“Jumpserver基础”的版本间的差异

来自linux中国网wiki
跳到导航 跳到搜索
第1行: 第1行:
  
 
=install=
 
=install=
 +
<pre>
 +
 +
加个开机启动
 +
 +
#在运行docker容器时可以加如下参数来保证每次docker服务重启后容器也自动重启:
 +
$docker run --restart=always
 +
#如果已经启动了则可以使用如下命令:
 +
$docker update --restart=always <CONTAINER ID>
 +
 +
重启试一下
 +
</pre>
 +
==* init ==
 +
 +
==* ins mariadb  redis ==
 +
<pre>
 +
apt  install mariadb-client  mariadb-server redis -y
 +
 +
 +
cat  /etc/redis/redis.conf | grep -v '#'
 +
···
 +
protected-mode no
 +
requirepass foobareLXTXe2456
 +
···
 +
 +
监控 LO 127.0.0.1 可关也可不关
 +
 +
#默认开启了的
 +
# 启动&自启动Redis
 +
systemctl restart redis
 +
systemctl enable redis
 +
 +
update mysql.user set authentication_string=PASSWORD('OPS123456#') where user='root';
 +
flush privileges;
 +
 +
 +
UPDATE user SET password=password('OPS123456#') WHERE user='root';
 +
 +
 +
#这个有效果  mariadb 10
 +
use mysql
 +
SET password for 'root'@'localhost' = password('OPS123456#');
 +
 +
 +
create database jumpserver char set utf8;
 +
grant all on jumpserver.* to jumpserver@'%' identified by 'jumpserverLXTX136';
 +
 +
 +
grant all on *.*  to root@'127.0.0.1' identified by 'myFD23';
 +
 +
监控了 127.0.0.1  我去  改为 0.0.0.0
 +
cat /etc/mysql/mariadb.conf.d/50-server.cnf
 +
 +
bind-address            = 127.0.0.1
 +
 +
 +
 +
root@prod-fincy-jumpserver:~# netstat -nlpt
 +
Active Internet connections (only servers)
 +
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name   
 +
tcp        0      0 127.0.0.1:25            0.0.0.0:*              LISTEN      4129/exim4         
 +
tcp        0      0 127.0.0.1:3306          0.0.0.0:*              LISTEN      12034/mysqld 
 +
 +
 +
systemctl restart mariadb
 +
</pre>
 +
 +
==* docker  docker-compose  ins==
 +
 +
 +
===* in jmp on docker ===
 +
<pre>
 +
所以随便映射一个端口8001用于Web访问,2222用户ssh访问,因为本服务器关闭了Selinux,如果没有关闭,还需要将8001与2222加入可http的端口,在Nginx服务器将会详细配置。
 +
 +
#我用这个  注意这个 IP  特别是多个机器会不小心搞错
 +
docker run --name jms_all -d \
 +
-v /opt/jumpserver:/opt/jumpserver/data/media \
 +
-p 8080:80 \
 +
-p 2222:2222 \
 +
-e SECRET_KEY=secret \
 +
-e BOOTSTRAP_TOKEN=secret \
 +
-e DB_HOST=172.16.220.146 \
 +
-e DB_PORT=3306 \
 +
-e DB_USER=jumpserver \
 +
-e DB_PASSWORD=jumpserverLXTX136 \
 +
-e DB_NAME=jumpserver \
 +
-e REDIS_HOST=172.16.220.146 \
 +
-e REDIS_PORT=6379 \
 +
-e REDIS_PASSWORD=foobareLXTXe2456 \
 +
-e JUMPSERVER_KEY_DIR=/config/guacamole/keys \
 +
-e GUACAMOLE_HOME=/config/guacamole \
 +
-e JUMPSERVER_SERVER=http://127.0.0.1:8080 \
 +
jumpserver/jms_all:v2.2.1
 +
 +
 +
 +
#官方文档的
 +
docker run --name jms_all -d \
 +
  -v /opt/jumpserver/data:/opt/jumpserver/data \
 +
  -p 80:80 \
 +
  -p 2222:2222 \
 +
  -e SECRET_KEY=xxxxxx \
 +
  -e BOOTSTRAP_TOKEN=xxx \
 +
  -e DB_HOST=192.168.x.x \
 +
  -e DB_PORT=3306 \
 +
  -e DB_USER=root \
 +
  -e DB_PASSWORD=xxx \
 +
  -e DB_NAME=jumpserver \
 +
  -e REDIS_HOST=192.168.x.x \
 +
  -e REDIS_PORT=6379 \
 +
  -e REDIS_PASSWORD=xxx \
 +
  --privileged=true \
 +
  jumpserver/jms_all:v2.2.1
 +
 
 +
 
 +
  https://spex.top/archives/docker-jumpserver.html
 +
 
 +
  mysql 用户和密码写反了
 +
 
 +
  django.db.utils.OperationalError: (2006, "Access denied for user 'jumpserverLXTX136'@'172.17.0.2' (using password: YES)")
 +
 
 +
  </pre>
 +
 
 +
==  USAGE ==
 +
<pre>
 +
  要用空上格式
 +
  暂不支持OPENSSH格式的密钥,使用 ssh-keygen -t rsa -m pem生成
 +
 +
 +
 +
grant all on *.* to lxtx@'%' identified by 'FINCy5609824hHixxxxx';
 +
 +
</pre>
 +
 +
  
 
[http://docs.jumpserver.org/zh/docs/dockerinstall.html Docker 安装]
 
