网站首页 > 博客文章 正文
jumpserver 配置文件有问题
在将堡垒机映射到公网时,会出现以上情况。
解决方法:
1.服务器上找到/opt/jumpserver/config/config.txt
2.vi进去,找到这里,如何找。可以进入冒号模式:/DOMAINS,来进行查找。
添加DOMAINS
3.重启jms(最重要的一步)
Jmsctl restart
4.再次访问OK!
————————————————
通过 SSL 证书访问 JumpServer 的配置方案
#使用场景
用户如何配置和替换自己的 SSL 证书,使用户能够通过 HTTPS 方式通过443端口正常访问 JumpServer。
概述
本文主要介绍在 JumpServer V2 (2.24版本左右) 和 V3 版本环境中,用户如何配置和替换自己的 SSL 证书,使用户能够通过 HTTPS 方式通过443端口正常访问 JumpServer。
替换证书
如果需要 Jumpserver 开启 HTTPS 服务,则需要将自己的证书上传至部署堡垒机的服务器上,上传位置为 /opt/jumpserver/config/nginx/cert(该目录为默认映射目录不可修改。使用该目录的前提是 JumpServer 的安装目录为 /opt/jumpserver)。
要完成证书的配置和替换,可以通过以下两种方式完成。
方式一
修改新上传的文件名称分别为 server.crt 以及 server.key.
- 将证书放到 /opt/jumpserver/config/nginx/cert 目录下。
[root@Test4LinuxRemoteApp cert]# pwd
/opt/jumpserver/config/nginx/cert
[root@Test4LinuxRemoteApp cert]# ls
server.crt server.key
- 修改配置文件前需要先关闭 JumpServer 服务
[+] Running 15/15
? Container jms_core Removed 2.8s
? Container jms_redis Removed 5.2s
? Container jms_celery Removed 2.4s
? Container jms_web Removed 11.9s
? Container jms_video Removed 11.1s
? Container jms_kael Removed 11.3s
? Container jms_chen Removed 11.6s
? Container jms_lion Removed 11.5s
? Container jms_mysql Removed 9.4s
? Container jms_panda Removed 11.4s
? Container jms_magnus Removed 15.7s
? Container jms_koko Removed 14.4s
? Container jms_razor Removed 14.1s
? Container jms_xrdp Removed 13.7s
? Network jms_net Removed 0.9s
[root@Test4LinuxRemoteApp jumpserver-offline-release-v3.10.6-amd64]#
- 修改 JumpServer 的配置文件(默认位于 /opt/jumpserver/config/config.txt)默认配置如下所示:
################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
#HTTPS_PORT=443
# SERVER_NAME=your_domain_name
#SSL_CERTIFICATE=your_cert
#SSL_CERTIFICATE_KEY=your_cert_key
#- 修改配置,使 JumpServer 开启 HTTPS 服务 修改如下所示:
################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
HTTPS_PORT=443
SERVER_NAME=your_domain_name
SSL_CERTIFICATE=your_cert
SSL_CERTIFICATE_KEY=your_cert_key
#- 重新启动 JumpServer
[root@Test4LinuxRemoteApp jumpserver-offline-release-v3.10.6-amd64]# ./jmsctl.sh start
[+] Running 14/15
? Network jms_net Created 5.6s
? Container jms_web Started 3.7s
? Container jms_razor Started 4.6s
? Container jms_koko Started 4.1s
? Container jms_celery Started 4.1s
? Container jms_redis Started 4.0s
? Container jms_xrdp Started 3.7s
? Container jms_magnus Started 5.0s
? Container jms_panda Started 3.7s
? Container jms_chen Started 4.1s
? Container jms_mysql Started 3.7s
? Container jms_lion Started 3.7s
? Container jms_core Started 4.1s
? Container jms_kael Started 3.7s
? Container jms_video Started - 重启 JumpServer 并查看启动结果。
在V2.24 可以看到新增了一个容器 jms_lb
V3 则没有模块变化。
[root@Test4LinuxRemoteApp jumpserver-offline-release-v3.10.6-amd64]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b4ea5e06db37 registry.fit2cloud.com/jumpserver/chen:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 8082/tcp jms_chen
b0bd39ba4565 jumpserver/redis:6.2 "docker-entrypoint.s…" About a minute ago Up About a minute (healthy) 6379/tcp jms_redis
14ba212c54d4 registry.fit2cloud.com/jumpserver/core-ee:v3.10.6 "./entrypoint.sh sta…" About a minute ago Up About a minute (unhealthy) 8080/tcp jms_core
a3583e610b23 registry.fit2cloud.com/jumpserver/video-worker:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 9000/tcp jms_video
