堡垒机Jumpserver 的源码部署教程
备注:该源码是基于jumpserver V2.15.3版本⽽来,后续开发都在此版本进⾏迭代开发。其中core、koko、lion最后是以服务的形式进⾏部署,有对应的端⼝号;guacamole-server是个⼯具包,只需要安装启动就好;lina、luna是前端界⾯,部署时只需要在nginx配置好即可,没有端⼝号服务。
Core 编译配置
Core 是 JumpServer 的核⼼组件,由 Django ⼆次开发⽽来,内置了 Gunicorn Celery Beat Flower Daphne 服务
环境要求 :python>= 3.6,MariaDB>= 10.2,Redis>= 5
core源码编译安装:
centos7环境:
Ubuntu20.04环境:
安装python依赖:为 JumpServer 项⽬单独创建 python3 虚拟环境并进⼊环境
每次运⾏项⽬都需要先执⾏ source …/py3/bin/activate 载⼊此环境。
修改配置⽂件:cd jumpserver-v2.15.3 wget /db -O apps/common/utils/db
1
2yum install -y epel-release postgresql-devel mariadb-devel openldap-devel gcc-c++ make sshpass yum install -y python36 python36-devel
1
2apt-get install -y libpq-dev libffi-dev libxml2 libxslt-dev libmariadb-dev libldap2-dev libsasl2-dev sshpass mariadb-client bash-completion g++ make apt-get install -y python3.8 python3.8-dev python3-venv
1
2python3 -m venv ../py3source ../py3/bin/activate
1
2pip install -U pip pip install -r
1
2cp l l
1
2# SECURITY WARNING: keep the secret key used in production secret!# 加密秘钥 ⽣产环境中请修改为随机字符串,请勿外泄, 可使⽤命令⽣成# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 48;echo SECRET_KEY: ****************  # 必填项, 长度推荐 50 位以上# SECURITY WARNING: keep the bootstrap token used in production secret!# 预共享Token koko 和 lion ⽤来注册服务账号,不在使⽤原来的注册接受机制# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24;echo BOOTSTRAP_TOKEN: ***********  # 必填项, 长度推荐 20 位以上# Development env open this, when error occur display the full process track, Production disable it # DEBUG 模式 开启DEBUG 后遇到错误时可以看到更多⽇志DEBUG: true                  # 开发建议打开 DEBUG, ⽣产环境应该关闭# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See docs.djangoproject/en/1.10/topics/logging/# ⽇志级别LOG_LEVEL: DEBUG              # 开发建议设置 DEBUG, ⽣产环境推荐使⽤ ERROR # LOG_DIR:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# LOG_DIR:# Session expiration setting, Default 24 hour, Also set expired on on browser close # 浏览器Session 过期时间,默认24⼩时, 也可以设置浏览器关闭则过期# SESSION_COOKIE_AGE: 86400SESSION_EXPIRE_AT_BROWSER_CLOSE: true  # 浏览器关闭 session 过期# Database setting, Support sqlite3, mysql, postgres ....# 数据库设置# See docs.djangoproject/en/1.10/ref/settings/#databases # SQLite setting:# 使⽤单⽂件sqlite 数据库# DB_ENGINE: sqlite3# DB_NAME:# MySQL or postgres setting like:# 使⽤Mysql 作为数据库
DB_ENGINE: mysql DB_HOST: 127.0.0.1      # ⾃⾏配置 数据库相关DB_PORT: 3306DB_USER: jumpserver DB_PASSWORD: ********DB_NAME: jumpserver # When Django start it will bind this host and port # ./manage.py runserver 127.0.0.1:8080# 运⾏时绑定端⼝, 将会使⽤ 0.0.0.0:8080 0.0.0.0:8070 端⼝HTTP_BIND_HOST: 0.0.0.0HTTP_LISTEN_PORT: 8080WS_LISTEN_PORT: 8070# Use Redis as broker for celery and web socket # Redis 配置REDIS_HOST: 127.0.0.1    # ⾃⾏配置 Redis 相关REDIS_PORT: 6379REDIS_PASSWORD: ********# REDIS_DB_CELERY: 3# REDIS_DB_CACHE: 4# Use OpenID Authorization # 使⽤ OpenID 进⾏认证设置# AUTH_OPENID: False # True or False # BASE_SITE_URL: None # AUTH_OPENID_CLIENT_ID: client-id # AUTH_OPENID_CLIENT_SECRET: client-secret # AUTH_OPENID_PROVIDER_ENDPOINT: op-example/# AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT: op-example/authorize # AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT: op-example/token # AUTH_OPENID_PROVIDER_JWKS_ENDPOINT: op-example/jwks # AUTH_OPENID_PROVIDER_USERINFO_ENDPOINT: op-example/userinfo # AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINT: op-example/logout # AUTH_OPENID_PROVIDER_SIGNATURE_ALG: HS256# AUTH_OPENID_PROVIDER_SIGNATURE_KEY: None # AUTH_OPENID_SCOPES: "openid profile email"# AUTH_OPENID_ID_TOKEN_MAX_AGE: 60# AUTH_OPENID_ID_TOKEN_INCLUDE_CLAI
