From 2f657e676f117a1546c204d56e3994956b58417c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Wed, 10 Jul 2024 13:46:49 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0=20v4=20=E7=89=88?= =?UTF-8?q?=E6=9C=AC=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/dev/rest_api.md | 19 +- docs/dev/shell.md | 1 - .../setup_linux_standalone/offline_install.md | 158 +++++++----- .../setup_linux_standalone/offline_upgrade.md | 10 +- .../setup_linux_standalone/online_install.md | 240 ++++++++++++++---- .../setup_linux_standalone/online_upgrade.md | 4 +- .../setup_linux_standalone/requirements.md | 33 ++- docs/quick_start.md | 42 +-- mkdocs.yml | 147 +---------- theme/main.html | 20 -- 10 files changed, 329 insertions(+), 345 deletions(-) diff --git a/docs/dev/rest_api.md b/docs/dev/rest_api.md index d46ea808..e297204c 100644 --- a/docs/dev/rest_api.md +++ b/docs/dev/rest_api.md @@ -6,22 +6,9 @@ ## 1 API 访问 !!! tip "" - | Version | Access method | example | - | --------- | ------------------------ | ---------------------------------- | - | < 2.0.0 | `http:///docs` | `http://192.168.244.144/docs` | - | >=2.0.0 | `http:///api/docs/` | `http://192.168.244.144/api/docs/` | - | >=2.6.0 | `http:///api/docs/` | `http://192.168.244.144/api/docs/` | - -!!! tip "版本小于 v2.6 需要打开 DEBUG 模式" - ```sh - vi config.yml - ``` - ```yaml - ... - # 如果版本更低的话,配置文件是 config.py - # Debug = true - DEBUG: true - ``` + | Version | Access method | example | + | ------------------------ | ------------------------ | ---------------------------------- | + | `{{ jumpserver.tag }}` | `http:///api/docs/` | `http://192.168.244.144/api/docs/` | ### 1.2 页面效果 ![api_swagger](../img/api_swagger.png) diff --git a/docs/dev/shell.md b/docs/dev/shell.md index e676d306..3da813b3 100644 --- a/docs/dev/shell.md +++ b/docs/dev/shell.md @@ -1,7 +1,6 @@ # 交互命令 !!! warning "操作不当将导致数据丢失,操作前请仔细确认" -!!! tip "参考 [Django 文档](https://docs.djangoproject.com/zh-hans/3.2/intro/tutorial02/)" ## 1 操作方法 diff --git a/docs/installation/setup_linux_standalone/offline_install.md b/docs/installation/setup_linux_standalone/offline_install.md index 20262311..500edd63 100644 --- a/docs/installation/setup_linux_standalone/offline_install.md +++ b/docs/installation/setup_linux_standalone/offline_install.md @@ -1,13 +1,16 @@ # 离线安装 -!!! info "离线包解压需要 tar 命令, 参考 [环境要求](./requirements.md) 手动安装" +!!! info "安装所需命令, 参考 [环境要求](./requirements.md) 手动安装" -| OS/Arch | Architecture | Linux Kernel | Offline Name | -| :------------ | :----------- | :----------- | :------------------------------------------------------------------------------------------- | -| linux/amd64 | x86_64 | >= 4.0 | jumpserver-offline-installer-{{ jumpserver.tag }}-amd64.tar.gz | +| OS/Arch | Architecture | Linux Kernel | Offline Name | +| :------------ | :----------- | :----------- | :----------------------------------------------- | +| linux/amd64 | x86_64 | >= 4.0 | jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz | ## 1. 安装部署 +!!! tip "" + - 离线安装目前只支持 linux/amd64 架构, 其他架构请参考 [在线安装](./online_install.md) + === "linux/amd64" !!! tip "" 从飞致云社区 [下载最新的 linux/amd64 离线包](https://community.fit2cloud.com/#/products/jumpserver/downloads){:target="_blank"}, 并上传到部署服务器的 /opt 目录 @@ -15,8 +18,8 @@ !!! tip "" ```sh cd /opt - tar -xf jumpserver-offline-installer-{{ jumpserver.tag }}-amd64.tar.gz - cd jumpserver-offline-installer-{{ jumpserver.tag }}-amd64 + tar -xf jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz + cd jumpserver-ce-{{ jumpserver.tag }}-x86_64 ``` ```sh # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改 @@ -25,92 +28,96 @@ ```vim # JumpServer configuration file example. # - # 如果不了解用途可以跳过修改此配置文件, 系统会自动填入 - # 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/ + # If you don't understand the purpose, you can skip modifying this configuration file, the system will automatically fill in + # Complete parameter documentation https://docs.jumpserver.org/zh/v3/guide/env/ - ################################## 镜像配置 ################################### + ################################# Image Configuration ################################# # - # 国内连接 docker.io 会超时或下载速度较慢, 开启此选项使用华为云镜像加速 - # 取代旧版本 DOCKER_IMAGE_PREFIX + # The connection to docker.io in China will timeout or the download speed will be slow, enable this option to use Huawei Cloud image acceleration + # Replace the old version DOCKER_IMAGE_PREFIX # # DOCKER_IMAGE_MIRROR=1 - ################################## 安装配置 ################################### + # Image pull policy Always, IfNotPresent + # Always means that the latest image will be pulled every time, IfNotPresent means that the image will be pulled only if it does not exist locally + # + # IMAGE_PULL_POLICY=Always + + ############################## Installation Configuration ############################# # - # JumpServer 数据库持久化目录, 默认情况下录像、任务日志都在此目录 - # 请根据实际情况修改, 升级时备份的数据库文件(.sql)和配置文件也会保存到该目录 + # JumpServer database persistence directory, by default, recordings, task logs are in this directory + # Please modify according to the actual situation, the database file (.sql) and configuration file backed up during the upgrade will also be saved to this directory # VOLUME_DIR=/data/jumpserver - # 加密密钥, 迁移请保证 SECRET_KEY 与旧环境一致, 请勿使用特殊字符串 + # Encryption key, please ensure that SECRET_KEY is consistent with the old environment when migrating, do not use special strings # (*) Warning: Keep this value secret. - # (*) 勿向任何人泄露 SECRET_KEY + # (*) Do not disclose SECRET_KEY to anyone # SECRET_KEY= - # 组件向 core 注册使用的 token, 迁移请保持 BOOTSTRAP_TOKEN 与旧环境一致, - # 请勿使用特殊字符串 + # The token used by the component to register with core, please keep BOOTSTRAP_TOKEN consistent with the old environment when migrating, + # Do not use special strings # (*) Warning: Keep this value secret. - # (*) 勿向任何人泄露 BOOTSTRAP_TOKEN + # (*) Do not disclose BOOTSTRAP_TOKEN to anyone # BOOTSTRAP_TOKEN= - # 日志等级 INFO, WARN, ERROR + # Log level INFO, WARN, ERROR # LOG_LEVEL=ERROR - # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改 + # The network segment used by the JumpServer container, please do not conflict with the existing network, modify according to the actual situation # DOCKER_SUBNET=192.168.250.0/24 - # ipv6 nat, 正常情况下无需开启 - # 如果宿主不支持 ipv6 开启此选项将会导致无法获取真实的客户端 ip 地址 + # ipv6 nat, no need to enable under normal circumstances + # If the host does not support ipv6, enabling this option will prevent the real client ip address from being obtained # USE_IPV6=0 DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64 - ################################# MySQL 配置 ################################## - # 外置 MySQL 需要输入正确的 MySQL 信息, 内置 MySQL 系统会自动处理 + ################################# DB Configuration #################################### + # For external databases, you need to enter the correct database information, the system will automatically handle the built-in database + # (*) The password part must not contain single quotes and double quotes # - DB_HOST=mysql - DB_PORT=3306 - DB_USER=root + DB_ENGINE=postgresql + DB_HOST=postgresql + DB_PORT=5432 + DB_USER=postgres DB_PASSWORD= DB_NAME=jumpserver - # 如果外置 MySQL 需要开启 TLS/SSL 连接, 参考 https://docs.jumpserver.org/zh/master/install/install_security/#ssl + # If external MySQL needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/mysql_ssl/ # - # DB_USE_SSL=True + # DB_USE_SSL=true - ################################# Redis 配置 ################################## - # 外置 Redis 需要请输入正确的 Redis 信息, 内置 Redis 系统会自动处理 + ################################# Redis Configuration ################################# + # For external Redis, please enter the correct Redis information, the system will automatically handle the built-in Redis + # (*) The password part must not contain single quotes and double quotes # REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD= - # 如果使用外置 Redis Sentinel, 请手动填写下面内容 + # If you are using external Redis Sentinel, please manually fill in the following content # # REDIS_SENTINEL_HOSTS=mymaster/192.168.100.1:26379,192.168.100.1:26380,192.168.100.1:26381 # REDIS_SENTINEL_PASSWORD=your_sentinel_password # REDIS_PASSWORD=your_redis_password # REDIS_SENTINEL_SOCKET_TIMEOUT=5 - # 如果外置 Redis 需要开启 TLS/SSL 连接, 参考 https://docs.jumpserver.org/zh/master/install/install_security/#redis-ssl + # If external Redis needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/redis_ssl/ # - # REDIS_USE_SSL=True + # REDIS_USE_SSL=true - ################################## 访问配置 ################################### - # 对外提供服务端口, 如果与现有服务冲突请自行修改 + ################################# Access Configuration ################################ + # The service port provided to the outside, if it conflicts with the existing service, please modify it yourself # HTTP_PORT=80 - SSH_PORT=2222 - MAGNUS_MYSQL_PORT=33061 - MAGNUS_MARIADB_PORT=33062 - MAGNUS_REDIS_PORT=63790 - ################################# HTTPS 配置 ################################# - # 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置 + ################################# HTTPS Configuration ################################# + # Refer to https://docs.jumpserver.org/zh/v3/installation/proxy/ for configuration # # HTTPS_PORT=443 # SERVER_NAME=your_domain_name @@ -118,53 +125,68 @@ # SSL_CERTIFICATE_KEY=your_cert_key # - # Nginx 文件上传下载大小限制 + # Nginx file upload and download size limit # CLIENT_MAX_BODY_SIZE=4096m - ################################## 组件配置 ################################### - # 组件注册使用, 默认情况下向 core 容器注册, 