Jumpserver部署文档官方版

环境：


<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow"># CentOS 7
</span>

$ setenforce 0 # 临时关闭，重启后失效

$ systemctl stop firewalld.service # 临时关闭，重启后失效

# 修改字符集，否则可能报 input/output error的问题，因为日志里打印了中文

$ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

$ export LC_ALL=zh_CN.UTF-8

$ echo ‘LANG=“zh_CN.UTF-8”’ > /etc/locale.conf

准备Python3和Python虚拟环境

安装依赖包：


<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git</span>
				</span>

安装Python3.6：

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">yum -y install python36 python36-devel</span>
				</span>

建立Python虚拟环境

因为 CentOS 6/7 自带的是 Python2，而 Yum 等工具依赖原来的 Python，为了不扰乱原来的环境我们来使用 Python 虚拟环境

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt
</span>

<span style="color:#404040; font-family:Consolas"><span style="font-size:9pt">$ python3 -m </span><span style="font-size:14pt">venv </span><span style="font-size:9pt">py3
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ source /opt/py3/bin/activate
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow"># </span><span style="font-family:宋体; background-color:yellow">看到下面的提示符代表成功，以后运行</span><span style="font-family:Consolas; background-color:yellow"> Jumpserver </span><span style="font-family:宋体; background-color:yellow">都要先运行以上</span><span style="font-family:Consolas; background-color:yellow"> source </span><span style="font-family:宋体; background-color:yellow">命令，以下所有命令均在该虚拟环境中运行</span><span style="font-family:Consolas; background-color:yellow">
					</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">(py3) [root@localhost py3]</span>
				</span>

懒癌解决办法：自动载入虚拟环境

此项仅为懒癌晚期的人员使用，防止运行 Jumpserver 时忘记载入 Python 虚拟环境导致程序无法运行。使用autoenv

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ git clone https://github.com/kennethreitz/autoenv.git
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ source ~/.bashrc</span>
				</span>

安装jumpserver

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ git clone https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow">$ echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env  # </span><span style="font-family:宋体; background-color:yellow">进入</span><span style="font-family:Consolas; background-color:yellow"> jumpserver </span><span style="font-family:宋体; background-color:yellow">目录时将自动载入</span><span style="font-family:Consolas; background-color:yellow"> python </span><span style="font-family:宋体; background-color:yellow">虚拟环境</span><span style="font-family:Consolas; background-color:yellow">
					</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow"># </span><span style="font-family:宋体; background-color:yellow">首次进入</span><span style="font-family:Consolas; background-color:yellow"> jumpserver </span><span style="font-family:宋体; background-color:yellow">文件夹会有提示，按</span><span style="font-family:Consolas; background-color:yellow"> y </span><span style="font-family:宋体; background-color:yellow">即可</span><span style="font-family:Consolas; background-color:yellow">
					</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow"># Are you sure you want to allow this? (y/N) y</span>
				</span>

安装依赖RPM包

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/jumpserver/requirements
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow">$ yum -y install $(cat rpm_requirements.txt)  # </span><span style="font-family:宋体; background-color:yellow">如果没有任何报错请继续</span><span style="font-family:Consolas">
					</span></span>

 安装 Python 库依赖

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ pip install -r requirements.txt</span>
				</span>

安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ yum -y install redis
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ systemctl enable redis
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ systemctl start redis</span>
				</span>

安装 MySQL

安装过程就过了，用原来的就行

本教程使用 Mysql 作为数据库，如果不使用 Mysql 可以跳过相关 Mysql 安装和配置

# centos7

$ yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb

$ systemctl enable mariadb

$ systemctl start mariadb

# centos6 自带的 mysql5.1 不支持，请在其他服务器上创建 jumpserver 数据库连接

创建数据库 Jumpserver 并授权

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ mysql
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">> create database jumpserver default charset 'utf8';
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">> flush privileges;</span>
				</span>

 修改 Jumpserver 配置文件

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/jumpserver
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cp config_example.py config.py
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ vi config.py</span>
				</span>

这里特别需要注意：更改的地方要完全对整齐，不能用tab建，只能用空格键，并且要完全对齐，

注意更改的地方如下

# Jumpserver 使用 SECRET_KEY 进行加密，请务必修改以下设置

# SECRET_KEY = os.environ.get(‘SECRET_KEY’) or ‘2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x’

SECRET_KEY =
’请随意输入随机字符串（推荐字符大于等于 50位）’