MS: True # AUTH_OPENID_USE_STATE: True # AUTH_OPENID_USE_NONCE: True # AUTH_OPENID_SHARE_SESSION: True # AUTH_OPENID_IGNORE_SSL_VERIFICATION: True # AUTH_OPENID_ALWAYS_UPDATE_USER: True # Use Radius authorization # 使⽤Radius 来认证# AUTH_RADIUS: false # RADIUS_SERVER: localhost
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44angular安装
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
处理国际化:
启动core,后台运⾏可以-d,./jms start -d
Lina 编译配置# RADIUS_SERVER: localhost # RADIUS_PORT: 1812# RADIUS_SECRET:# CAS 配置# AUTH_CAS': False,# CAS_SERVER_URL': "host/cas/",# CAS_ROOT_PROXIED_AS': 'jumpserver-host:port',  # CAS_LOGOUT_COMPLETELY': True,# CAS_VERSION': 3,# LDAP/AD settings # LDAP 搜索分页数量# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000## 定时同步⽤户# 启⽤ / 禁⽤# AUTH_LDAP_SYNC_IS_PERIODIC: True # 同步间隔 (单位: 时) (优先)# AUTH_LDAP_SYNC_INTERVAL: 12# Crontab 表达式# AUTH_LDAP_SYNC_CRONTAB: * 6 * * *## LDAP ⽤户登录时仅允许在⽤户列表中的⽤户执⾏ LDAP Server 认证# AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False ## LDAP 认证时如果⽇志中出现以下信息将参数设置为 0 (详情参见:/en/latest/faq.html)# In order to perform this op
eration a successful bind must be completed on the connection # AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1# OTP settings # OTP/MFA 配置# OTP_VALID_WINDOW: 0# OTP_ISSUER_NAME: Jumpserver # Perm show single asset to ungrouped node # 是否把未授权节点资产放⼊到 未分组 节点中# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: False ## 同⼀账号仅允许在⼀台设备登录# USER_LOGIN_SINGLE_MACHINE_ENABLED: False ## 启⽤定时任务# PERIOD_TASK_ENABLE: True ## 启⽤⼆次复合认证配置# LOGIN_CONFIRM_ENABLE: False ## Windows 登录跳过⼿动输⼊密码# WINDOWS_SKIP_ALL_MANUAL_PASSWORD: False
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132rm -f apps/locale/zh/LC_ python apps/manage.py compilemessages
1
2./jms start
1
Lina 是 JumpServer 的前端 UI 项⽬,主要使⽤ Vue,Element UI 完成。
环境要求:node =12.20.0 其他版本应该也⾏,不过后⾯的luna好像对node版本有要求,所以最好还是安装此版本
安装node
centos7和ubuntu20.04都使⽤下⾯命令进⾏安装:
v12.20.0
安装依赖
修改配置⽂件
如果只是调试则使⽤如下命令运⾏,运⾏成功后会显⽰临时地址和端⼝号进⾏访问lina前端cd lina-v2.15.3
1wget /mirrors/node/v12.20.0/node-v12.20. tar -xf node-v12.20. mv node-v12.20.0-linux-x64 /usr/local/node chown -R root:root /usr/local/node export PATH=/usr/local/node/bin:$PATH echo 'export PATH=/usr/local/node/bin:$PATH' >> ~/.bashrc
1
2
3
4
5
6node -v
1npm config set sass_binary_site /mirrors/node-sass npm config set registry registry. npm install -g yarn yarn config set registry registry. npm install -g yarn yarn install
1
2
3
4
5
6
7vi .env.development
1# 全局环境变量 请勿随意改动ENV = 'development'# base api VUE_APP_BASE_API = ''VUE_APP_PUBLIC_PATH = '/ui/'# vue-cli uses the VUE_CLI_BABEL_TRANSPILE_MODULES env
ironment variable,# to control whether the babel-plugin-dynamic-import-node plugin is enabled.# It only does one thing by converting all import() to require().# This configuration can significantly increase the speed of hot updates,# when you have a large number of pages.# Detail:  github/vuejs/vue-cli/blob/dev/packages/@vue/babel-preset-app/index.js VUE_CLI_BABEL_TRANSPILE_MODULES = true # External auth VUE_APP_LOGIN_PATH = '/core/auth/login/'VUE_APP_LOGOUT_PATH = '/core/auth/logout/'# Dev server for core proxy VUE_APP_CORE_HOST = 'localhost:8080'  # 修改成 Core 的 url 地址VUE_APP_CORE_WS = 'ws://localhost:8070'VUE_APP_ENV = 'development'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
如果是构建lina,使⽤如下命令进⾏编译⽣成lina包,直接和nginx部署
编译完成后在⽬录下⾯会⽣成lina⽂件夹,配合f的lina配置部分进⾏配置即可,配置如下
luna 编译配置
Luna 是 JumpServer 的前端 UI 项⽬,主要使⽤ Angular CLI 完成。
环境要求:node =12.20.0 ,前⾯lina已经配置安装了,此时不⽤再安装
安装依赖
修改配置⽂件:yarn serve
1yarn build:prod
1location /ui/ {    try_files $uri / /ui/index.html;    alias /opt/lina-v2.15.3/lina/; #此地址是最后编译完成后⽣成的lina ⽂件夹地址,根据⾃⼰情况进⾏修改路径}
1
2
3
4cd luna-v2.15.3
1npm install npm install --dev npm rebuild node-sass
1
2
f.json 1

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。