集群环境需要修改为集群 vip 地址 + ################################# Component Configuration ############################# + # Component registration use, by default, register to the core container, the cluster environment needs to be modified to the cluster vip address # CORE_HOST=http://core:8080 - PERIOD_TASK_ENABLED=True + PERIOD_TASK_ENABLED=true - # Core Session 定义, - # SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, - # SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期 + # Core Session definition, + # SESSION_COOKIE_AGE indicates how many seconds the session expires after idling, + # SESSION_EXPIRE_AT_BROWSER_CLOSE=true means that the session expires as soon as the browser is closed # # SESSION_COOKIE_AGE=86400 - SESSION_EXPIRE_AT_BROWSER_CLOSE=True + SESSION_EXPIRE_AT_BROWSER_CLOSE=false - # 可信任 DOMAINS 定义, - # 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP, - # DOMAINS="demo.jumpserver.org" - # DOMAINS="172.17.200.191" - # DOMAINS="demo.jumpserver.org,172.17.200.191" + # Trusted DOMAINS definition, + # Define the trusted access IP, please modify according to the actual situation, if it is a public IP, please change to the corresponding public IP, + # DOMAINS="demo.jumpserver.org:443" + # DOMAINS="172.17.200.191:80" + # DOMAINS="demo.jumpserver.org:443,172.17.200.191:80" DOMAINS= - # Lion 开启字体平滑, 优化体验 + # Configure the components that do not need to be started, by default all components will be started, if you do not need a certain component, you can set {component name}_ENABLED to 0 to turn it off + # CORE_ENABLED=0 + # CELERY_ENABLED=0 + # KOKO_ENABLED=0 + # LION_ENABLED=0 + # CHEN_ENABLED=0 + # WEB_ENABLED=0 + + # Lion enables font smoothing to optimize the experience # - JUMPSERVER_ENABLE_FONT_SMOOTHING=True + JUMPSERVER_ENABLE_FONT_SMOOTHING=true - ################################# XPack 配置 ################################# - # XPack 包, 开源版本设置无效 + ################################# XPack Configuration ################################# + # XPack package, invalid setting in open source version # + SSH_PORT=2222 RDP_PORT=3389 + XRDP_PORT=3390 + MAGNUS_MYSQL_PORT=33061 + MAGNUS_MARIADB_PORT=33062 + MAGNUS_REDIS_PORT=63790 MAGNUS_POSTGRESQL_PORT=54320 + MAGNUS_SQLSERVER_PORT=14330 MAGNUS_ORACLE_PORTS=30000-30030 - ################################## 其他配置 ################################## - # 终端使用宿主 HOSTNAME 标识, 首次安装自动生成 + ################################## Other Configuration ################################ + # The terminal uses the host HOSTNAME as the identifier, automatically generated during the first installation # SERVER_HOSTNAME=${HOSTNAME} - # 使用内置 SLB,如果 Web 页面获取到的客户端 IP 地址不正确,请将 USE_LB 设置为 0 - # USE_LB 设置为 1 时,使用配置 proxy_set_header X-Forwarded-For $remote_addr - # USE_LB 设置为 0 时,使用配置 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + # Use built-in SLB, if the client IP address obtained by the Web page is not correct, please set USE_LB to 0 + # When USE_LB is set to 1, use the configuration proxy_set_header X-Forwarded-For $remote_addr + # When USE_LB is set to 0, use the configuration proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for USE_LB=1 - # 当前运行的 JumpServer 版本号, 安装和升级完成后自动生成 + # The current running version number of JumpServer, automatically generated after installation and upgrade # + TZ=Asia/Shanghai CURRENT_VERSION= ``` ```sh @@ -179,7 +201,7 @@ !!! tip "" ```sh - cd jumpserver-offline-release-{{ jumpserver.tag }}-amd64 + cd jumpserver-ce-{{ jumpserver.tag }}-x86_64 # 启动 ./jmsctl.sh start @@ -199,7 +221,7 @@ ```sh 地址: http://:<服务运行端口> 用户名: admin - 密码: admin + 密码: ChangeMe ``` ![登录页面](../../img/online_install_01.png) diff --git a/docs/installation/setup_linux_standalone/offline_upgrade.md b/docs/installation/setup_linux_standalone/offline_upgrade.md index 2e32f81c..0f9b29a9 100644 --- a/docs/installation/setup_linux_standalone/offline_upgrade.md +++ b/docs/installation/setup_linux_standalone/offline_upgrade.md @@ -1,18 +1,16 @@ # 离线升级 -!!! warning "v3 版本与 v2 版本存在一定的差异,如需 v2 版本升级至 v3 版本 [请先阅读此文档](https://kb.fit2cloud.com/?p=06638d69-f109-4333-b5bf-65b17b297ed9){:target="_blank"}" +!!! warning "升级到 v4 前需要先升级到 v3 最新版本,否则升级将会直接失败" -!!! info "升级前请先参考 [升级或迁移须知](../upgrade_notice.md)" - -=== "离线升级(linux/amd64)" +=== "linux/amd64" !!! tip "" 从飞致云社区 [下载最新的 linux/amd64 离线包](https://community.fit2cloud.com/#/products/jumpserver/downloads){:target="_blank"}, 并上传到部署服务器的 /opt 目录。 !!! tip "" ```sh cd /opt - tar -xf jumpserver-offline-installer-{{ jumpserver.tag }}-amd64.tar.gz - cd jumpserver-offline-installer-{{ jumpserver.tag }}-amd64 + tar -xf jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz + cd jumpserver-ce-{{ jumpserver.tag }}-x86_64 ``` ```sh ./jmsctl.sh upgrade diff --git a/docs/installation/setup_linux_standalone/online_install.md b/docs/installation/setup_linux_standalone/online_install.md index 18169fdd..80ee727a 100644 --- a/docs/installation/setup_linux_standalone/online_install.md +++ b/docs/installation/setup_linux_standalone/online_install.md @@ -1,59 +1,211 @@ # 在线安装 -!!! tip "[JumpServer 部署环境要求可点击后进行参考](../setup_linux_standalone/requirements.md)" +!!! info "安装所需命令, 参考 [环境要求](./requirements.md) 手动安装" + +| OS/Arch | Architecture | Linux Kernel | Offline Name | +| :------------ | :----------- | :----------- | :----------------------------------------------- | +| linux/amd64 | x86_64 | >= 4.0 | jumpserver-installer-{{ jumpserver.tag }}.tar.gz | +| linux/arm64 | aarch64 | >= 4.0 | jumpserver-installer-{{ jumpserver.tag }}.tar.gz | +| linux/s390x | s390x | >= 4.0 | jumpserver-installer-{{ jumpserver.tag }}.tar.gz | + +??? info "可以使用由 [华为云](https://www.huaweicloud.com/) 提供的容器镜像服务" + | 区域 | 镜像仓库地址 | /opt/jumpserver/config/config.txt | Kubernetes values.yaml | OS/ARCH | + | :----------- | :----------------------------------- | --------------------------------- | --------------------------------------------------- | -------------- | + | 华北-北京一 | swr.cn-north-1.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.cn-north-1.myhuaweicloud.com | linux/amd64 | + | 华南-广州 | swr.cn-south-1.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.cn-south-1.myhuaweicloud.com | linux/amd64 | + | 华北-北京四 | swr.cn-north-4.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.cn-north-4.myhuaweicloud.com | linux/arm64 | + | 华东-上海一 | swr.cn-east-3.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.cn-east-3.myhuaweicloud.com | linux/arm64 | + | 西南-贵阳一 | swr.cn-southwest-2.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.ap-southeast-1.myhuaweicloud.com | linux/loong64 | + | 拉美-圣保罗一 | swr.sa-brazil-1.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.sa-brazil-1.myhuaweicloud.com | linux/s390x | ## 1. 安装部署 === "中国大陆" !!! tip "" -
- ```console - // root@localhost:/opt# - $ curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash - - ---> 100% - [Success]: download install script to /opt/jumpserver-installer-{{jumpserver.tag}} - [Info]: Start executing the installation script. - [Info]: In an automated script deployment, note the message prompts on the screen. - ---> 100% - [Success]: The Installation is Complete. - - For more commands, you can enter jmsctl --help to view help information. + ```sh + cd /opt + wget https://resource.fit2cloud.com/jumpserver/installer/releases/download/{{ jumpserver.tag }}/jumpserver-installer-{{ jumpserver.tag }}.tar.gz + tar -xf jumpserver-installer-{{ jumpserver.tag }}.tar.gz + cd jumpserver-installer-{{ jumpserver.tag }} ``` -
+ === "其他地区" !!! tip "" -
- ```console - // root@localhost:/opt# - $ curl -sSL https://github.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash - - ---> 100% - [Success]: download install script to /opt/jumpserver-installer-{{jumpserver.tag}} - [Info]: Start executing the installation script. - [Info]: In an automated script deployment, note the message prompts on the screen. - ---> 100% - [Success]: The Installation is Complete. - - For more commands, you can enter jmsctl --help to view help information. + ```sh + cd /opt + wget https://github.com/jumpserver/installer/releases/download/{{ jumpserver.tag }}/jumpserver-installer-{{ jumpserver.tag }}.tar.gz + tar -xf jumpserver-installer-{{ jumpserver.tag }}.tar.gz + cd jumpserver-installer-{{ jumpserver.tag }} ``` -
- -!!! tip "提示" - - 首次安装后需要修改配置文件,定义 DOMAINS 字段后即可正常使用 - - 如果服务器是一键安装并且旧版本就已经使用 JumpServer 开启了 HTTPS,则不需要进行任何更改。 - - 需要使用 IP 地址来访问 JumpServer 的场景,可以根据自己的 IP 类型来填写 config.txt 配置文件中 DOMAINS 字段为公网 IP 还是内网 IP。 +!!! tip "" + ```sh + # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改 + cat config-example.txt ``` - # 打开config.txt 配置文件,定义 DOMAINS 字段 - vim /opt/jumpserver/config/config.txt - - # 可信任 DOMAINS 定义, - # 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP, - # DOMAINS="demo.jumpserver.org" # 使用域名访问 - # DOMAINS="172.17.200.191" # 使用 IP 访问 - # DOMAINS="demo.jumpserver.org,172.17.200.191" # 使用 IP 和 域名一起访问 - DOMAINS= + ```vim + # JumpServer configuration file example. + # + # If you don't understand the purpose, you can skip modifying this configuration file, the system will automatically fill in + # Complete parameter documentation https://docs.jumpserver.org/zh/v3/guide/env/ + + ################################# Image Configuration ################################# + # + # The connection to docker.io in China will timeout or the download speed will be slow, enable this option to use Huawei Cloud image acceleration + # Replace the old version DOCKER_IMAGE_PREFIX + # + # DOCKER_IMAGE_MIRROR=1 + + # Image