# DEBUG 模式 True为开启 False为关闭，默认开启，生产环境推荐关闭

# 注意：如果设置了DEBUG = False，访问8080端口页面会显示不正常，需要搭建 nginx 代理才可以正常访问

 <span style="color:#404040; font-family:Consolas; font-size:9pt">DEBUG <span style="color:#666666">=<span style="color:#404040"> os<span style="color:#666666">.<span style="color:#404040">environ<span style="color:#666666">.<span style="color:#404040">get(<span style="color:#4070a0">"DEBUG"<span style="color:#404040">) <span style="color:#007020"><strong>or</strong><span style="color:#404040"><br /> <span style="color:#007020"><strong>True</strong><span style="color:#404040"><br /> </span></span></span></span></span></span></span></span></span></span></span></span></span>

# 日志级别，默认为DEBUG，可调整为INFO, WARNING, ERROR, CRITICAL，默认INFO

<span style="color:#404040; font-family:Consolas; font-size:9pt">LOG_LEVEL <span style="color:#666666">=<span style="color:#404040"> os<span style="color:#666666">.<span style="color:#404040">environ<span style="color:#666666">.<span style="color:#404040">get(<span style="color:#4070a0">"LOG_LEVEL"<span style="color:#404040">) <span style="color:#007020"><strong>or</strong><span style="color:#404040"><br /> <span style="color:#4070a0">'WARNING'<span style="color:#404040"><br /> </span></span></span></span></span></span></span></span></span></span></span></span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">LOG_DIR <span style="color:#666666">=<span style="color:#404040"> os<span style="color:#666666">.<span style="color:#404040">path<span style="color:#666666">.<span style="color:#404040">join(BASE_DIR, <span style="color:#4070a0">'logs'<span style="color:#404040">)<br /> </span></span></span></span></span></span></span></span></span>

# 默认使用SQLite3，如果使用其他数据库请注释下面两行

# DB_ENGINE = ‘sqlite3’

# DB_NAME = os.path.join(BASE_DIR, ‘data’, ‘db.sqlite3’)

# 如果需要使用mysql或postgres，请取消下面的注释并输入正确的信息,本例使用mysql做演示(mariadb也是mysql)

DB_ENGINE = os.environ.get("DB_ENGINE") or
'mysql'

DB_HOST = os.environ.get("DB_HOST") or
'127.0.0.1'

DB_PORT = os.environ.get("DB_PORT") or
3306

DB_USER = os.environ.get("DB_USER") or
'jumpserver'

DB_PASSWORD = os.environ.get("DB_PASSWORD") or
'weakPassword'

DB_NAME = os.environ.get("DB_NAME") or
'jumpserver'

# Django 监听的ip和端口，生产环境推荐把0.0.0.0修改成127.0.0.1，这里的意思是允许x.x.x.x访问，127.0.0.1表示仅允许自身访问

# ./manage.py runserver 127.0.0.1:8080

HTTP_BIND_HOST =
'0.0.0.0'

HTTP_LISTEN_PORT =
8080

 生成数据库表结构和初始化数据

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/jumpserver/utils
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ sh make_migrations.sh</span>
				</span>

运行 Jumpserver

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/jumpserver
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow">$ ./jms start all  # </span><span style="font-family:宋体; background-color:yellow">后台运行使用</span><span style="font-family:Consolas; background-color:yellow"> -d </span><span style="font-family:宋体; background-color:yellow">参数</span><span style="font-family:Consolas"><span style="background-color:yellow">./jms start all -d</span>
					</span></span>

到这里登录jumpserver时可能会会无法登录。需要手动设置超级用户如下设置

运行不报错，请浏览器访问 http://192.168.244.144:8080/ 默认账号: admin 密码: admin 页面显示不正常先不用处理，继续往下操作，后面搭建 nginx 代理后即可正常访问，原因是因为 django 无法在非 debug 模式下加载静态资源

1. 在终端修改管理员密码及新建超级用户
   

</div>

<p style="background: #eeffcc">
  <span style="color:#404040; font-size:9pt"><span style="font-family:Consolas"># </span><span style="font-family:宋体">管理密码忘记了或者重置管理员密码</span><span style="font-family:Consolas"><br /> </span></span>
</p>

<p style="background: #eeffcc">
  <span style="color:#404040; font-family:Consolas; font-size:9pt">$ source /opt/py3/bin/activate<br /> </span>
</p>

<p style="background: #eeffcc">
  <span style="color:#404040; font-family:Consolas; font-size:9pt">$ cd /opt/jumpserver/apps<br /> </span>
</p>

