{"id":960,"date":"2021-10-11T17:31:36","date_gmt":"2021-10-12T00:31:36","guid":{"rendered":"https:\/\/www.xh86.me\/?p=960"},"modified":"2021-10-11T17:31:36","modified_gmt":"2021-10-12T00:31:36","slug":"centos-7-%e5%ae%89%e8%a3%85jumpserver","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=960","title":{"rendered":"CentOS 7 \u5b89\u88c5jumpserver"},"content":{"rendered":"<div id=\"id1\" class=\"section\">\n<h2>\u8bf4\u660e<\/h2>\n<ul class=\"simple\">\n<li># \u5f00\u5934\u7684\u884c\u8868\u793a\u6ce8\u91ca<\/li>\n<li>&gt; \u5f00\u5934\u7684\u884c\u8868\u793a\u9700\u8981\u5728 mysql \u4e2d\u6267\u884c<\/li>\n<li>$ \u5f00\u5934\u7684\u884c\u8868\u793a\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4<\/li>\n<\/ul>\n<\/div>\n<div id=\"id4\" class=\"section\">\n<h2>\u73af\u5883<\/h2>\n<ul class=\"simple\">\n<li>\u7cfb\u7edf: CentOS 7<\/li>\n<li>IP: 192.168.244.144<\/li>\n<li>\u76ee\u5f55: \/opt<\/li>\n<li>\u6570\u636e\u5e93: mariadb<\/li>\n<li>\u4ee3\u7406: nginx<\/li>\n<\/ul>\n<\/div>\n<div id=\"id5\" class=\"section\">\n<h2>\u5f00\u59cb\u5b89\u88c5<\/h2>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre>$ yum update -y\r\n\r\n<span class=\"c1\"># \u9632\u706b\u5899 \u4e0e selinux \u8bbe\u7f6e\u8bf4\u660e, \u5982\u679c\u5df2\u7ecf\u5173\u95ed\u4e86 \u9632\u706b\u5899 \u548c Selinux \u7684\u7528\u6237\u8bf7\u8df3\u8fc7\u8bbe\u7f6e<\/span>\r\n$ systemctl start firewalld\r\n$ firewall-cmd --zone<span class=\"o\">=<\/span>public --add-port<span class=\"o\">=<\/span><span class=\"m\">80<\/span>\/tcp --permanent  <span class=\"c1\"># nginx \u7aef\u53e3<\/span>\r\n$ firewall-cmd --zone<span class=\"o\">=<\/span>public --add-port<span class=\"o\">=<\/span><span class=\"m\">2222<\/span>\/tcp --permanent  <span class=\"c1\"># \u7528\u6237SSH\u767b\u5f55\u7aef\u53e3 coco<\/span>\r\n  --permanent  \u6c38\u4e45\u751f\u6548, \u6ca1\u6709\u6b64\u53c2\u6570\u91cd\u542f\u540e\u5931\u6548\r\n\r\n$ firewall-cmd --reload  <span class=\"c1\"># \u91cd\u65b0\u8f7d\u5165\u89c4\u5219<\/span>\r\n\r\n$ setenforce <span class=\"m\">0<\/span>\r\n$ sed -i <span class=\"s2\">\"s\/SELINUX=enforcing\/SELINUX=disabled\/g\"<\/span> \/etc\/selinux\/config\r\n\r\n<span class=\"c1\"># \u5b89\u88c5\u4f9d\u8d56\u5305<\/span>\r\n$ yum -y install wget gcc epel-release git\r\n\r\n<span class=\"c1\"># \u5b89\u88c5 Redis, Jumpserver \u4f7f\u7528 Redis \u505a cache \u548c celery broke<\/span>\r\n$ yum -y install redis\r\n$ systemctl <span class=\"nb\">enable<\/span> redis\r\n$ systemctl start redis\r\n\r\n<span class=\"c1\"># \u5b89\u88c5 MySQL, \u5982\u679c\u4e0d\u4f7f\u7528 Mysql \u53ef\u4ee5\u8df3\u8fc7\u76f8\u5173 Mysql \u5b89\u88c5\u548c\u914d\u7f6e, \u652f\u6301sqlite3, mysql, postgres\u7b49<\/span>\r\n$ yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared <span class=\"c1\"># centos7\u4e0b\u53ebmariadb, \u7528\u6cd5\u4e0emysql\u4e00\u81f4<\/span>\r\n$ systemctl <span class=\"nb\">enable<\/span> mariadb\r\n$ systemctl start mariadb\r\n<span class=\"c1\"># \u521b\u5efa\u6570\u636e\u5e93 Jumpserver \u5e76\u6388\u6743<\/span>\r\n$ <span class=\"nv\">DB_PASSWORD<\/span><span class=\"o\">=<\/span><span class=\"sb\">`<\/span>cat \/dev\/urandom <span class=\"p\">|<\/span> tr -dc A-Za-z0-9 <span class=\"p\">|<\/span> head -c <span class=\"m\">24<\/span><span class=\"sb\">`<\/span>  <span class=\"c1\"># \u751f\u6210\u968f\u673a\u6570\u636e\u5e93\u5bc6\u7801<\/span>\r\n$ <span class=\"nb\">echo<\/span> -e <span class=\"s2\">\"\\033[31m \u4f60\u7684\u6570\u636e\u5e93\u5bc6\u7801\u662f <\/span><span class=\"nv\">$DB_PASSWORD<\/span><span class=\"s2\"> \\033[0m\"<\/span>\r\n$ mysql -uroot -e <span class=\"s2\">\"create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '<\/span><span class=\"nv\">$DB_PASSWORD<\/span><span class=\"s2\">'; flush privileges;\"<\/span>\r\n\r\n<span class=\"c1\"># \u5b89\u88c5 Nginx, \u7528\u4f5c\u4ee3\u7406\u670d\u52a1\u5668\u6574\u5408 Jumpserver \u4e0e\u5404\u4e2a\u7ec4\u4ef6<\/span>\r\n$ vi \/etc\/yum.repos.d\/nginx.repo\r\n\r\n<span class=\"o\">[<\/span>nginx<span class=\"o\">]<\/span>\r\n<span class=\"nv\">name<\/span><span class=\"o\">=<\/span>nginx