一、安装 1.1、环境要求
OS/Arch
Architecture
Linux Kernel
Soft Requirement
linux/amd64
x86_64
>= 4.0
wget curl tar gettext iptables python
linux/arm64
aarch64
>= 4.0
wget curl tar gettext iptables python
linux/loong64
loongarch64
== 4.19
wget curl tar gettext iptables python
1 2 apt-get update apt-get install -y wget curl tar gettext iptables
1 2 yum update yum install -y wget curl tar gettext iptables
JumpServer 需要使用 MySQL 或 MariaDB 存储数据,使用 Redis 缓存数据,如果希望使用自建数据库或云数据库请参考此处的要求,支持 数据库 SSL 连接 和 Redis SSL 连接。
Name
Version
Default Charset
Default collation
TLS/SSL
MySQL
>= 5.7
utf8
utf8_general_ci
√
MariaDB
>= 10.2
utf8mb3
utf8mb3_general_ci
√
Name
Version
Sentinel
Cluster
TLS/SSL
Redis
>= 5.0
√
×
√
1 2 3 4 5 create database jumpserver default charset 'utf8' ; set global validate_password_policy=LOW;create user 'jumpserver' @'%' identified by 'KXOeyNgDeTdpeu9q' ; grant all on jumpserver.* to 'jumpserver' @'%' ; flush privileges;
1 2 3 4 5 create database jumpserver default charset 'utf8' ; set global validate_password_policy=LOW;create user 'jumpserver' @'%' identified by 'KXOeyNgDeTdpeu9q' ; grant all on jumpserver.* to 'jumpserver' @'%' ; flush privileges;
系统环境需要安装docker
1.2、在线安装
1 2 3 4 5 curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.27.0/quick_start.sh | bash cd /opt/jumpserver-installer-v2.27.0./jmsctl.sh install
这边需要注意 的是 数据目录需要更改,其他默认就好,当然有独立的MySQL和Redis 也是可以的,
注意
: 设置华为源
配置文件 /opt/jumpserver/config/config.txt
1 2 3 4 5 6 ################################## 镜像配置 ################################### # # 国内连接 docker.io 会超时或下载速度较慢, 开启此选项使用华为云镜像加速 # 取代旧版本 DOCKER_IMAGE_PREFIX # DOCKER_IMAGE_MIRROR=1
1 2 3 4 5 6 7 8 9 10 11 12 13 cd /opt/jumpserver-installer-v2.27.0./jmsctl.sh start ./jmsctl.sh down ./jmsctl.sh uninstall ./jmsctl.sh -h
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 cd /optwget https://github.com/jumpserver/installer/releases/download/v2.27.0/jumpserver-installer-v2.27.0.tar.gz tar -xf jumpserver-installer-v2.27.0.tar.gz cd jumpserver-installer-v2.27.0cat config-example.txt./jmsctl.sh install ./jmsctl.sh start cd /opt/jumpserver-installer-v2.27.0./jmsctl.sh start ./jmsctl.sh down ./jmsctl.sh uninstall ./jmsctl.sh -h
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 # 以下设置如果为空系统会自动生成随机字符串填入 ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置 ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/ ## Docker 镜像配置 # DOCKER_IMAGE_MIRROR=1 ## 安装配置 VOLUME_DIR=/opt/jumpserver SECRET_KEY= BOOTSTRAP_TOKEN= LOG_LEVEL=ERROR ## MySQL 配置, 如果使用外置数据库, 请输入正确的 MySQL 信息 DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD= DB_NAME=jumpserver ## Redis 配置, 如果使用外置数据库, 请输入正确的 Redis 信息 REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD= # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改 DOCKER_SUBNET=192.168.250.0/24 ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效 USE_IPV6=0 DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64 ## 访问配置 HTTP_PORT=80 SSH_PORT=2222 RDP_PORT=3389 MAGNUS_PORTS=30000-30100 ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置 # USE_LB=1 # HTTPS_PORT=443 # SERVER_NAME=your_domain_name # SSL_CERTIFICATE=your_cert # SSL_CERTIFICATE_KEY=your_cert_key ## Nginx 文件上传大小 CLIENT_MAX_BODY_SIZE=4096m ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启 USE_TASK=1 # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期 # SESSION_COOKIE_AGE=86400 SESSION_EXPIRE_AT_BROWSER_CLOSE=True # Koko Lion XRDP 组件配置 CORE_HOST=http://core:8080 JUMPSERVER_ENABLE_FONT_SMOOTHING=True ## 终端使用宿主 HOSTNAME 标识 SERVER_HOSTNAME=${HOSTNAME} # 额外的配置 CURRENT_VERSION=