[http://docs.jumpserver.org/zh/docs/dockerinstall.html Docker 安装]

2020年9月1日 (二) 06:12的版本

install


加个开机启动 

#在运行docker容器时可以加如下参数来保证每次docker服务重启后容器也自动重启:
$docker run --restart=always
#如果已经启动了则可以使用如下命令:
$docker update --restart=always <CONTAINER ID>

重启试一下

* init

* ins mariadb redis

apt  install mariadb-client   mariadb-server redis -y


cat  /etc/redis/redis.conf | grep -v '#'
···
protected-mode no
requirepass foobareLXTXe2456
···

监控 LO 127.0.0.1 可关也可不关 

#默认开启了的 
# 启动&自启动Redis
systemctl restart redis
systemctl enable redis

update mysql.user set authentication_string=PASSWORD('OPS123456#') where user='root';
flush privileges;


UPDATE user SET password=password('OPS123456#') WHERE user='root';


#这个有效果  mariadb 10 
use mysql 
SET password for 'root'@'localhost' = password('OPS123456#');


create database jumpserver char set utf8;
grant all on jumpserver.* to jumpserver@'%' identified by 'jumpserverLXTX136';


grant all on *.*  to root@'127.0.0.1' identified by 'myFD23';

监控了 127.0.0.1  我去   改为 0.0.0.0
cat /etc/mysql/mariadb.conf.d/50-server.cnf

bind-address            = 127.0.0.1



root@prod-fincy-jumpserver:~# netstat -nlpt 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      4129/exim4          
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      12034/mysqld   


systemctl restart mariadb

* docker docker-compose ins

* in jmp on docker

所以随便映射一个端口8001用于Web访问,2222用户ssh访问,因为本服务器关闭了Selinux,如果没有关闭,还需要将8001与2222加入可http的端口,在Nginx服务器将会详细配置。

#我用这个   注意这个 IP  特别是多个机器会不小心搞错 
docker run --name jms_all -d \
-v /opt/jumpserver:/opt/jumpserver/data/media \
-p 8080:80 \
-p 2222:2222 \
-e SECRET_KEY=secret \
-e BOOTSTRAP_TOKEN=secret \
-e DB_HOST=172.16.220.146 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=jumpserverLXTX136 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=172.16.220.146 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD=foobareLXTXe2456 \
-e JUMPSERVER_KEY_DIR=/config/guacamole/keys \
-e GUACAMOLE_HOME=/config/guacamole \
-e JUMPSERVER_SERVER=http://127.0.0.1:8080 \
jumpserver/jms_all:v2.2.1



#官方文档的 
docker run --name jms_all -d \
  -v /opt/jumpserver/data:/opt/jumpserver/data \
  -p 80:80 \
  -p 2222:2222 \
  -e SECRET_KEY=xxxxxx \
  -e BOOTSTRAP_TOKEN=xxx \
  -e DB_HOST=192.168.x.x \
  -e DB_PORT=3306 \
  -e DB_USER=root \
  -e DB_PASSWORD=xxx \
  -e DB_NAME=jumpserver \
  -e REDIS_HOST=192.168.x.x \
  -e REDIS_PORT=6379 \
  -e REDIS_PASSWORD=xxx \
  --privileged=true \
  jumpserver/jms_all:v2.2.1
  
  
  https://spex.top/archives/docker-jumpserver.html
  
  mysql 用户和密码写反了 
  
  django.db.utils.OperationalError: (2006, "Access denied for user 'jumpserverLXTX136'@'172.17.0.2' (using password: YES)")

USAGE

  要用空上格式 
  暂不支持OPENSSH格式的密钥,使用 ssh-keygen -t rsa -m pem生成



grant all on *.* to lxtx@'%' identified by 'FINCy5609824hHixxxxx';


Docker 安装


服务迁移

端口


    Jumpserver 默认 Web 端口为 8080/tcp, 默认 WS 端口为 8070/tcp, 配置文件 jumpserver/config.yml
    koko 默认 SSH 端口为 2222/tcp, 默认 Web Terminal 端口为 5000/tcp 配置文件在 koko/config.yml
    Guacamole 默认端口为 8081/tcp, 配置文件 /config/tomcat9/conf/server.xml
    Nginx 默认端口为 80/tcp
    Redis 默认端口为 6379/tcp
    Mysql 默认端口为 3306/tcp

ssh

ssh -p2222

sftp

sftp -P 大写的P 不是小写的p

troubleshooting

koko

Connecting to 1.231.144.243:2222...
Could not connect to '1.231.144.243' (port 2222): Connection failed.

可见 不太正常  我在海外也 telnet  2222 不通   restart 搞定 
[root@ntos ~]# telnet   127.0.0.1  2222
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.
[roottos ~]# docker ps 
CONTAINER ID        IMAGE                       COMMAND             CREATED             STATUS              PORTS                                            NAMES
f235b4dae318        jumpserver/jms_coco:1.4.9   "entrypoint.sh"     10 days ago         Up 10 days          0.0.0.0:2222->2222/tcp, 0.0.0.0:5000->5000/tcp   jms_coco
#重启这个 docker 容器正常了 
[root@tos ~]# docker restart  f235b4dae318

see also

使用JumpServer管理你的服务器


jumpserver 堡垒机配置使用图文详解

Jumpserver入门介绍

centos7 jumpserver安装与使用详解

取自“http://wiki.linuxchina.net/index.php?title=Jumpserver基础&oldid=4548