repo\r\n<span class=\"nv\">baseurl<\/span><span class=\"o\">=<\/span>http:\/\/nginx.org\/packages\/centos\/7\/<span class=\"nv\">$basearch<\/span>\/\r\n<span class=\"nv\">gpgcheck<\/span><span class=\"o\">=<\/span><span class=\"m\">0<\/span>\r\n<span class=\"nv\">enabled<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span>\r\n\r\n$ yum -y install nginx\r\n$ systemctl <span class=\"nb\">enable<\/span> nginx\r\n\r\n<span class=\"c1\"># \u5b89\u88c5 Python3.6<\/span>\r\n$ yum -y install python36 python36-devel\r\n\r\n<span class=\"c1\"># \u914d\u7f6e\u5e76\u8f7d\u5165 Python3 \u865a\u62df\u73af\u5883<\/span>\r\n$ <span class=\"nb\">cd<\/span> \/opt\r\n$ python3.6 -m venv py3  <span class=\"c1\"># py3 \u4e3a\u865a\u62df\u73af\u5883\u540d\u79f0, \u53ef\u81ea\u5b9a\u4e49<\/span>\r\n$ <span class=\"nb\">source<\/span> \/opt\/py3\/bin\/activate  <span class=\"c1\"># \u9000\u51fa\u865a\u62df\u73af\u5883\u53ef\u4ee5\u4f7f\u7528 deactivate \u547d\u4ee4<\/span>\r\n\r\n<span class=\"c1\"># \u770b\u5230\u4e0b\u9762\u7684\u63d0\u793a\u7b26\u4ee3\u8868\u6210\u529f, \u4ee5\u540e\u8fd0\u884c Jumpserver \u90fd\u8981\u5148\u8fd0\u884c\u4ee5\u4e0a source \u547d\u4ee4, \u8f7d\u5165\u73af\u5883\u540e\u9ed8\u8ba4\u4ee5\u4e0b\u6240\u6709\u547d\u4ee4\u5747\u5728\u8be5\u865a\u62df\u73af\u5883\u4e2d\u8fd0\u884c<\/span>\r\n<span class=\"o\">(<\/span>py3<span class=\"o\">)<\/span> <span class=\"o\">[<\/span>root@localhost py3<span class=\"o\">]<\/span>\r\n\r\n<span class=\"c1\"># \u4e0b\u8f7d Jumpserver<\/span>\r\n$ <span class=\"nb\">cd<\/span> \/opt\/\r\n$ git clone https:\/\/github.com\/jumpserver\/jumpserver.git\r\n$ <span class=\"nb\">cd<\/span> \/opt\/jumpserver\r\n$ git checkout <span class=\"m\">1<\/span>.4.8\r\n\r\n<span class=\"c1\"># \u5b89\u88c5\u4f9d\u8d56 RPM \u5305<\/span>\r\n$ yum -y install <span class=\"k\">$(<\/span>cat \/opt\/jumpserver\/requirements\/rpm_requirements.txt<span class=\"k\">)<\/span>\r\n\r\n<span class=\"c1\"># \u5b89\u88c5 Python \u5e93\u4f9d\u8d56<\/span>\r\n$ pip install wheel\r\n$ pip install --upgrade pip setuptools\r\n$ pip install -r \/opt\/jumpserver\/requirements\/requirements.txt\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># \u4fee\u6539 Jumpserver \u914d\u7f6e\u6587\u4ef6<\/span>\r\n$ <span class=\"nb\">cd<\/span> \/opt\/jumpserver\r\n$ cp config_example.yml config.yml\r\n\r\n$ <span class=\"nv\">SECRET_KEY<\/span><span class=\"o\">=<\/span><span class=\"sb\">`<\/span>cat \/dev\/urandom <span class=\"p\">|<\/span> tr -dc A-Za-z0-9 <span class=\"p\">|<\/span> head -c <span class=\"m\">50<\/span><span class=\"sb\">`<\/span>  <span class=\"c1\"># \u751f\u6210\u968f\u673aSECRET_KEY<\/span>\r\n$ <span class=\"nb\">echo<\/span> <span class=\"s2\">\"SECRET_KEY=<\/span><span class=\"nv\">$SECRET_KEY<\/span><span class=\"s2\">\"<\/span> &gt;&gt; ~\/.bashrc\r\n$ <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span><span class=\"sb\">`<\/span>cat \/dev\/urandom <span class=\"p\">|<\/span> tr -dc A-Za-z0-9 <span class=\"p\">|<\/span> head -c <span class=\"m\">16<\/span><span class=\"sb\">`<\/span>  <span class=\"c1\"># \u751f\u6210\u968f\u673aBOOTSTRAP_TOKEN<\/span>\r\n$ <span class=\"nb\">echo<\/span> <span class=\"s2\">\"BOOTSTRAP_TOKEN=<\/span><span class=\"nv\">$BOOTSTRAP_TOKEN<\/span><span class=\"s2\">\"<\/span> &gt;&gt; ~\/.bashrc\r\n\r\n$ sed -i <span class=\"s2\">\"s\/SECRET_KEY:\/SECRET_KEY: <\/span><span class=\"nv\">$SECRET_KEY<\/span><span class=\"s2\">\/g\"<\/span> \/opt\/jumpserver\/config.yml\r\n$ sed -i <span class=\"s2\">\"s\/BOOTSTRAP_TOKEN:\/BOOTSTRAP_TOKEN: <\/span><span class=\"nv\">$BOOTSTRAP_TOKEN<\/span><span class=\"s2\">\/g\"<\/span> \/opt\/jumpserver\/config.yml\r\n$ sed -i <span class=\"s2\">\"s\/# DEBUG: true\/DEBUG: false\/g\"<\/span> \/opt\/jumpserver\/config.yml\r\n$ sed -i <span class=\"s2\">\"s\/# LOG_LEVEL: DEBUG\/LOG_LEVEL: ERROR\/g\"<\/span> \/opt\/jumpserver\/config.yml\r\n$ sed -i <span class=\"s2\">\"s\/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false\/SESSION_EXPIRE_AT_BROWSER_CLOSE: true\/g\"<\/span> \/opt\/jumpserver\/config.yml\r\n$ sed -i <span class=\"s2\">\"s\/DB_PASSWORD: \/DB_PASSWORD: <\/span><span class=\"nv\">$DB_PASSWORD<\/span><span class=\"s2\">\/g\"<\/span> \/opt\/jumpserver\/config.yml\r\n\r\n$ <span class=\"nb\">echo<\/span> -e <span class=\"s2\">\"\\033[31m \u4f60\u7684SECRET_KEY\u662f <\/span><span class=\"nv\">$SECRET_KEY<\/span><span class=\"s2\"> \\033[0m\"<\/span>\r\n$ <span class=\"nb\">echo<\/span> -e <span class=\"s2\">\"\\033[31m \u4f60\u7684BOOTSTRAP_TOKEN\u662f <\/span><span class=\"nv\">$BOOTSTRAP_TOKEN<\/span><span class=\"s2\"> \\033[0m\"<\/span>\r\n\r\n$ vi config.yml  <span class=\"c1\"># \u786e\u8ba4\u5185\u5bb9\u6709\u6ca1\u6709\u9519\u8bef<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-yaml notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># SECURITY WARNING: keep the secret key used in production secret!<\/span>\r\n<span class=\"c1\"># \u52a0\u5bc6\u79d8\u94a5 \u751f\u4ea7\u73af\u5883\u4e2d\u8bf7\u4fee\u6539\u4e3a\u968f\u673a\u5b57\u7b26\u4e32, \u8bf7\u52ff\u5916\u6cc4, PS: \u7eaf\u6570\u5b57\u4e0d\u53ef\u4ee5<\/span>\r\n<span class=\"nt\">SECRET_KEY<\/span><span class=\"p\">:<\/span>\r\n\r\n<span class=\"c1\"># SECURITY WARNING: keep the bootstrap token used in production secret!<\/span>\r\n<span class=\"c1\"># \u9884\u5171\u4eabToken coco\u548cguacamole\u7528\u6765\u6ce8\u518c\u670d\u52a1\u8d26\u53f7, \u4e0d\u5728\u4f7f\u7528\u539f\u6765\u7684\u6ce8\u518c\u63a5\u53d7\u673a\u5236<\/span>\r\n<span class=\"nt\">BOOTSTRAP_TOKEN<\/span><span class=\"p\">:<\/span>\r\n\r\n<span class=\"c1\"># Development env open this, when error occur display the full process track, Production disable it<\/span>\r\n<span class=\"c1\"># DEBUG \u6a21\u5f0f \u5f00\u542fDEBUG\u540e\u9047\u5230\u9519\u8bef\u65f6\u53ef\u4ee5\u770b\u5230\u66f4\u591a\u65e5\u5fd7<\/span>\r\n<span class=\"nt\">DEBUG<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">false<\/span>\r\n\r\n<span class=\"c1\"># DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https:\/\/docs.djangoproject.com\/en\/1.10\/topics\/logging\/<\/span>\r\n<span class=\"c1\"># \u65e5\u5fd7\u7ea7\u522b<\/span>\r\n<span class=\"nt\">LOG_LEVEL<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">ERROR<\/span>\r\n<span class=\"c1\"># LOG_DIR:<\/span>\r\n\r\n<span class=\"c1\"># Session expiration setting, Default 24 hour, Also set expired on on browser close<\/span>\r\n<span class=\"c1\"># \u6d4f\u89c8\u5668Session\u8fc7\u671f\u65f6\u95f4, \u9ed8\u8ba424\u5c0f\u65f6, \u4e5f\u53ef\u4ee5\u8bbe\u7f6e\u6d4f\u89c8\u5668\u5173\u95ed\u5219\u8fc7\u671f<\/span>\r\n<span class=\"c1\"># SESSION_COOKIE_AGE: 86400<\/span>\r\n<span class=\"nt\">SESSION_EXPIRE_AT_BROWSER_CLOSE<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">true<\/span>\r\n\r\n<span class=\"c1\"># Database setting, Support sqlite3, mysql, postgres ....<\/span>\r\n<span class=\"c1\"># \u6570\u636e\u5e93\u8bbe\u7f6e<\/span>\r\n<span class=\"c1\"># See https:\/\/docs.djangoproject.com\/en\/1.10\/ref\/settings\/#databases<\/span>\r\n\r\n<span class=\"c1\"># SQLite setting:<\/span>\r\n<span class=\"c1\"># \u4f7f\u7528\u5355\u6587\u4ef6sqlite\u6570\u636e\u5e93<\/span>\r\n<span class=\"c1\"># DB_ENGINE: sqlite3<\/span>\r\n<span class=\"c1\"># DB_NAME:<\/span>\r\n\r\n<span class=\"c1\"># MySQL or postgres setting like:<\/span>\r\n<span class=\"c1\"># \u4f7f\u7528Mysql\u4f5c\u4e3a\u6570\u636e\u5e93<\/span>\r\n<span class=\"nt\">DB_ENGINE<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">mysql<\/span>\r\n<span class=\"nt\">DB_HOST<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">127.0.0.1<\/span>\r\n<span class=\"nt\">DB_PORT<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">3306<\/span>\r\n<span class=\"nt\">DB_USER<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">jumpserver<\/span>\r\n<span class=\"nt\">DB_PASSWORD<\/span><span class=\"p\">:<\/span>\r\n<span class=\"nt\">DB_NAME<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">jumpserver<\/span>\r\n\r\n<span class=\"c1\"># When Django start it will bind this host and port<\/span>\r\n<span class=\"c1\"># .