1.3、离线安装
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 cd /opttar -xf jumpserver-offline-installer-v2.27.0-amd64-113.tar.gz cd jumpserver-offline-installer-v2.27.0-amd64-113./jmsctl.sh install ./jmsctl.sh start cd jumpserver-offline-release-v2.27.0-amd64-113./jmsctl.sh start ./jmsctl.sh down ./jmsctl.sh uninstall ./jmsctl.sh -h
二、升级 升级及迁移请保持 SECRET_KEY 与旧版本一致,否则会导致数据库加密数据无法解密
更新前请一定要做好备份工作
2.1、在线升级 1 2 3 4 5 6 7 8 9 cd /optyum -y install wget wget https://github.com/jumpserver/installer/releases/download/v2.27.0/jumpserver-installer-v2.27.0.tar.gz tar -xf jumpserver-installer-v2.27.0.tar.gz cd jumpserver-installer-v2.27.0更新和启动 ./jmsctl.sh upgrade ./jmsctl.sh start
2.2、离线升级
1 2 3 4 5 6 cd /opttar -xf jumpserver-offline-installer-v2.27.0-amd64-113.tar.gz cd jumpserver-offline-installer-v2.27.0-amd64-113./jmsctl.sh upgrade ./jmsctl.sh start
三、迁移 3.1、备份数据库 1 2 3 4 5 6 7 8 9 DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: ****** DB_NAME: jumpserver
3.2、 记录 SECRET_KEY 和 BOOTSTRAP_TOKEN 1 cat /opt/jumpserver/config/config.txt | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
3.3、修改数据库字符集 1 2 3 4 5 6 7 8 if grep -q 'COLLATE=utf8_bin' /opt/jumpserver.sql; then cp /opt/jumpserver.sql /opt/jumpserver_bak.sql sed -i 's@ COLLATE=utf8_bin@@g' /opt/jumpserver.sql sed -i 's@ COLLATE utf8_bin@@g' /opt/jumpserver.sql else echo "备份数据库字符集正确" ; fi
3.4、下载 jumpserver-install 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 cd /optyum -y install wget wget https://github.com/jumpserver/installer/releases/download/v2.27.0/jumpserver-installer-v2.27.0.tar.gz tar -xf jumpserver-installer-v2.27.0.tar.gz cd jumpserver-installer-v2.27.0vi config-example.txt VOLUME_DIR=/opt/jumpserver SECRET_KEY= BOOTSTRAP_TOKEN= LOG_LEVEL=ERROR SESSION_EXPIRE_AT_BROWSER_CLOSE=True
3.4、开始部署 JumpServer 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 ./jmsctl.sh install ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗ ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝ ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗ ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ Version: v2.27.0 1. 检查配置文件 . . . . . >>> 安装完成了 1. 可以使用如下命令启动, 然后访问 cd /root/jumpserver-installer-v2.27.0./jmsctl.sh start 2. 其它一些管理命令 ./jmsctl.sh stop ./jmsctl.sh restart ./jmsctl.sh backup ./jmsctl.sh upgrade 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解 3. Web 访问 http://192.168.100.212:80 默认用户: admin 默认密码: admin 4. SSH/SFTP 访问 ssh -p2222 admin@192.168.100.212 sftp -P2222 admin@192.168.100.212
3.5、数据库还原 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 docker exec -it jms_mysql /bin/bash mysql -uroot -p$MARIADB_ROOT_PASSWORD drop database jumpserver; create database jumpserver default charset 'utf8' ; ./jmsctl.sh restore_db /opt/jumpserver.sql 开始还原数据库: /opt/jumpserver.sql mysql: [Warning] Using a password on the command line interface can be insecure. 数据库恢复成功! ./jmsctl.sh start
四、备份和还原
1 2 3 ./jmsctl.sh backup_db /opt/jumpserver/db_backup/
1 2 ./jmsctl.sh restore_db /opt/jumpserver.sql
写脚本备份到另外一台
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 #!/bin/sh TIME_TODAY=`date +%Y%m%d` TIME_TODAY_FORMAT=`date +%Y-%m-%d` JUMPSERVER_BIN=/opt/jumpserver-installer-v2.26.0 JUMPSERVER_PATH=/opt/jumpserver BACKUP_PATH=/opt/jumpserver/db_backup cd ${JUMPSERVER_BIN} ./jmsctl.sh backup_db cp ${JUMPSERVER_PATH} /config/config.txt ${BACKUP_PATH} /config_${TIME_TODAY_FORMAT} .txt rsync -avzP ${BACKUP_PATH} 192.168.x.x::jumpserver_backup
参考文档