pull policy Always, IfNotPresent + # Always means that the latest image will be pulled every time, IfNotPresent means that the image will be pulled only if it does not exist locally + # + # IMAGE_PULL_POLICY=Always + + ############################## Installation Configuration ############################# + # + # JumpServer database persistence directory, by default, recordings, task logs are in this directory + # Please modify according to the actual situation, the database file (.sql) and configuration file backed up during the upgrade will also be saved to this directory + # + VOLUME_DIR=/data/jumpserver + + # Encryption key, please ensure that SECRET_KEY is consistent with the old environment when migrating, do not use special strings + # (*) Warning: Keep this value secret. + # (*) Do not disclose SECRET_KEY to anyone + # + SECRET_KEY= + + # The token used by the component to register with core, please keep BOOTSTRAP_TOKEN consistent with the old environment when migrating, + # Do not use special strings + # (*) Warning: Keep this value secret. + # (*) Do not disclose BOOTSTRAP_TOKEN to anyone + # + BOOTSTRAP_TOKEN= + + # Log level INFO, WARN, ERROR + # + LOG_LEVEL=ERROR + + # The network segment used by the JumpServer container, please do not conflict with the existing network, modify according to the actual situation + # + DOCKER_SUBNET=192.168.250.0/24 + + # ipv6 nat, no need to enable under normal circumstances + # If the host does not support ipv6, enabling this option will prevent the real client ip address from being obtained + # + USE_IPV6=0 + DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64 + + ################################# DB Configuration #################################### + # For external databases, you need to enter the correct database information, the system will automatically handle the built-in database + # (*) The password part must not contain single quotes and double quotes + # + DB_ENGINE=postgresql + DB_HOST=postgresql + DB_PORT=5432 + DB_USER=postgres + DB_PASSWORD= + DB_NAME=jumpserver + + # If external MySQL needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/mysql_ssl/ + # + # DB_USE_SSL=true + + ################################# Redis Configuration ################################# + # For external Redis, please enter the correct Redis information, the system will automatically handle the built-in Redis + # (*) The password part must not contain single quotes and double quotes + # + REDIS_HOST=redis + REDIS_PORT=6379 + REDIS_PASSWORD= + + # If you are using external Redis Sentinel, please manually fill in the following content + # + # REDIS_SENTINEL_HOSTS=mymaster/192.168.100.1:26379,192.168.100.1:26380,192.168.100.1:26381 + # REDIS_SENTINEL_PASSWORD=your_sentinel_password + # REDIS_PASSWORD=your_redis_password + # REDIS_SENTINEL_SOCKET_TIMEOUT=5 + + # If external Redis needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/redis_ssl/ + # + # REDIS_USE_SSL=true + + ################################# Access Configuration ################################ + # The service port provided to the outside, if it conflicts with the existing service, please modify it yourself + # + HTTP_PORT=80 + + ################################# HTTPS Configuration ################################# + # Refer to https://docs.jumpserver.org/zh/v3/installation/proxy/ for configuration + # + # HTTPS_PORT=443 + # SERVER_NAME=your_domain_name + # SSL_CERTIFICATE=your_cert + # SSL_CERTIFICATE_KEY=your_cert_key + # + + # Nginx file upload and download size limit + # + CLIENT_MAX_BODY_SIZE=4096m + + ################################# Component Configuration ############################# + # Component registration use, by default, register to the core container, the cluster environment needs to be modified to the cluster vip address + # + CORE_HOST=http://core:8080 + PERIOD_TASK_ENABLED=true + + # Core Session definition, + # SESSION_COOKIE_AGE indicates how many seconds the session expires after idling, + # SESSION_EXPIRE_AT_BROWSER_CLOSE=true means that the session expires as soon as the browser is closed + # + # SESSION_COOKIE_AGE=86400 + SESSION_EXPIRE_AT_BROWSER_CLOSE=false + + # Trusted DOMAINS definition, + # Define the trusted access IP, please modify according to the actual situation, if it is a public IP, please change to the corresponding public IP, + # DOMAINS="demo.jumpserver.org:443" + # DOMAINS="172.17.200.191:80" + # DOMAINS="demo.jumpserver.org:443,172.17.200.191:80" + DOMAINS= + + # Configure the components that do not need to be started, by default all components will be started, if you do not need a certain component, you can set {component name}_ENABLED to 0 to turn it off + # CORE_ENABLED=0 + # CELERY_ENABLED=0 + # KOKO_ENABLED=0 + # LION_ENABLED=0 + # CHEN_ENABLED=0 + # WEB_ENABLED=0 + + # Lion enables font smoothing to optimize the experience + # + JUMPSERVER_ENABLE_FONT_SMOOTHING=true + + ################################# XPack Configuration ################################# + # XPack package, invalid setting in open source version + # + SSH_PORT=2222 + RDP_PORT=3389 + XRDP_PORT=3390 + MAGNUS_MYSQL_PORT=33061 + MAGNUS_MARIADB_PORT=33062 + MAGNUS_REDIS_PORT=63790 + MAGNUS_POSTGRESQL_PORT=54320 + MAGNUS_SQLSERVER_PORT=14330 + MAGNUS_ORACLE_PORTS=30000-30030 + + ################################## Other Configuration ################################ + # The terminal uses the host HOSTNAME as the identifier, automatically generated during the first installation + # + SERVER_HOSTNAME=${HOSTNAME} + + # Use built-in SLB, if the client IP address obtained by the Web page is not correct, please set USE_LB to 0 + # When USE_LB is set to 1, use the configuration proxy_set_header X-Forwarded-For $remote_addr + # When USE_LB is set to 0, use the configuration proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + USE_LB=1 + + # The current running version number of JumpServer, automatically generated after installation and upgrade + # + TZ=Asia/Shanghai + CURRENT_VERSION= ``` !!! info "安装完成后 JumpServer 配置文件路径为: /opt/jumpserver/config/config.txt" @@ -80,6 +232,6 @@ ```sh 地址: http://:<服务运行端口> 用户名: admin - 密码: admin + 密码: ChangeMe ``` ![登录页面](../../img/online_install_01.png) diff --git a/docs/installation/setup_linux_standalone/online_upgrade.md b/docs/installation/setup_linux_standalone/online_upgrade.md index 937565bd..4f66b639 100644 --- a/docs/installation/setup_linux_standalone/online_upgrade.md +++ b/docs/installation/setup_linux_standalone/online_upgrade.md @@ -1,8 +1,6 @@ # 在线升级 -!!! warning "v3 版本与 v2 版本存在一定的差异,如需 v2 版本升级至 v3 版本 [请先阅读此文档](https://kb.fit2cloud.com/?p=06638d69-f109-4333-b5bf-65b17b297ed9){:target="_blank"}" - -!!! info "升级前请先参考 [升级或迁移须知](../upgrade_notice.md)" +!!! warning "升级到 v4 前需要先升级到 v3 最新版本,否则升级将会直接失败" === "中国大陆" !!! tip "" diff --git a/docs/installation/setup_linux_standalone/requirements.md b/docs/installation/setup_linux_standalone/requirements.md index 769bc83b..c8437369 100644 --- a/docs/installation/setup_linux_standalone/requirements.md +++ b/docs/installation/setup_linux_standalone/requirements.md @@ -4,14 +4,12 @@ !!! tip "" - 支持主流 Linux 发行版本(基于 Debian / RedHat,包括国产操作系统) - - Gentoo / Arch Linux 请通过 [源码安装](../source_install/requirements.md) + - Gentoo / Arch Linux 请通过源码安装 | 操作系统 | 架构 | Linux 内核 | 软件要求 | 最小化硬件配置 | | :------------ | :----------- | :------------ | :------------------------------------ | :-------------------- | | linux/amd64 | x86_64 | >= 4.0 | wget curl tar gettext iptables python | 2Core/8GB RAM/60G HDD | | linux/arm64 | aarch64 | >= 4.0 | wget curl tar gettext iptables python | 2Core/8GB RAM/60G HDD | -| linux/loong64 | loongarch64 | == 4.19 | wget curl tar gettext iptables python | 2Core/8GB RAM/60G HDD | - === "Debian / Ubuntu" !!! tip "" @@ -27,15 +25,13 @@ yum install -y wget curl tar gettext iptables ``` ## 2 数据库 -!!! tip "" - **JumpServer 需要使用 MySQL 或 MariaDB 存储数据,使用 Redis 缓存数据,如果有自建数据库或云数据库的使用需求请参考下列的数据库环境要求:** -!!! tip "我们支持[数据库 SSL 连接](../security_setup/mysql_ssl.md) 和 [Redis SSL 连接](../security_setup/redis_ssl.md)" +!!! tip "JumpServer 需要使用 PostgreSQL、MySQL 或 MariaDB 存储数据,使用 Redis 缓存数据" - -| 名称 | 版本 | 默认字符集 | 默认字符编码 | TLS/SSL | -| :------ | :------ | :--------------- | :----------------- | :--------------- | -| MySQL | >= 5.7 | utf8 | utf8_general_ci | :material-check: | -| MariaDB | >= 10.6 | utf8mb3 | utf8mb3_general_ci | :material-check: | +| 名称 | 版本 | 默认字符集 | 默认字符编码 | TLS/SSL | +| :--------- | :------ | :--------------- | :----------------- | :--------------- | +| PostgreSQL | >= 9.6 | UTF8 | en_US.utf8 | :material-check: | +| MySQL | >= 5.7 | utf8 | utf8_general_ci | :material-check: | +| MariaDB | >= 10.6 | utf8mb3 | utf8mb3_general_ci | :material-check: | | 名称 | 版本 | Sentinel | Cluster | TLS/SSL | | :------ | :------ | :--------------- | :----------------- | :--------------- | @@ -43,6 +39,21 @@ !!! tip "创建数据库 SQL 参考" + +=== "PostgreSQL" + !!! tip "" + ```pgsql + create database jumpserver with encoding='UTF8'; + ``` + ```pgsql + postgres=# \l + List of databases + Name | Owner | Encoding | Locale Provider | Collate | Ctype | ICU Locale | ICU Rules | Access privileges + --------------+------------+----------+-----------------+------------+------------+------------+-----------+----------------------- + jumpserver | postgres | UTF8 | libc | en_US.utf8 | en_US.utf8 | | | + (1 rows) + ``` + === "MySQL" !!! tip "" ```mysql diff --git a/docs/quick_start.md b/docs/quick_start.md index 2b044a4a..927ca99d 100644 --- a/docs/quick_start.md +++ b/docs/quick_start.md @@ -39,28 +39,11 @@ ``` -!!! tip "提示" - - 首次安装后需要修改配置文件,定义 DOMAINS 字段后即可正常使用。 - - 如果服务器是一键安装并且旧版本就已经使用 JumpServer 开启了 HTTPS,则不需要进行任何更改。 - - 需要使用 IP 地址来访问 JumpServer 的场景,可以根据自己的 IP 类型来填写 config.txt 配置文件中 DOMAINS 字段为公网 IP 还是内网 IP。 - - ``` - # 打开config.txt 配置文件,定义 DOMAINS 字段 - vim /opt/jumpserver/config/config.txt - - # 可信任 DOMAINS 定义, - # 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP, - # DOMAINS="demo.jumpserver.org" # 使用域名访问 - # DOMAINS="172.17.200.191" # 使用 IP 访问 - # DOMAINS="demo.jumpserver.org,172.17.200.191" # 使用 IP 和 域名一起访问 - DOMAINS= - ``` - !!! info "安装成功后,通过浏览器访问登录 JumpServer" ```sh 地址: http://:<服务运行端口> 用户名: admin - 密码: admin + 密码: ChangeMe ``` ## 2 资产管理 @@ -90,7 +73,7 @@ Default ├─ SSH Server └─ RDP Server - └─ DB + └─ DB Server ``` !!! warning "注意" @@ -136,18 +119,18 @@ !!! tip "" - | 名称 | 地址 | 节点 | 数据库 | 协议组 | 账号列表 | - | ------------ | ----- | ------------ | ---- | ----- | ----- | - | test_mysql01 | 172.16.80.31 | /Default/DB | test | mysql:3306 | 添加 | + | 名称 | 地址 | 节点 | 数据库 | 协议组 | 账号列表 | + | ------------ | ------------ | ------------------ | ----- | ----------- | -------- | + | test_mysql01 | 172.16.80.31 | /Default/DB Server | test | mysql:3306 | 添加 | !!! tip "" - 添加登录数据库用户样式如下: !!! tip "" - | 名称 | 用户名 | 特权用户 | 密文类型 | 密码 | - | ----------------- | ----- | ------ | ------- | -------- | - | 172.16.80.23_root | root | root | 密码 |Test2020.M | + | 名称 | 用户名 | 特权用户 | 密文类型 | 密码 | + | ----------------- | ----- | ------ | ------- | ---------- | + | 172.16.80.23_root | root | root | 密码 | Test2020.M | !!! warning "注意" - 名称、主机、数据库选项为必填项。 @@ -215,15 +198,6 @@ !!! warning "注意" - 不可以同时勾选 `使用 SSL` 和 `使用 TLS`。 -=== "EXCHANGE" - !!! tip "" - - | 名称 | 示例 | 备注 | - | ---------- | ---------------- | ---------------------------------- | - | EXCHANGE主机 | smtp.qq.com | 服务商提供的 smtp 服务器 | - | EXCHANGE帐号 | **********@qq.com | 通常是 `user@domain.com` | - | EXCHANGE密码 | **************** | 一些邮件提供商需要输入的是授权码 | - ## 6 常用功能操作 !!! tip "" diff --git a/mkdocs.yml b/mkdocs.yml index 2d16e67b..367ba69a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -39,157 +39,22 @@ theme: nav: - 产品介绍: index.md - 快速入门: quick_start.md - - 系统架构: architecture.md - 安装部署: - - 网络端口说明: installation/network_port.md - Linux 单机部署: - 环境要求: installation/setup_linux_standalone/requirements.md - - 离线安装: installation/setup_linux_standalone/offline_install.md - - 离线升级: installation/setup_linux_standalone/offline_upgrade.md - - 1Panel 安装: installation/setup_linux_standalone/1panel_install.md - 在线安装: installation/setup_linux_standalone/online_install.md + - 离线安装: installation/setup_linux_standalone/offline_install.md - 在线升级: installation/setup_linux_standalone/online_upgrade.md - - Linux 集群模式部署: - - 准备工作: installation/setup_linux_lb/requirements.md - - 部署 NFS 服务: installation/setup_linux_lb/nfs_install.md - - 部署 MySQL 服务: installation/setup_linux_lb/mysql_install.md - - 部署 Redis 服务: installation/setup_linux_lb/redis_install.md - - 部署 JumpServer 01 节点: installation/setup_linux_lb/installation_node01.md - - 部署 JumpServer 02 节点: installation/setup_linux_lb/installation_node02.md - - 部署 JumpServer 03 节点: installation/setup_linux_lb/installation_node03.md - - 部署 JumpServer 04 节点: installation/setup_linux_lb/installation_node04.md - - 部署 HAProxy 服务: installation/setup_linux_lb/haproxy_install.md - - 部署 MinIO 服务: installation/setup_linux_lb/minio_install.md - - 部署 Elasticsearch 服务: installation/setup_linux_lb/elasticsearch_install.md - - 注意事项: installation/setup_linux_lb/linux_lb_upgrade.md - - Kubernetes Helm 模式部署: - - 在线安装: installation/setup_kubernetes/helm_online_install.md - - 在线升级: installation/setup_kubernetes/helm_online_upgrade.md - - 源码部署: - - 环境说明: installation/source_install/requirements.md - - Core 环境部署: installation/source_install/core_install.md - - Lina 环境部署: installation/source_install/lina_install.md - - Luna 环境部署: installation/source_install/luna_install.md - - KoKo 环境部署: installation/source_install/koko_install.md - - Lion 环境部署: installation/source_install/lion_install.md - - Magnus 环境部署: installation/source_install/magnus_install.md - - Nginx 环境部署: installation/source_install/nginx_install.md - - JumpServer 环境整合: installation/source_install/merge_jumpserver.md - - 迁移文档: installation/migration.md - - 升级须知: installation/upgrade_notice.md - - 反向代理: installation/proxy.md - - 资源下载: installation/download.md - - 命令行工具: installation/jmsctl_sh.md - - 数据库加密连接: - - 数据库 SSL 连接: installation/security_setup/mysql_ssl.md - - Redis SSL 连接: installation/security_setup/redis_ssl.md - - 功能手册: - - 页面说明: guide/index_description.md - - 通用功能: guide/currency.md - - 资产要求: - - Telnet: guide/asset_requirements/telnet.md - - Linux SSH: guide/asset_requirements/linux_ssh.md - - Linux VNC: guide/asset_requirements/linux_vnc.md - - macOS VNC: guide/asset_requirements/macos_vnc.md - - Windows SSH: guide/asset_requirements/windows_ssh.md - - Windows VNC: guide/asset_requirements/windows_vnc.md - - Windows RDP: guide/asset_requirements/windows_rdp.md - - MySQL: guide/asset_requirements/mysql.md - - Kubernetes: guide/asset_requirements/kubernetes.md - - 管理手册: - - 仪表盘: guide/admin/dashboard.md - - 用户管理: - - 用户列表: guide/admin/user/user_list.md - - 用户组: guide/admin/user/user_group.md - - 角色列表 (X-Pack): guide/admin/user/role_list.md - - 资产管理: - - 资产列表: guide/admin/asset/asset_list.md - - 网域列表: guide/admin/asset/domain_list.md - - 平台列表: guide/admin/asset/platform_list.md - - 账号管理: - - 账号列表: guide/admin/account/account_list.md - - 账号模版: guide/admin/account/account_template.md - - 账号推送: guide/admin/account/account_push.md - - 账号收集 (X-Pack): guide/admin/account/account_gather.md - - 账号改密 (X-Pack): guide/admin/account/account_change_secret.md - - 账号备份 (X-Pack): guide/admin/account/account_backup.md - - 权限管理: - - 资产授权: guide/admin/permission/asset_permissions.md - - 用户登录: guide/admin/permission/user_acls.md - - 命令过滤: guide/admin/permission/cmd_acls.md - - 资产登录 (X-Pack): guide/admin/permission/host_acls.md - - 连接方式(X-Pack): guide/admin/permission/connect_method_acls.md - - 更多选项: - - 标签列表: guide/admin/more_options/label_list.md - - 工单 (X-Pack): guide/admin/admin_tickets.md - - 审计手册: - - 仪表盘: guide/audit/dashboard.md - - 会话审计: - - 会话记录: guide/audit/session_audit/session_record.md - - 命令记录: guide/audit/session_audit/command_record.md - - 文件传输: guide/audit/session_audit/ftp.md - - 日志审计: - - 登录日志: guide/audit/log_audit/login_log.md - - 操作日志: guide/audit/log_audit/operation_log.md - - 改密日志: guide/audit/log_audit/secret_change_log.md - - 作业日志: guide/audit/log_audit/job_log.md - - 用户手册: - - 概览页: guide/user/index_overview.md - - 个人信息: - - 用户信息: guide/user/personal_information/user_information.md - - 认证设置: guide/user/personal_information/authentication_settings.md - - 偏好设置: guide/user/personal_information/preference_settings.md - - API Key: guide/user/personal_information/api_key.md - - 临时密码: guide/user/personal_information/temporary_passwd.md - - 连接令牌: guide/user/personal_information/connect_token.md - - Passkey: guide/user/personal_information/passkey.md - - 我的资产: guide/user/my_asset.md - - Web 终端: guide/user/web_terminal.md - - 文件管理: guide/user/file_management.md - - 作业中心: - - 快捷命令: guide/user/ops/quick_command.md - - 作业管理: guide/user/ops/job_management.md - - 模版管理: guide/user/ops/template_management.md - - 执行历史: guide/user/ops/execution_history.md - - 工单 (X-Pack): guide/user/user_tickets.md - - 系统设置: - - 概览页: guide/system/index_overview.md - - 基本设置: guide/system/basic.md - - 组织管理 (X-Pack): guide/system/organization.md - - 消息通知: guide/system/message.md - - 功能设置: guide/system/function.md - - 认证设置: - - MFA: guide/system/authentication/mfa.md - - LDAP: guide/system/authentication/ldap.md - - CAS: guide/system/authentication/cas.md - - Passkey: guide/system/authentication/passkey.md - - SSO (X-Pack): guide/system/authentication/sso.md - - OpenID (X-Pack): guide/system/authentication/openid.md - - SAML2 (X-Pack): guide/system/authentication/saml2.md - - Slack (X-Pack): guide/system/authentication/slack.md - - Radius (X-Pack): guide/system/authentication/radius.md - - 钉钉 (X-Pack): guide/system/authentication/dingtalk.md - - 微信 (X-Pack): guide/system/authentication/wechat.md - - 飞书 (X-Pack): guide/system/authentication/feishu.md - - 存储设置: guide/system/storages.md - - 组件设置: guide/system/component.md - - 远程应用: guide/system/remoteapp.md - - 安全设置: guide/system/security.md - - 界面设置 (X-Pack): guide/system/index_logo.md - - 系统工具: guide/system/tools.md - - 系统任务: guide/system/tasks.md - - 参数说明: guide/env.md - - 存储说明: guide/storages.md - - 最佳实践: best_practices.md + - 离线升级: installation/setup_linux_standalone/offline_upgrade.md - 常见问题: - 产品 FAQ: faq/faq.md - 安全建议: faq/security.md - - 企业版: faq/enterprise.md + - 企业版: https://www.jumpserver.org/enterprise.html - 开发文档: - API 文档: dev/rest_api.md - 交互命令: dev/shell.md - 用户案例: user_stories.md - - 更新日志: change_log.md + - 更新日志: https://github.com/jumpserver/jumpserver/releases/latest - 技术咨询: https://jinshuju.net/f/sQ91MK - 联系我们: contact.md @@ -238,9 +103,7 @@ markdown_extensions: extra: jumpserver: - tag: v3.10.10 - jmservisor: v1.2.5 - wisp: v0.1.16 + tag: v4.0.0 search: separator: '[\s\-\.]+' language: 'zh' diff --git a/theme/main.html b/theme/main.html index 4e6a3769..6a1cfe7e 100644 --- a/theme/main.html +++ b/theme/main.html @@ -15,26 +15,6 @@ {{ super() }} {% endblock styles %} -{% block content %} - {{ super() }} - -{% endblock %} - - {% block footer %}