\/manage.py runserver 127.0.0.1:8080<\/span>\r\n<span class=\"c1\"># \u8fd0\u884c\u65f6\u7ed1\u5b9a\u7aef\u53e3<\/span>\r\n<span class=\"nt\">HTTP_BIND_HOST<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">0.0.0.0<\/span>\r\n<span class=\"nt\">HTTP_LISTEN_PORT<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">8080<\/span>\r\n\r\n<span class=\"c1\"># Use Redis as broker for celery and web socket<\/span>\r\n<span class=\"c1\"># Redis\u914d\u7f6e<\/span>\r\n<span class=\"nt\">REDIS_HOST<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">127.0.0.1<\/span>\r\n<span class=\"nt\">REDIS_PORT<\/span><span class=\"p\">:<\/span> <span class=\"l l-Scalar l-Scalar-Plain\">6379<\/span>\r\n<span class=\"c1\"># REDIS_PASSWORD:<\/span>\r\n<span class=\"c1\"># REDIS_DB_CELERY: 3<\/span>\r\n<span class=\"c1\"># REDIS_DB_CACHE: 4<\/span>\r\n\r\n<span class=\"c1\"># Use OpenID authorization<\/span>\r\n<span class=\"c1\"># \u4f7f\u7528OpenID \u6765\u8fdb\u884c\u8ba4\u8bc1\u8bbe\u7f6e<\/span>\r\n<span class=\"c1\"># BASE_SITE_URL: http:\/\/localhost:8080<\/span>\r\n<span class=\"c1\"># AUTH_OPENID: false  # True or False<\/span>\r\n<span class=\"c1\"># AUTH_OPENID_SERVER_URL: https:\/\/openid-auth-server.com\/<\/span>\r\n<span class=\"c1\"># AUTH_OPENID_REALM_NAME: realm-name<\/span>\r\n<span class=\"c1\"># AUTH_OPENID_CLIENT_ID: client-id<\/span>\r\n<span class=\"c1\"># AUTH_OPENID_CLIENT_SECRET: client-secret<\/span>\r\n\r\n<span class=\"c1\"># OTP settings<\/span>\r\n<span class=\"c1\"># OTP\/MFA \u914d\u7f6e<\/span>\r\n<span class=\"c1\"># OTP_VALID_WINDOW: 0<\/span>\r\n<span class=\"c1\"># OTP_ISSUER_NAME: Jumpserver<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># \u8fd0\u884c Jumpserver<\/span>\r\n$ <span class=\"nb\">cd<\/span> \/opt\/jumpserver\r\n$ .\/jms start -d  <span class=\"c1\"># \u540e\u53f0\u8fd0\u884c\u4f7f\u7528 -d \u53c2\u6570.\/jms start -d<\/span>\r\n<span class=\"c1\"># \u65b0\u7248\u672c\u66f4\u65b0\u4e86\u8fd0\u884c\u811a\u672c, \u4f7f\u7528\u65b9\u5f0f.\/jms start|stop|status all  \u540e\u53f0\u8fd0\u884c\u8bf7\u6dfb\u52a0 -d \u53c2\u6570<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># \u5b89\u88c5 docker \u90e8\u7f72 coco \u4e0e guacamole<\/span>\r\n$ yum install -y yum-utils device-mapper-persistent-data lvm2\r\n$ yum-config-manager --add-repo http:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/docker-ce.repo\r\n$ yum makecache fast\r\n$ rpm --import https:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/gpg\r\n$ yum -y install docker-ce wget\r\n$ systemctl <span class=\"nb\">enable<\/span> docker\r\n$ mkdir \/etc\/docker\r\n$ wget -O \/etc\/docker\/daemon.json http:\/\/demo.jumpserver.org\/download\/docker\/daemon.json\r\n$ systemctl restart docker\r\n\r\n<span class=\"c1\"># \u5141\u8bb8 \u5bb9\u5668ip \u8bbf\u95ee\u5bbf\u4e3b 8080 \u7aef\u53e3, (\u5bb9\u5668\u7684 ip \u53ef\u4ee5\u8fdb\u5165\u5bb9\u5668\u67e5\u770b)<\/span>\r\n$ firewall-cmd --permanent --add-rich-rule<span class=\"o\">=<\/span><span class=\"s2\">\"rule family=\"<\/span>ipv4<span class=\"s2\">\" source address=\"<\/span><span class=\"m\">172<\/span>.17.0.0\/16<span class=\"s2\">\" port protocol=\"<\/span>tcp<span class=\"s2\">\" port=\"<\/span><span class=\"m\">8080<\/span><span class=\"s2\">\" accept\"<\/span>\r\n$ firewall-cmd --reload\r\n<span class=\"c1\"># 172.17.0.x \u662fdocker\u5bb9\u5668\u9ed8\u8ba4\u7684IP\u6c60, \u8fd9\u91cc\u5077\u61d2\u76f4\u63a5\u6388\u6743ip\u6bb5\u4e86, \u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u5355\u72ec\u6388\u6743IP<\/span>\r\n\r\n<span class=\"c1\"># \u83b7\u53d6\u5f53\u524d\u670d\u52a1\u5668 IP<\/span>\r\n$ <span class=\"nv\">Server_IP<\/span><span class=\"o\">=<\/span><span class=\"sb\">`<\/span>ip addr <span class=\"p\">|<\/span> grep inet <span class=\"p\">|<\/span> egrep -v <span class=\"s1\">'(127.0.0.1|inet6|docker)'<\/span> <span class=\"p\">|<\/span> awk <span class=\"s1\">'{print $2}'<\/span> <span class=\"p\">|<\/span> tr -d <span class=\"s2\">\"addr:\"<\/span> <span class=\"p\">|<\/span> head -n <span class=\"m\">1<\/span> <span class=\"p\">|<\/span> cut -d \/ -f1<span class=\"sb\">`<\/span>\r\n$ <span class=\"nb\">echo<\/span> -e <span class=\"s2\">\"\\033[31m \u4f60\u7684\u670d\u52a1\u5668IP\u662f <\/span><span class=\"nv\">$Server_IP<\/span><span class=\"s2\"> \\033[0m\"<\/span>\r\n\r\n<span class=\"c1\"># http:\/\/&lt;Jumpserver_url&gt; \u6307\u5411 jumpserver \u7684\u670d\u52a1\u7aef\u53e3, \u5982 http:\/\/192.168.244.144:8080<\/span>\r\n<span class=\"c1\"># BOOTSTRAP_TOKEN \u4e3a Jumpserver\/config.yml \u91cc\u9762\u7684 BOOTSTRAP_TOKEN<\/span>\r\n$ docker run --name jms_coco -d -p <span class=\"m\">2222<\/span>:2222 -p <span class=\"m\">5000<\/span>:5000 -e <span class=\"nv\">CORE_HOST<\/span><span class=\"o\">=<\/span>http:\/\/<span class=\"nv\">$Server_IP<\/span>:8080 -e <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span><span class=\"nv\">$BOOTSTRAP_TOKEN<\/span> jumpserver\/jms_coco:1.4.8\r\n$ docker run --name jms_guacamole -d -p <span class=\"m\">8081<\/span>:8081 -e <span class=\"nv\">JUMPSERVER_SERVER<\/span><span class=\"o\">=<\/span>http:\/\/<span class=\"nv\">$Server_IP<\/span>:8080 -e <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span><span class=\"nv\">$BOOTSTRAP_TOKEN<\/span> jumpserver\/jms_guacamole:1.4.8\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># \u5b89\u88c5 Web Terminal \u524d\u7aef: Luna  \u9700\u8981 Nginx \u6765\u8fd0\u884c\u8bbf\u95ee \u8bbf\u95ee(https:\/\/github.com\/jumpserver\/luna\/releases)\u4e0b\u8f7d\u5bf9\u5e94\u7248\u672c\u7684 release \u5305, \u76f4\u63a5\u89e3\u538b, \u4e0d\u9700\u8981\u7f16\u8bd1<\/span>\r\n$ <span class=\"nb\">cd<\/span> \/opt\r\n$ wget https:\/\/github.com\/jumpserver\/luna\/releases\/download\/1.4.8\/luna.tar.gz\r\n\r\n<span class=\"c1\"># \u5982\u679c\u7f51\u7edc\u6709\u95ee\u9898\u5bfc\u81f4\u4e0b\u8f7d\u65e0\u6cd5\u5b8c\u6210\u53ef\u4ee5\u4f7f\u7528\u4e0b\u9762\u5730\u5740<\/span>\r\n$ wget https:\/\/demo.jumpserver.org\/download\/luna\/1.4.8\/luna.tar.gz\r\n\r\n$ tar xf luna.tar.gz\r\n$ chown -R root:root luna\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># \u914d\u7f6e Nginx \u6574\u5408\u5404\u7ec4\u4ef6<\/span>\r\n$ rm -rf \/etc\/nginx\/conf.d\/default.conf\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre>$ vi \/etc\/nginx\/conf.d\/jumpserver.conf\r\n\r\nserver <span class=\"o\">{<\/span>\r\n    listen <span class=\"m\">80<\/span><span class=\"p\">;<\/span>\r\n\r\n    client_max_body_size 100m<span class=\"p\">;<\/span>  <span class=\"c1\"># \u5f55\u50cf\u53ca\u6587\u4ef6\u4e0a\u4f20\u5927\u5c0f\u9650\u5236<\/span>\r\n\r\n    location \/luna\/ <span class=\"o\">{<\/span>\r\n        try_files <span class=\"nv\">$uri<\/span> \/ \/index.html<span class=\"p\">;<\/span>\r\n        <span class=\"nb\">alias<\/span> \/opt\/luna\/<span class=\"p\">;<\/span>  <span class=\"c1\"># luna \u8def\u5f84, \u5982\u679c\u4fee\u6539\u5b89\u88c5\u76ee\u5f55, \u6b64\u5904\u9700\u8981\u4fee\u6539<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/media\/ <span class=\"o\">{<\/span>\r\n        add_header Content-Encoding gzip<span class=\"p\">;<\/span>\r\n        root \/opt\/jumpserver\/data\/<span class=\"p\">;<\/span>  <span class=\"c1\"># \u5f55\u50cf\u4f4d\u7f6e, \u5982\u679c\u4fee\u6539\u5b89\u88c5\u76ee\u5f55, \u6b64\u5904\u9700\u8981\u4fee\u6539<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/static\/ <span class=\"o\">{<\/span>\r\n        root \/opt\/jumpserver\/data\/<span class=\"p\">;<\/span>  <span class=\"c1\"># \u9759\u6001\u8d44\u6e90, \u5982\u679c\u4fee\u6539\u5b89\u88c5\u76ee\u5f55, \u6b64\u5904\u9700\u8981\u4fee\u6539<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/socket.io\/ <span class=\"o\">{<\/span>\r\n        proxy_pass       http:\/\/localhost:5000\/socket.io\/<span class=\"p\">;<\/span>\r\n        proxy_buffering off<span class=\"p\">;<\/span>\r\n        proxy_http_version <span class=\"m\">1<\/span>.1<span class=\"p\">;<\/span>\r\n        proxy_set_header Upgrade <span class=\"nv\">$http_upgrade<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Connection <span class=\"s2\">\"upgrade\"<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/coco\/ <span class=\"o\">{<\/span>\r\n        proxy_pass       http:\/\/localhost:5000\/coco\/<span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/guacamole\/ <span class=\"o\">{<\/span>\r\n        proxy_pass       http:\/\/localhost:8081\/<span class=\"p\">;<\/span>\r\n        proxy_buffering off<span class=\"p\">;<\/span>\r\n        proxy_http_version <span class=\"m\">1<\/span>.1<span class=\"p\">;<\/span>\r\n        proxy_set_header Upgrade <span class=\"nv\">$http_upgrade<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Connection <span class=\"nv\">$http_connection<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/ <span class=\"o\">{<\/span>\r\n        proxy_pass http:\/\/localhost:8080<span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n<span class=\"o\">}<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># \u8fd0\u884c Nginx<\/span>\r\n$ nginx -t   <span class=\"c1\"># \u786e\u4fdd\u914d\u7f6e\u6ca1\u6709\u95ee\u9898, \u6709\u95ee\u9898\u8bf7\u5148\u89e3\u51b3<\/span>\r\n$ systemctl start nginx\r\n\r\n<span class=\"c1\"># \u8bbf\u95ee http:\/\/192.168.244.144 (\u6ce8\u610f \u6ca1\u6709 :8080 \u901a\u8fc7 nginx \u4ee3\u7406\u7aef\u53e3\u8fdb\u884c\u8bbf\u95ee)<\/span>\r\n<span class=\"c1\"># \u9ed8\u8ba4\u8d26\u53f7: admin \u5bc6\u7801: admin  \u5230\u4f1a\u8bdd\u7ba1\u7406-\u7ec8\u7aef\u7ba1\u7406 \u63a5\u53d7 coco Guacamole \u7b49\u5e94\u7528\u7684\u6ce8\u518c<\/span>\r\n<span class=\"c1\"># \u6d4b\u8bd5\u8fde\u63a5<\/span>\r\n$ ssh -p2222 admin@192.168.244.144\r\n$ sftp -P2222 admin@192.168.244.144\r\n  \u5bc6\u7801: admin\r\n\r\n<span class=\"c1\"># \u5982\u679c\u662f\u7528\u5728 Windows \u4e0b, Xshell Terminal \u767b\u5f55\u8bed\u6cd5\u5982\u4e0b<\/span>\r\n$ ssh admin@192.168.244.144 <span class=\"m\">2222<\/span>\r\n$ sftp admin@192.168.244.144 <span class=\"m\">2222<\/span>\r\n  \u5bc6\u7801: admin\r\n  \u5982\u679c\u80fd\u767b\u9646\u4ee3\u8868\u90e8\u7f72\u6210\u529f\r\n\r\n<span class=\"c1\"># sftp\u9ed8\u8ba4\u4e0a\u4f20\u7684\u4f4d\u7f6e\u5728\u8d44\u4ea7\u7684 \/tmp \u76ee\u5f55\u4e0b<\/span>\r\n<span class=\"c1\"># windows\u62d6\u62fd\u4e0a\u4f20\u7684\u4f4d\u7f6e\u5728\u8d44\u4ea7\u7684 Guacamole RDP\u4e0a\u7684 G \u76ee\u5f55\u4e0b<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<p>\u591a\u7ec4\u4ef6\u8d1f\u8f7d\u8bf4\u660e<\/p>\n<div class=\"highlight-shell notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"c1\"># coco \u670d\u52a1\u9ed8\u8ba4\u8fd0\u884c\u5728\u5355\u6838\u5fc3\u4e0b\u9762, \u5f53\u8d1f\u8f7d\u8fc7\u9ad8\u65f6\u4f1a\u5bfc\u81f4\u7528\u6237\u8bbf\u95ee\u53d8\u6162, \u8fd9\u65f6\u53ef\u8fd0\u884c\u591a\u4e2a docker \u5bb9\u5668\u7f13\u89e3<\/span>\r\n$ docker run --name jms_coco01 -d -p <span class=\"m\">2223<\/span>:2222 -p <span class=\"m\">5001<\/span>:5000 -e <span class=\"nv\">CORE_HOST<\/span><span class=\"o\">=<\/span>http:\/\/&lt;Jumpserver_url&gt; -e <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span>****** jumpserver\/jms_coco:1.4.8\r\n$ docker run --name jms_coco02 -d -p <span class=\"m\">2224<\/span>:2222 -p <span class=\"m\">5002<\/span>:5000 -e <span class=\"nv\">CORE_HOST<\/span><span class=\"o\">=<\/span>http:\/\/&lt;Jumpserver_url&gt; -e <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span>****** jumpserver\/jms_coco:1.4.8\r\n...\r\n\r\n<span class=\"c1\"># guacamole \u4e5f\u662f\u4e00\u6837<\/span>\r\n$ docker run --name jms_guacamole01 -d -p <span class=\"m\">8082<\/span>:8081 -e <span class=\"nv\">JUMPSERVER_SERVER<\/span><span class=\"o\">=<\/span>http:\/\/&lt;Jumpserver_url&gt; -e <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span>****** jumpserver\/jms_guacamole:1.4.8\r\n$ docker run --name jms_guacamole02 -d -p <span class=\"m\">8083<\/span>:8081 -e <span class=\"nv\">JUMPSERVER_SERVER<\/span><span class=\"o\">=<\/span>http:\/\/&lt;Jumpserver_url&gt; -e <span class=\"nv\">BOOTSTRAP_TOKEN<\/span><span class=\"o\">=<\/span>****** jumpserver\/jms_guacamole:1.4.8\r\n...