<p style="background: #eeffcc">
  <span style="color:#404040; font-family:Consolas; font-size:9pt">$ python manage.py changepassword <user_name><br /> </span>
</p>

<p style="background: #eeffcc">
   
</p>

<p style="background: #eeffcc">
  <span style="color:#404040; font-size:9pt"><span style="font-family:Consolas"># </span><span style="font-family:宋体">新建超级用户的命令如下命令</span><span style="font-family:Consolas"><br /> </span></span>
</p>

<p style="background: #eeffcc">
  <span style="color:#404040; font-family:Consolas; font-size:9pt">$ python manage.py createsuperuser --username=user --email=user@domain.com<br /> </span>
</p>

<p style="text-align: justify; background: #fcfcfc">
  <h2>
    <span style="color:#404040"><span style="font-family:等线 Light">三</span><span style="font-family:Georgia">. </span><span style="font-family:等线 Light">安装</span><span style="font-family:Georgia"> SSH Server </span><span style="font-family:等线 Light">和</span><span style="font-family:Georgia"> WebSocket Server: Coco<br /> </span></span>
  </h2>
</p>

为啥要安装？ 

Coco 

实现了 SSH Server 和 Web Terminal Server 的组件，提供 SSH 和 WebSocket 接口, 使用 Paramiko 和 Flask 开发。 

<span style="color:#404040"><span style="font-family:等线">新开一个终端，别忘了</span><span style="font-family:Arial"> source /opt/py3/bin/activate</span></span> 

<p style="background: #00b050">
  <pre><code>&lt;span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt

</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ source /opt/py3/bin/activate
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow">$ echo "source /opt/py3/bin/activate" > /opt/coco/.env  # </span><span style="font-family:宋体; background-color:yellow">进入</span><span style="font-family:Consolas; background-color:yellow"> coco </span><span style="font-family:宋体; background-color:yellow">目录时将自动载入</span><span style="font-family:Consolas; background-color:yellow"> python </span><span style="font-family:宋体; background-color:yellow">虚拟环境</span><span style="font-family:Consolas; background-color:yellow">
							</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow"># </span><span style="font-family:宋体; background-color:yellow">首次进入</span><span style="font-family:Consolas; background-color:yellow"> coco </span><span style="font-family:宋体; background-color:yellow">文件夹会有提示，按</span><span style="font-family:Consolas; background-color:yellow"> y </span><span style="font-family:宋体; background-color:yellow">即可</span><span style="font-family:Consolas; background-color:yellow">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow"># Are you sure you want to allow this? (y/N) y</span>
						</span>

安装依赖包

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/coco/requirements
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ <em>yum -y  install $(cat rpm_requirements.txt)</em>
						</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ pip install -r requirements.txt</span>
						</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">修改配置文件并运行</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ cd /opt/coco
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt; background-color:yellow">$ mkdir keys logs
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas; background-color:yellow">$ cp conf_example.py conf.py  # </span><span style="font-family:宋体; background-color:yellow">如果</span><span style="font-family:Consolas; background-color:yellow"> coco </span><span style="font-family:宋体; background-color:yellow">与</span><span style="font-family:Consolas; background-color:yellow"> jumpserver </span><span style="font-family:宋体; background-color:yellow">分开部署，请手动修改</span><span style="font-family:Consolas; background-color:yellow"> conf.py
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt"><span style="background-color:yellow">$ vi conf.py</span>
						</span>

到这里如果是根据文档安装的就不需要更改内容直接启动就行

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">$ ./cocod start  # </span><span style="font-family:宋体">后台运行使用</span><span style="font-family:Consolas"> -d </span><span style="font-family:宋体">参数</span><span style="font-family:Consolas">./cocod start -d
</span></span>

启动成功后去Jumpserver 会话管理-终端管理接受coco的注册

注册后就可以使用2222端口登录跳板机

安装 Web Terminal 前端: Luna

如果不需要web端这里可以不安装

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ cd /opt
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ wget https://github.com/jumpserver/luna/releases/download/1.4.3/luna.tar.gz
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ tar xvf luna.tar.gz
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ chown -R root:root luna
</span>

