by_step.html
参考链接2:http://docs.jumpserver.org/zh/docs/setup_by_centos7.html
参考链接3:https://www.cnblogs.com/bigdevilking/p/9427941.html
参考链接4:http://docs.jumpserver.org/zh/docs/faq_install.html
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
jumpserver.config
~~~~~~~~~~~~~~~~~
Jumpserver project settin g file
:copyright: (c) 2014-2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
class Config:
"""
Jumpserver Config File
Jumpserver 配置文件
Jumpserver use this config for drive django framework running,
You can set is value or set the same envirment value,
Jumpserver look for config order: file => env => default
Jumpserver使用配置来驱动Django框架的运行,
你可以在该文件中设置,或者设置同样名称的环境变量,
Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
"""
# SECURITY WARNING: keep the secret key used in production secret!
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄
SECRET_KEY = ‘2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x‘
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
# BOOTSTRAP_TOKEN = ‘PleaseChangeMe‘
ALLOWED_HOSTS = [‘*‘]
# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
DEBUG = False
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志级别
LOG_LEVEL = ‘ERROR‘
LOG_DIR = os.path.join(BASE_DIR, ‘logs‘)
# Session expiration setting, Default 24 hour, Also set expired on on browser close
# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期
# SESSION_COOKIE_AGE = 3600 * 24
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# Database setting, Support sqlite3, mysql, postgres ....
# 数据库设置
#See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# SQLite setting:
# 使用单文件sqlite数据库
# DB_ENGINE = ‘sqlite3‘
# DB_NAME = os.path.join(BASE_DIR, ‘data‘, ‘db.sqlite3‘)
# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE = ‘mysql‘
DB_HOST = ‘127.0.0.1‘
DB_PORT = 3306
DB_USER = ‘jumpserver‘
DB_PASSWORD = ‘weakPassword‘
DB_NAME = ‘jumpserver‘
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST = ‘0.0.0.0‘
HTTP_LISTEN_PORT = 8080
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST = ‘127.0.0.1‘
REDIS_PORT = 6379
REDIS_PASSWORD = ‘‘:
REDIS_DB_CELERY = 3
REDIS_DB_CACHE = 4
# Use OpenID autho rization
# 使用OpenID 来进行认证设置
# BASE_SITE_URL = ‘http://localhost:8080‘
# AUTH_OPENID = False # True or False
# AUTH_OPENID_SERVER_URL = ‘https://openid-auth-server.com/‘
# AUTH_OPENID_REALM_NAME = ‘realm-name‘
# AUTH_OPENID_CLIENT_ID = ‘client-id‘
# AUTH_OPENID_CLIENT_SECRET = ‘client-secret‘
#
# OTP _VALID_WINDOW = 0
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class TestConfig(Config):
pass
class ProductionConfig(Config):
pass# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
import os
BASE_DIR = os.path.dirname(__file__)
class Config:
"""
Coco config file, coco also load config from server update setting below
"""
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
NAME = "coco"
# Jumpserver项目的url, api请求注册会使用
CORE_HOST = os.environ.get("CORE_HOST") or ‘http://127.0.0.1:8080‘
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
# B OOTSTRAP_TOKEN = "PleaseChangeMe"
# 启动时绑定的ip, 默认 0.0.0.0
# BIND_HOST = ‘0.0.0.0‘
# 监听的SSH端口号, 默认2222
# SSHD_PORT = 2222
# 监听的HTTP/WS端口号,默认5000
# HTTPD_PORT = 5000
# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY = None
# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_STORE = os.path.join(BASE_DIR, ‘keys‘, ‘.access_key‘)
# 加密密钥
# SECRET_KEY = None
# 设置日志级别 [‘DEBUG‘, ‘INFO‘, ‘WARN‘, ‘ERROR‘, ‘FATAL‘, ‘CRITICAL‘]
LOG_LEVEL = ‘ERROR‘
# 日志存放的目录
# LOG_DIR = os.path.join(BASE _DIR, ‘logs‘)
# Session录像存放目录
# SESSION_DIR = os.path.join(BASE_DIR, ‘sessions‘)
# 资产显示排序方式, [‘ip‘, ‘hostname‘]
# ASSET_LIST_SORT_BY = ‘ip‘
# 登录是否支持密码认证
# PASSWORD_AUTH = True
# 登录是否支持秘钥认证
# PUBLIC_KEY_AUTH = True
# SSH白名单
# ALLOW_SSH_USER = ‘all‘ # [‘test‘, ‘test2‘]
# SSH黑名单, 如果用户同时在白名单和黑名单,黑名单优先生效
# BLOCK_SSH_USER = []
# 和Jumpserver 保持心跳时间间隔
# HEARTBEAT_INTERVAL = 5
# Admin的名字,出问题会提示给用户
# ADMINS = ‘‘
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE = {
"TYPE": "server"
}
# SSH连接超时时间 (default 15 seconds)
# SSH_TIMEOUT = 15
# 语言 = en
LANGUAGE_CODE = ‘zh‘
config = Config ()
server {
listen 80; # 代理端口,以后将通过此端口进行访问,不再通过8080端口
# server_name demo.jumpserver.org; # 修改成你的域名或者注释掉
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
#server {
#listen 80 default_ser ver;
#listen [::]:80 default_server;
#server_name _;
#root /usr/share/nginx/html;
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
#location / {
# }
#error_page 404 /404.html;
#location = /40x.html {
#}
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#}
#}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_ser ver;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
#ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
参考链接1:http://docs.jumpserver.org/zh/docs/step_by_step.html
参考链接2:http://docs.jumpserver.org/zh/docs/setup_by_centos7.html
参考链接3:https://www.cnblogs.com/bigdevilking/p/9427941.html
参考链接4:http://docs.jumpserver.org/zh/docs/faq_install.html