\r\n\r\n<span class=\"c1\"># nginx \u4ee3\u7406\u8bbe\u7f6e<\/span>\r\n$ vi \/etc\/nginx\/nginx.conf\r\nuser  nginx<span class=\"p\">;<\/span>\r\nworker_processes  auto<span class=\"p\">;<\/span>\r\n\r\nerror_log  \/var\/log\/nginx\/error.log warn<span class=\"p\">;<\/span>\r\npid        \/var\/run\/nginx.pid<span class=\"p\">;<\/span>\r\n\r\n\r\nevents <span class=\"o\">{<\/span>\r\n    worker_connections  <span class=\"m\">1024<\/span><span class=\"p\">;<\/span>\r\n<span class=\"o\">}<\/span>\r\n\r\n<span class=\"c1\"># \u52a0\u5165 tcp \u4ee3\u7406<\/span>\r\nstream <span class=\"o\">{<\/span>\r\n    log_format  proxy  <span class=\"s1\">'$remote_addr [$time_local] '<\/span>\r\n                       <span class=\"s1\">'$protocol $status $bytes_sent $bytes_received '<\/span>\r\n                       <span class=\"s1\">'$session_time \"$upstream_addr\" '<\/span>\r\n                       <span class=\"s1\">'\"$upstream_bytes_sent\" \"$upstream_bytes_received\" \"$upstream_connect_time\"'<\/span><span class=\"p\">;<\/span>\r\n\r\n    access_log \/var\/log\/nginx\/tcp-access.log  proxy<span class=\"p\">;<\/span>\r\n    open_log_file_cache off<span class=\"p\">;<\/span>\r\n\r\n    upstream cocossh <span class=\"o\">{<\/span>\r\n        server localhost:2222 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>\r\n        server localhost:2223 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u591a\u8282\u70b9<\/span>\r\n        server localhost:2224 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u591a\u8282\u70b9<\/span>\r\n        <span class=\"c1\"># \u8fd9\u91cc\u662f coco ssh \u7684\u540e\u7aefip<\/span>\r\n        <span class=\"nb\">hash<\/span> <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n    server <span class=\"o\">{<\/span>\r\n        listen <span class=\"m\">2220<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u4e0d\u80fd\u4f7f\u7528\u5df2\u7ecf\u4f7f\u7528\u7684\u7aef\u53e3, \u81ea\u884c\u4fee\u6539, \u7528\u6237ssh\u767b\u5f55\u65f6\u7684\u7aef\u53e3<\/span>\r\n        proxy_pass cocossh<span class=\"p\">;<\/span>\r\n        proxy_connect_timeout 10s<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n<span class=\"o\">}<\/span>\r\n<span class=\"c1\"># \u5230\u6b64\u7ed3\u675f<\/span>\r\n\r\nhttp <span class=\"o\">{<\/span>\r\n    include       \/etc\/nginx\/mime.types<span class=\"p\">;<\/span>\r\n    default_type  application\/octet-stream<span class=\"p\">;<\/span>\r\n\r\n    log_format  main  <span class=\"s1\">'$remote_addr - $remote_user [$time_local] \"$request\" '<\/span>\r\n                      <span class=\"s1\">'$status $body_bytes_sent \"$http_referer\" '<\/span>\r\n                      <span class=\"s1\">'\"$http_user_agent\" \"$http_x_forwarded_for\"'<\/span><span class=\"p\">;<\/span>\r\n\r\n    access_log  \/var\/log\/nginx\/access.log  main<span class=\"p\">;<\/span>\r\n\r\n    sendfile        on<span class=\"p\">;<\/span>\r\n    <span class=\"c1\"># tcp_nopush     on;<\/span>\r\n\r\n    keepalive_timeout  <span class=\"m\">65<\/span><span class=\"p\">;<\/span>\r\n\r\n    <span class=\"c1\"># \u5173\u95ed\u7248\u672c\u663e\u793a<\/span>\r\n    server_tokens off<span class=\"p\">;<\/span>\r\n\r\n    include \/etc\/nginx\/conf.d\/*.conf<span class=\"p\">;<\/span>\r\n<span class=\"o\">}<\/span>\r\n\r\n$ firewall-cmd --zone<span class=\"o\">=<\/span>public --add-port<span class=\"o\">=<\/span><span class=\"m\">2220<\/span>\/tcp --permanent\r\n$ firewall-cmd --reload\r\n\r\n$ vi \/etc\/nginx\/conf.d\/jumpserver.conf\r\nupstream jumpserver <span class=\"o\">{<\/span>\r\n    server localhost:8080<span class=\"p\">;<\/span>\r\n    <span class=\"c1\"># \u8fd9\u91cc\u662f jumpserver \u7684\u540e\u7aefip<\/span>\r\n<span class=\"o\">}<\/span>\r\n\r\nupstream cocows <span class=\"o\">{<\/span>\r\n    server localhost:5000 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>\r\n    server localhost:5001 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u591a\u8282\u70b9<\/span>\r\n    server localhost:5002 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u591a\u8282\u70b9<\/span>\r\n    <span class=\"c1\"># \u8fd9\u91cc\u662f coco ws \u7684\u540e\u7aefip<\/span>\r\n    ip_hash<span class=\"p\">;<\/span>\r\n<span class=\"o\">}<\/span>\r\n\r\nupstream guacamole <span class=\"o\">{<\/span>\r\n    server localhost:8081 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>\r\n    server localhost:8082 