0
点赞
收藏
分享

微信扫一扫

JumpServer v3.2.2新版快速部署

环境

centos7(4核8G一台)

升级内核

# 升级内核到5.4
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum --disablerepo=\* --enablerepo=elrepo-kernel list kernel*
yum -y --enablerepo=elrepo-kernel install kernel-lt.x86_64 kernel-lt-devel.x86_64
grub2-set-default 0
# 升级工具
yum remove kernel-tools.x86_64 kernel-tools-libs.x86_64  -y
yum  --enablerepo=elrepo-kernel install kernel-lt-tools.x86_64 kernel-lt-tools-libs.x86_64 -y
# 重启

安装依赖

yum install -y wget curl tar gettext  python iptables-services

离线安装

从飞致云社区 下载最新的 linux/amd64 离线包, 并上传到部署服务器的 /opt 目录

  • 解压

cd /opt
tar -xf jumpserver-offline-installer-v3.2.2-amd64-5.tar.gz
cd jumpserver-offline-installer-v3.2.2-amd64-5

  • 配置config-example.txt根据需要修改配置文件模板, 本地直接使用默认,不需修改。线上使用:查看是否有端口冲突和,是否容器使用的网段有冲突,是否要加https域名。
  • 安装

cd /opt/jumpserver-offline-installer-v3.2.2-amd64-5
./jmsctl.sh install
安装过程有几个选择,默认即可

  • 启动

cd /opt/jumpserver-offline-installer-v3.2.2-amd64-5
./jmsctl.sh start

  • 登陆
    http://ip:80默认登陆和密码:admin

JumpServer v3.2.2新版快速部署_JumpServer

  • 其他命令

# cd /opt/jumpserver-offline-installer-v3.2.2-amd64-5
# ./jmsctl.sh --help
JumpServer Deployment Management Script

Usage: 
  ./jmsctl.sh [COMMAND] [ARGS...]
  ./jmsctl.sh --help

Installation Commands: 
  install           Install JumpServer
  upgrade [version] Upgrade JumpServer
  check_update      Check for updates JumpServer
  reconfig          Reconfiguration JumpServer

Management Commands: 
  start             Start   JumpServer
  stop              Stop    JumpServer
  close             Close   JumpServer
  restart           Restart JumpServer
  status            Check   JumpServer
  down              Offline JumpServer
  uninstall         Uninstall JumpServer

More Commands: 
  load_image        Loading docker image
  backup_db         Backup database
  restore_db [file] Data recovery through database backup file
  raw               Execute the original docker-compose command
  tail [service]    View log


配置防火墙,禁止Docker使用iptables

  • 配置防火墙开放docker端口

cat  > /etc/sysconfig/iptables <<EOF
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-I FORWARD -s 192.168.250.0/24 -j ACCEPT
-I FORWARD -d 192.168.250.0/24 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
systemctl  restart  iptables

  • Docker禁止使用iptables

cat > /etc/docker/daemon.json  <<EOF
{
"iptables":false,
 "data-root": "/var/lib/docker", 
 "live-restore": true, 
 "log-driver": "json-file", 
 "log-opts": {
  "max-file": "3", 
  "max-size": "10m"
 }
}
EOF
systemctl  restart docker

  • 重启jumpserver

cd /opt/jumpserver-offline-installer-v3.2.2-amd64-5
./jmsctl.sh start


举报

相关推荐

0 条评论