JumpServer介紹:
跳板機(openvpn):就是一台服務器,維護人員在維護過程中,首先要統一登陸到這台服務器上,然後從這台服務器再登陸到目標設備進行維護。但是跳板機沒有實現對運維人員操作行為的控制和審計,此外,跳板機存在嚴重的安全風險,一旦跳板機系統被入侵,則後端的資源將被完全暴露。
堡壘機(JumpServer):可以理解為加強版的跳板機,添加了角色管控,授權審批,信息訪問控制,操作記錄和審計,系統變更和維護控制要求等
堡壘機4個核心能力:4A
Authentication:身份鑑別-->防止身份冒用和複用
Authorization:授權控制-->防止內部誤操作和權限濫用
Accounting:賬號管理-->人員和資產管理
Auditing:安全審計-->溯源保障和事故分析的依據
JumpServer安裝:
環境要求:
硬件配置:2CPU+4Gmem+50G存儲 (最低)
操作系統:Linux發行版x86_64
Python=3.6x
Mysql Server>=5.6 或者Mariadb Server>=5.5.56 數據庫編碼要求utf8
Redis
安裝方法:
手動部署:一步一步實現,需要手動安裝各個組件
急速部署:資產數量不多,或者測試體驗的用户可以使用腳本快速部署
容器部署:基於docker實現
分佈式部署:適用於多資產的大型環境
基於容器部署:
外置數據庫要求:
mysql版本要大於等於5.6
mariadb版本要大於等於5.5.6
數據庫編碼要求utf8
基於容器安裝完畢後可以通過以下方式訪問:
瀏覽器訪問:http://容器所在服務器IP
默認管理員賬號密碼:admin/admin
ssh訪問: ssh -p 2222 容器所在服務器Ip
xshell鏈接,默認ssh端口為2222
1 安裝mysql服務
1.1 在宿主機準備MySQL的配置文件
#準備相關配置目錄
mkdir -p /etc/mysql/mysql.conf.d/
mkdir -p /etc/mysql/conf.d
mkdir -p /data
#生成配置文件,指定字符集
tee /etc/mysql/mysql.conf.d/mysqld.cnf <<EOF
[mysqld]
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysqld/mysqld.sock
datadir=/var/lib/mysql
symbolic-links=0
character-set-server=utf8
EOF
#生成配置文件,指定字符集
tee /etc/mysql/conf.d/mysql.cnf <<EOF
[mysql]
default-character-set=utf8
EOF1.2 啓動MySQL容器
將宿主機設置好的配置文件掛在到mysql容器中
docker run -d -p 3306:3306 --name mysql --restart always \
-e MYSQL_ROOT_PASSWORD=123456 \
-e MYSQL_DATABASE=jumpserver \
-e MYSQL_USER=jumpserver \
-e MYSQL_PASSWORD=123456 \
-v /data/mysql:/var/lib/mysql \
-v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
-v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf \
mysql:5.7.30測試mysql容器是否安裝好
[root@centos7 imagesFile]# docker exec -it mysql sh
# mysql -p123456
mysql> show variables like 'character%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)
mysql> show variables like 'collation%';
+----------------------+-----------------+
| Variable_name | Value |
+----------------------+-----------------+
| collation_connection | utf8_general_ci |
| collation_database | utf8_general_ci |
| collation_server | utf8_general_ci |
+----------------------+-----------------+
3 rows in set (0.00 sec)
mysql> exit
Bye
# cat /var/lib/mysql/jumpserver/db.opt
default-character-set=utf8
default-collation=utf8_general_ci
# cat /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysqld/mysqld.sock
datadir=/var/lib/mysql
symbolic-links=0
character-set-server=utf8
# cat /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
# mysql -p123456
mysql> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| jumpserver | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
[root@centos7 imagesFile]# yum -y install mysql
[root@centos7 imagesFile]# mysql -ujumpserver -p123456 -h10.0.0.13
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
+--------------------+
2 rows in set (0.00 sec)2 安裝redis服務