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u591a\u8282\u70b9<\/span>\r\n    server localhost:8083 <span class=\"nv\">weight<\/span><span class=\"o\">=<\/span><span class=\"m\">1<\/span><span class=\"p\">;<\/span>  <span class=\"c1\"># \u591a\u8282\u70b9<\/span>\r\n    <span class=\"c1\"># \u8fd9\u91cc\u662f guacamole \u7684\u540e\u7aefip<\/span>\r\n    ip_hash<span class=\"p\">;<\/span>\r\n<span class=\"o\">}<\/span>\r\n\r\nserver <span class=\"o\">{<\/span>\r\n    listen <span class=\"m\">80<\/span><span class=\"p\">;<\/span>\r\n    server_name demo.jumpserver.org<span class=\"p\">;<\/span>  <span class=\"c1\"># \u81ea\u884c\u4fee\u6539\u6210\u4f60\u7684\u57df\u540d<\/span>\r\n\r\n    client_max_body_size 100m<span class=\"p\">;<\/span>  <span class=\"c1\"># \u5f55\u50cf\u4e0a\u4f20\u5927\u5c0f\u9650\u5236<\/span>\r\n\r\n    location \/ <span class=\"o\">{<\/span>\r\n        proxy_pass http:\/\/jumpserver<span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/luna\/ <span class=\"o\">{<\/span>\r\n        try_files <span class=\"nv\">$uri<\/span> \/ \/index.html<span class=\"p\">;<\/span>\r\n        <span class=\"nb\">alias<\/span> \/opt\/luna\/<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/media\/ <span class=\"o\">{<\/span>\r\n        add_header Content-Encoding gzip<span class=\"p\">;<\/span>\r\n        root \/opt\/jumpserver\/data\/<span class=\"p\">;<\/span>  <span class=\"c1\"># \u5f55\u50cf\u4f4d\u7f6e, \u5982\u679c\u4fee\u6539\u5b89\u88c5\u76ee\u5f55, \u6b64\u5904\u9700\u8981\u4fee\u6539<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/static\/ <span class=\"o\">{<\/span>\r\n        root \/opt\/jumpserver\/data\/<span class=\"p\">;<\/span>  <span class=\"c1\"># \u9759\u6001\u8d44\u6e90, \u5982\u679c\u4fee\u6539\u5b89\u88c5\u76ee\u5f55, \u6b64\u5904\u9700\u8981\u4fee\u6539<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/socket.io\/ <span class=\"o\">{<\/span>\r\n        proxy_pass       http:\/\/cocows\/socket.io\/<span class=\"p\">;<\/span>  <span class=\"c1\"># coco<\/span>\r\n        proxy_buffering off<span class=\"p\">;<\/span>\r\n        proxy_http_version <span class=\"m\">1<\/span>.1<span class=\"p\">;<\/span>\r\n        proxy_set_header Upgrade <span class=\"nv\">$http_upgrade<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Connection <span class=\"s2\">\"upgrade\"<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/coco\/ <span class=\"o\">{<\/span>\r\n        proxy_pass       http:\/\/cocows\/coco\/<span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n\r\n    location \/guacamole\/ <span class=\"o\">{<\/span>\r\n        proxy_pass       http:\/\/guacamole\/<span class=\"p\">;<\/span>  <span class=\"c1\">#  guacamole<\/span>\r\n        proxy_buffering off<span class=\"p\">;<\/span>\r\n        proxy_http_version <span class=\"m\">1<\/span>.1<span class=\"p\">;<\/span>\r\n        proxy_set_header Upgrade <span class=\"nv\">$http_upgrade<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Connection <span class=\"nv\">$http_connection<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Real-IP <span class=\"nv\">$remote_addr<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header Host <span class=\"nv\">$host<\/span><span class=\"p\">;<\/span>\r\n        proxy_set_header X-Forwarded-For <span class=\"nv\">$proxy_add_x_forwarded_for<\/span><span class=\"p\">;<\/span>\r\n        access_log off<span class=\"p\">;<\/span>\r\n    <span class=\"o\">}<\/span>\r\n<span class=\"o\">}<\/span>\r\n\r\n$ nginx -t\r\n$ nginx -s reload<\/pre>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u8bf4\u660e # \u5f00\u5934\u7684\u884c\u8868\u793a\u6ce8\u91ca &gt; \u5f00\u5934\u7684\u884c\u8868\u793a\u9700\u8981\u5728 mysql \u4e2d\u6267\u884c $ \u5f00\u5934\u7684\u884c\u8868\u793a\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-960","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=960"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/960\/revisions"}],"predecessor-version":[{"id":961,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/960\/revisions\/961"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}