配置nginx整合组建

安装nginx省略

准备配置文件
修改 /etc/nginx/conf.d/jumpserver.conf

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ vim /etc/nginx/conf.d/jumpserver.conf
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas"># </span><span style="font-family:宋体">注意注释</span><span style="font-family:Consolas"> nginx.conf </span><span style="font-family:宋体">里面的</span><span style="font-family:Consolas"> server {} </span><span style="font-family:宋体">内容</span><span style="font-family:Consolas">
							</span><span style="font-family:宋体">，</span><span style="font-family:Consolas">CentOS 6 </span><span style="font-family:宋体">需要修改文件</span><span style="font-family:Consolas"> /etc/nginx/cond.f/default.conf
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">server {
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">    listen 80;  # </span><span style="font-family:宋体">代理端口，以后将通过此端口进行访问，不再通过</span><span style="font-family:Consolas">8080</span><span style="font-family:宋体">端口</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">    server_name demo.jumpserver.org;  # </span><span style="font-family:宋体">修改成你的域名</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">    client_max_body_size 100m;  # </span><span style="font-family:宋体">录像及文件上传大小限制</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location /luna/ {
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        try_files $uri / /index.html;
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        alias /opt/luna/;  # luna </span><span style="font-family:宋体">路径，如果修改安装目录，此处需要修改</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location /media/ {
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        add_header Content-Encoding gzip;
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        root /opt/jumpserver/data/;  # </span><span style="font-family:宋体">录像位置，如果修改安装目录，此处需要修改</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location /static/ {
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        root /opt/jumpserver/data/;  # </span><span style="font-family:宋体">静态资源，如果修改安装目录，此处需要修改</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location /socket.io/ {
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        proxy_pass       http://localhost:5000/socket.io/;  # </span><span style="font-family:宋体">如果</span><span style="font-family:Consolas">coco</span><span style="font-family:宋体">安装在别的服务器，请填写它的</span><span style="font-family:Consolas">ip
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_buffering off;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_http_version 1.1;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Upgrade $http_upgrade;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Connection "upgrade";
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Real-IP $remote_addr;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Host $host;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        access_log off;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location /coco/ {
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        proxy_pass       http://localhost:5000/coco/;  # </span><span style="font-family:宋体">如果</span><span style="font-family:Consolas">coco</span><span style="font-family:宋体">安装在别的服务器，请填写它的</span><span style="font-family:Consolas">ip
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Real-IP $remote_addr;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Host $host;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        access_log off;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location /guacamole/ {
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        proxy_pass       http://localhost:8081/;  # </span><span style="font-family:宋体">如果</span><span style="font-family:Consolas">guacamole</span><span style="font-family:宋体">安装在别的服务器，请填写它的</span><span style="font-family:Consolas">ip
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_buffering off;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_http_version 1.1;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Upgrade $http_upgrade;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Connection $http_connection;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Real-IP $remote_addr;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Host $host;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        access_log off;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    location / {
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas">        proxy_pass http://localhost:8080;  # </span><span style="font-family:宋体">如果</span><span style="font-family:Consolas">jumpserver</span><span style="font-family:宋体">安装在别的服务器，请填写它的</span><span style="font-family:Consolas">ip
</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Real-IP $remote_addr;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header Host $host;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">    }
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">}
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">注意域名的更改</span><span style="font-family:Consolas">
							</span></span>

运行nginx

测试连接

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">如果登录客户端是</span><span style="font-family:Consolas"> macOS </span><span style="font-family:宋体">或</span><span style="font-family:Consolas"> Linux </span><span style="font-family:宋体">，登录语法如下</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ ssh -p2222 admin@192.168.244.144
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ sftp -P2222 admin@192.168.244.144
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">密码</span><span style="font-family:Consolas">: admin
</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">如果登录客户端是</span><span style="font-family:Consolas"> Windows </span><span style="font-family:宋体">，</span><span style="font-family:Consolas">Xshell Terminal </span><span style="font-family:宋体">登录语法如下</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ ssh admin@192.168.244.144 2222
</span>

<span style="color:#404040; font-family:Consolas; font-size:9pt">$ sftp admin@192.168.244.144 2222
</span>

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">密码</span><span style="font-family:Consolas">: admin
</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:宋体">如果能登陆代表部署成功</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas"># sftp</span><span style="font-family:宋体">默认上传的位置在资产的</span><span style="font-family:Consolas"> /tmp </span><span style="font-family:宋体">目录下</span><span style="font-family:Consolas">
							</span></span>

<span style="color:#404040; font-size:9pt"><span style="font-family:Consolas"># windows</span><span style="font-family:宋体">拖拽上传的位置在资产的</span><span style="font-family:Consolas"> Guacamole RDP</span><span style="font-family:宋体">上的</span><span style="font-family:Consolas"> G </span><span style="font-family:宋体">目录下</span></span>