2.1 啓動redis
[root@centos7 imagesFile]# docker run -d -p 6379:6379 --name redis --restart always redis:5.0.9
[root@centos7 imagesFile]# docker ps -a|grep redis
81cd196e11b6 redis:5.0.9 "docker-entrypoint.s…" 9 minutes ago Up 9 minutes 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis
#驗證redis
[root@centos7 imagesFile]# yum -y install redis
[root@centos7 imagesFile]#[root@centos7 imagesFile]# redis-cli -h 10.0.0.13
10.0.0.13:6379> info
# Server
redis_version:5.0.9
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:9f4bb002aa1b31e63 部署JumpServer
3.1 生成key和容器部署啓動JumpServer
# vim JumpserverKeyCreate.sh
#!/bin/bash
if [ ! "$SECRET_KEY" ];then
SECRET_KEY=`cat /dev/urandom |tr -dc A-Za-z0-9|head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ];then
BOOTSTRAP_TOKEN=`cat /dev/urandom |tr -dc A-Za-z0-9|head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
[root@centos7 scripts]# tail -n2 ~/.bashrc
SECRET_KEY=72eFYdTIxYiqL2RObPilUvamb9zbj1ujDQRLqZAhJSaLkPGQIE
BOOTSTRAP_TOKEN=HfIILpAlMGtqWaeI
[root@centos7 scripts]# cat JumpserverDockerStart.sh
#!/bin/bash
docker run --name jms_all -d \
-v /opt/jumpserver/data:/opt/jumpserver/data \
-p 80:80 \
-p 2222:2222 \
--restart always \
-e SECRET_KEY=72eFYdTIxYiqL2RObPilUvamb9zbj1ujDQRLqZAhJSaLkPGQIE \
-e BOOTSTRAP_TOKEN=HfIILpAlMGtqWaeI \
-e DB_HOST=10.0.0.13 \
-e DB_PORT=3306 \
-e DB_USER=root \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=10.0.0.13 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD='' \
--privileged=true \
jumpserver/jms_all:v2.19.2
#啓動後查看容器日誌
[root@centos7 scripts]# docker run --name jms_all -d \
> -v /opt/jumpserver/data:/opt/jumpserver/data \
> -p 80:80 \
> -p 2222:2222 \
> --restart always \
> -e SECRET_KEY=72eFYdTIxYiqL2RObPilUvamb9zbj1ujDQRLqZAhJSaLkPGQIE \
> -e BOOTSTRAP_TOKEN=HfIILpAlMGtqWaeI \
> -e DB_HOST=10.0.0.13 \
> -e DB_PORT=3306 \
> -e DB_USER=root \
> -e DB_PASSWORD=123456 \
> -e DB_NAME=jumpserver \
> -e REDIS_HOST=10.0.0.13 \
> -e REDIS_PORT=6379 \
> -e REDIS_PASSWORD='' \
> --privileged=true \
> jumpserver/jms_all:v2.19.2
ab0780e484ae4aa2cf6688b52aae20eb6efccf952eb95bcc8c4c28b68c199237
[root@centos7 scripts]# docker logs -f jms_all
Starting supervisor: supervisord.
Time: 2025-12-25 17:38:13
The Installation is Complete.
--------------------------------------------------
| Documentation: https://docs.jumpserver.org/ |
| Official Website: https://www.jumpserver.org/ |
--------------------------------------------------
██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
Version: v2.19.2
Default Access:
username: admin password: admin
LOG_LEVEL: ERROR
JumpServer Logs:3.2 登陸驗證JumpServer
瀏覽器輸入:http://10.0.0.13,自動跳轉到登陸界面,初始賬號和密碼admin/admin
第一次登陸之後,需要修改密碼,然後才能正常登陸界面
念念不忘,必有迴響。
本文章為轉載內容,我們尊重原作者對文章享有的著作權。如有內容錯誤或侵權問題,歡迎原作者聯繫我們進行內容更正或刪除文章。
