Install jumpserver

    JumpServer（ Fortress machine , Springboard machine ） It's a utility model Django（ from Python It's written in ） Open source springboard system developed , Provide certification for Internet enterprises 、 Audit 、 Authorization and automatic operation and maintenance .

     This article mainly looks at how to install JumpServer.

1. Environmental requirements

    According to official documents ,JumpServer The environmental requirements during installation are ：

    ① Hardware requirements ：2 individual CPU The core ,4G Memory ,50G Minimum requirements for hard disk ;

    ② Operating system requirements ：Linux Distribution version , No less than the kernel version 4.0;

    ③ Database version requirements ：MySQL Version no less than 5.7,MariaDB Version no less than 10.2,Redis Version no less than 5.0.

    The author has prepared two Ubuntu18.04 Version host as JumpServer Servers and database servers , ." jumpserver and mysql-server.

2. Deploy MySQL service

2.1 install Docker and Docker-compose

    mysql-server You need to prepare for installation in advance Docker and Docker-compose, This article will not demonstrate , The method can be referred to 《 install Harbor Warehouse , And achieve high availability 》（ link ：​ ​https://blog.51cto.com/johnnyfang/5502714​​） Script installation part of article .

2.2 download MySQL Mirror image

    jumpserver Yes MySQL The version of the database should be no less than 5.7, The author through Docker The official download MySQL5.7.36 edition , If you want to choose another version , You can also query the specific version through the official website （ Version selection interface ：​ ​https://hub.docker.com/_/mysql?tab=tags​​）.

2.3 obtain MySQL The configuration file

    JumpServer requirement MySQL Container support utf8 Format , Need to be revised mysqld.cnf and mysql.cnf file , You can write your own , You can also temporarily start a container copy to modify .

     The author will create a good data directory by the way , After that /data/mysql/jumpserver The directory is hung in the container , And will /data/mysql/conf The two configuration files in the directory replace the default MySQL The configuration file .

2.4 start-up MySQL Containers

     After getting and modifying MySQL After two profiles , You can start MySQL Containers , When starting, you mainly set environment variables , Replace the default file in the container with the two configuration files , And will host the /data/mysql/jumpserver The directory is attached to the database directory .

2.5 Verify database encoding

     After logging into the database , Check whether the current database supports utf8 Format .

2.6 Create databases and authorized users

2.6.1 Create database

     Create a new database , The author named it jumpserver, And set the default format to utf8.

2.6.2 Create authorized users

     The authorized login user part has the same name as the database , Set that you can login in the same network segment . It should be noted that , The database authorization account password cannot be a pure number , Otherwise start later JumpServer The container will report an error .

2.7 Verify database permissions

     Find a server to install MySQL Server side or client side , test mysql-server Medium jumpserver Whether the database can be logged , If the content can be displayed, it means normal .

3. Deploy Redis service

3.1 download Redis Mirror image

    Redis The service is still on mysql-server Server .Redis Mirroring can be done through Docker official （ Version selection interface ：​ ​https://hub.docker.com/_/redis?tab=tags​​） obtain , What I choose is 6.2.5 edition .

3.2 start-up Redis Containers

     In production, if it is deployed through containers Redis, Suggestions will also Redis Copy the configuration file for login encryption , The author will not do more settings in the experiment .

3.3 verification Redis Container access

     Find any server to install Redis client , See if you can successfully log in and check Redis Information , You can also use telenet see .

4. Deploy JumpServer

4.1 install Docker and Docker-compose

    jumpserver The server also needs to be installed in advance Docker and Docker-compose, Because it will pass Docker Official download jumpserver Large mirror image , It is recommended to configure image acceleration .

4.2 download JumpServer Mirror image

    JumpServer The image updates faster , At present for 2.24.0 edition , Considering the stability , What I choose is 2.18.1 edition （ Version selection interface ：​ ​https://hub.docker.com/r/jumpserver/jms_all/tags​​）.

4.3 Generate encryption keys and token

     Start up JumpServer Before the container , You also need to encrypt the secret key randomly and initialize token. Secret key and initialization token Some can be specified by yourself , But the safety is relatively poor , We can pass a simple shell Command from the /dev/urandom Randomly generated in the file , Generally, it includes English case and number . The random secret key is recommended to be set longer , For example, set to 50 position , initialization token Can be short , for example 16 position .

4.4 start-up JumpServer Containers

4.4.1 Create a video save path

    JumpServer It can record the relevant operations of users , It is recommended to create a directory separately on the host computer and mount it into a container for video storage .

4.4.2 start-up JumpServer Containers

     start-up JumpServer When the container , You need to specify the MySQL and Redis The relevant information of the container and the random secret key and token, The details are as follows （2222 Port is JumpServer Of ssh port ）：

4.4.3 Verify database content

     Because the author directly JumpServer The container is thrown into the background to run , You can't see the specific process when starting , Wait for a period of time during normal startup , It can be put on the front desk to see the specific effect . wait for JumpServer The container is officially running , You can log in. MySQL In container jumpserver database , There are many more tables in it .

4.5 Browser login

     stay JumpServer The container is started , And you can view the relevant tables through the database , You can log in through the browser , The default username and password are admin.

     After logging in, you will be prompted to change your login name and password , After setting, return to the login interface and fill in the login name and password again to enter the management page .