Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/iriskins/jumpserver_deploy_source

Jumpserver deploy from sources guide
https://github.com/iriskins/jumpserver_deploy_source

bastion-host debian jumpserver linux

Last synced: 1 day ago
JSON representation

Jumpserver deploy from sources guide

Host: GitHub
URL: https://github.com/iriskins/jumpserver_deploy_source
Owner: iriskins
Created: 2025-02-07T20:34:42.000Z (3 days ago)
Default Branch: master
Last Pushed: 2025-02-09T07:53:25.000Z (2 days ago)
Last Synced: 2025-02-09T08:28:01.149Z (2 days ago)
Topics: bastion-host, debian, jumpserver, linux
Homepage:
Size: 2.93 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Jumpserver
## Requirements
- debian 12 bookworm
- jumpserver version 4.6.0
### Redis
1. `sudo apt install redis`
2. `sudo systemctl enable --now redis-server`
### Postgresql
1. `sudo apt install postgresql`
2. `sudo systemctl enable --now postgresql`
3. `sudo -u postgres psql`
``` sql
CREATE DATABASE jumpserver;
CREATE USER jumpserver WITH PASSWORD 'jumpserver';
ALTER DATABASE jumpserver OWNER TO jumpserver;
```
### Core
1. `sudo apt install python3 python3-pip git pipx celery gunicorn`
2. `cd /opt`
3. `sudo git clone --depth 1 https://github.com/jumpserver/jumpserver.git`
4. `sudo chown -R $USER: jumpserver`
5. `cd jumpserver`
6. `sudo /bin/bash requirements/deb_pkg.sh`
7. `export PIP_BREAK_SYSTEM_PACKAGES=1`
8. `pipx install poetry`
9. `pip install poetry-plugin-export`
10. `/home/$USER/.local/bin/poetry export --without-hashes --format=requirements.txt | sudo tee requirements.txt`
11. `pip install -r requirements.txt`
12. `sudo apt install python3-cffi`
13. `pip uninstall cffi`
14. `sudo cp config_example.yml config.yml`
15. `sudo vi config.yml`
``` yml
SECRET_KEY: "" # cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
BOOTSTRAP_TOKEN: "" # cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
DEBUG: false
DB_ENGINE: postgresql
DB_HOST: 127.0.0.1
DB_PORT: 5432
DB_USER: jumpserver
DB_PASSWORD: jumpserver
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
```
16. `./jms upgrade_db`
17. `./jms start all -d`
## Lina
1. `cd ~`
2. `sudo apt install git nginx nodejs npm -y`
3. `sudo npm install -g yarn`
4. `git clone https://github.com/jumpserver/lina.git`
5. `cd lina`
6. `yarn install`
7. `vi .env.production`
```
VUE_APP_CORE_HOST = '' # nginx url
```
8. `export NODE_OPTIONS=--openssl-legacy-provider`
9. `yarn build:prod`
10. `sudo mv lina /opt/`
11. `sudo chown -R www-data: /opt/lina`
12. `sudo vi /etc/nginx/sites-enabled/default`
```
server {
listen 80;
# server_name _;

client_max_body_size 5000m;

location /luna/ {
proxy_pass http://127.0.0.1:4200;
}

location /media/replay/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}

location /static/ {
root /opt/jumpserver/data/;
}

location /koko/ {
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /lion/ {
proxy_pass http://127.0.0.1:8081;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_ignore_client_abort on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 6000;
}

location /ws/ {
proxy_pass http://127.0.0.1:8080;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~ ^/(core|api|media)/ {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location /ui/ {
try_files $uri / /ui/index.html;
alias /opt/lina/;
}

location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
```
13. `sudo systemctl restart nginx`