56129f6ba1c4 registry.fit2cloud.com/jumpserver/magnus:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 0.0.0.0:14330->14330/tcp, :::14330->14330/tcp, 0.0.0.0:30000-30002->30000-30002/tcp, :::30000-30002->30000-30002/tcp, 0.0.0.0:33061-33062->33061-33062/tcp, :::33061-33062->33061-33062/tcp, 0.0.0.0:54320->54320/tcp, :::54320->54320/tcp, 8088/tcp, 0.0.0.0:63790->63790/tcp, :::63790->63790/tcp jms_magnus
b5fb7ad477b2 registry.fit2cloud.com/jumpserver/kael:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 8083/tcp jms_kael
bddd9c66441f registry.fit2cloud.com/jumpserver/koko:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 0.0.0.0:2222->2222/tcp, :::2222->2222/tcp, 5000/tcp jms_koko
48ca1f2b5a7f registry.fit2cloud.com/jumpserver/xrdp:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 0.0.0.0:3390->3390/tcp, :::3390->3390/tcp jms_xrdp
3cf88384957f registry.fit2cloud.com/jumpserver/panda:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 9001/tcp jms_panda
2debb7ba6553 registry.fit2cloud.com/jumpserver/razor:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 0.0.0.0:3389->3389/tcp, :::3389->3389/tcp jms_razor
f06a6f0e8ad7 registry.fit2cloud.com/jumpserver/lion:v3.10.6 "./entrypoint.sh" About a minute ago Up About a minute (unhealthy) 4822/tcp, 8081/tcp jms_lion
c39ac3f047e8 jumpserver/mariadb:10.6 "docker-entrypoint.s…" About a minute ago Up About a minute (healthy) 3306/tcp jms_mysql
1c649811179a registry.fit2cloud.com/jumpserver/web:v3.10.6 "/docker-entrypoint.…" About a minute ago Up About a minute (unhealthy) 0.0.0.0:80->80/tcp, :::80->80/tcp jms_web
6ed3fa66a1c9 registry.fit2cloud.com/jumpserver/core-ee:v3.10.6 "./entrypoint.sh sta…" About a minute ago Up About a minute (unhealthy) 8080/tcp jms_celery
登录 JumpServer,查看 HTTPS 是否正常开启,证书是否生效(登录页面无安全风险提示)。
替换方式二
将上传的文件放置到 /opt/jumpserver/config/nginx/cert。
根据实际使用的证书名称修改 JumpServer 的配置文件中的 HTTPS 配置的相关部分。
################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
HTTPS_PORT=443
SERVER_NAME=your_domain_name
SSL_CERTIFICATE=server.crt
SSL_CERTIFICATE_KEY=server.key
#
然后重新启动 JumpServer 服务,待重启结束,各个模块状态正常后,访问验证。
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
猜你喜欢
- 2024-11-19 允许某个资产通过某个 IP 登录 JumpServer 之后进行连接的设定
- 2024-11-19 JumpServer 访问 Linux(CentOS)的图形界面的配置方法
- 2024-11-19 JumpServer 对接其他认证方式后的等待时间的设置
- 2024-11-19 Jumpserver 任意命令执行漏洞分析报告
- 2024-11-19 操作指南|JumpServer与Keycloak集成对接
- 2024-11-19 使用frp+jumpserver集中管理远程内网服务器
- 2024-11-19 网站未动,跳板机Jumpserver先行
- 2024-11-19 Jumpserver 通过 SSH 连接资产
- 2024-11-19 【堡垒机V3】JumpServer 组件相关的常见问题
- 2024-11-19 最新JumpServer未授权访问漏洞(CVE-2023-42442)分析
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- powershellfor (55)
- messagesource (56)
- aspose.pdf破解版 (56)
- promise.race (63)
- 2019cad序列号和密钥激活码 (62)
- window.performance (66)
- qt删除文件夹 (72)
- mysqlcaching_sha2_password (64)
- ubuntu升级gcc (58)
- nacos启动失败 (64)
- ssh-add (70)
- jwt漏洞 (58)
- macos14下载 (58)
- yarnnode (62)
- abstractqueuedsynchronizer (64)
- source~/.bashrc没有那个文件或目录 (65)
- springboot整合activiti工作流 (70)
- jmeter插件下载 (61)
- 抓包分析 (60)
- idea创建mavenweb项目 (65)
- vue回到顶部 (57)
- qcombobox样式表 (68)
- vue数组concat (56)
- tomcatundertow (58)
- pastemac (61)
本文暂时没有评论,来添加一个吧(●'◡'●)