通过 SSL 证书访问 JumpServer 的配置方案


Administrator
飞致云 发布于 2022-08-15 / 9320 阅读 / 0 评论 /
本文主要介绍在 JumpServer V2 (2.24版本左右) 和 V3 版本环境中,用户如何配置和替换自己的 SSL 证书,使用户能够通过 HTTPS 方式通过443端口正常访问 JumpServer。

概述

本文主要介绍在 JumpServer V2 (2.24版本左右) 和 V3 版本环境中,用户如何配置和替换自己的 SSL 证书,使用户能够通过 HTTPS 方式通过443端口正常访问 JumpServer。

替换证书

如果需要 Jumpserver 开启 HTTPS 服务,则需要将自己的证书上传至部署堡垒机的服务器上,上传位置为 /opt/jumpserver/config/nginx/cert(该目录为默认映射目录不可修改。使用该目录的前提是 JumpServer 的安装目录为 /opt/jumpserver)。

要完成证书的配置和替换,可以通过以下两种方式完成。

方式一

修改新上传的文件名称分别为 server.crt 以及 server.key.

  • 将证书放到 /opt/jumpserver/config/nginx/cert 目录下。

[root@Test4LinuxRemoteApp cert]# pwd
/opt/jumpserver/config/nginx/cert
[root@Test4LinuxRemoteApp cert]# ls
server.crt  server.key
  • 修改配置文件前需要先关闭 JumpServer 服务

[+] Running 15/15
 ✔ Container jms_core    Removed                                                                                                                        2.8s
 ✔ Container jms_redis   Removed                                                                                                                          5.2s
 ✔ Container jms_celery  Removed                                                                                                                          2.4s
 ✔ Container jms_web     Removed                                                                                                                         11.9s
 ✔ Container jms_video   Removed                                                                                                                         11.1s
 ✔ Container jms_kael    Removed                                                                                                                         11.3s
 ✔ Container jms_chen    Removed                                                                                                                         11.6s
 ✔ Container jms_lion    Removed                                                                                                                         11.5s
 ✔ Container jms_mysql   Removed                                                                                                                          9.4s
 ✔ Container jms_panda   Removed                                                                                                                         11.4s
 ✔ Container jms_magnus  Removed                                                                                                                         15.7s
 ✔ Container jms_koko    Removed                                                                                                                         14.4s
 ✔ Container jms_razor   Removed                                                                                                                         14.1s
 ✔ Container jms_xrdp    Removed                                                                                                                         13.7s
 ✔ Network jms_net       Removed                                                                                                                          0.9s
[root@Test4LinuxRemoteApp jumpserver-offline-release-v3.10.6-amd64]#

  • 修改 JumpServer 的配置文件(默认位于 /opt/jumpserver/config/config.txt)默认配置如下所示:

################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
#HTTPS_PORT=443
# SERVER_NAME=your_domain_name
#SSL_CERTIFICATE=your_cert
#SSL_CERTIFICATE_KEY=your_cert_key
#
  • 修改配置,使 JumpServer 开启 HTTPS 服务 修改如下所示:

################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
HTTPS_PORT=443
SERVER_NAME=your_domain_name
SSL_CERTIFICATE=your_cert
SSL_CERTIFICATE_KEY=your_cert_key
#
  • 重新启动 JumpServer

[root@Test4LinuxRemoteApp jumpserver-offline-release-v3.10.6-amd64]# ./jmsctl.sh start
[+] Running 14/15
 ⠦ Network jms_net       Created                                                                                                                          5.6s
 ✔ Container jms_web     Started                                                                                                                          3.7s
 ✔ Container jms_razor   Started                                                                                                                          4.6s
 ✔ Container jms_koko    Started                                                                                                                          4.1s
 ✔ Container jms_celery  Started                                                                                                                          4.1s
 ✔ Container jms_redis   Started                                                                                                                          4.0s
 ✔ Container jms_xrdp    Started                                                                                                                          3.7s
 ✔ Container jms_magnus  Started                                                                                                                          5.0s
 ✔ Container jms_panda   Started                                                                                                                          3.7s
 ✔ Container jms_chen    Started                                                                                                                          4.1s
 ✔ Container jms_mysql   Started                                                                                                                          3.7s
 ✔ Container jms_lion    Started                                                                                                                          3.7s
 ✔ Container jms_core    Started                                                                                                                          4.1s
 ✔ Container jms_kael    Started                                                                                                                          3.7s
 ✔ Container jms_video   Started                                  
  • 重启 JumpServer 并查看启动结果。

在V2.24 可以看到新增了一个容器 jms_lb

V3 则没有模块变化。

[root@Test4LinuxRemoteApp jumpserver-offline-release-v3.10.6-amd64]# docker ps -a
CONTAINER ID   IMAGE                                                    COMMAND                  CREATED              STATUS                          PORTS                                                                                                                                                                                                                                                                                                 NAMES
b4ea5e06db37   registry.fit2cloud.com/jumpserver/chen:v3.10.6           "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   8082/tcp                                                                                                                                                                                                                                                                                              jms_chen
b0bd39ba4565   jumpserver/redis:6.2                                     "docker-entrypoint.s…"   About a minute ago   Up About a minute (healthy)     6379/tcp                                                                                                                                                                                                                                                                                              jms_redis
14ba212c54d4   registry.fit2cloud.com/jumpserver/core-ee:v3.10.6        "./entrypoint.sh sta…"   About a minute ago   Up About a minute (unhealthy)   8080/tcp                                                                                                                                                                                                                                                                                              jms_core
a3583e610b23   registry.fit2cloud.com/jumpserver/video-worker:v3.10.6   "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   9000/tcp                                                                                                                                                                                                                                                                                              jms_video
56129f6ba1c4   registry.fit2cloud.com/jumpserver/magnus:v3.10.6         "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   0.0.0.0:14330->14330/tcp, :::14330->14330/tcp, 0.0.0.0:30000-30002->30000-30002/tcp, :::30000-30002->30000-30002/tcp, 0.0.0.0:33061-33062->33061-33062/tcp, :::33061-33062->33061-33062/tcp, 0.0.0.0:54320->54320/tcp, :::54320->54320/tcp, 8088/tcp, 0.0.0.0:63790->63790/tcp, :::63790->63790/tcp   jms_magnus
b5fb7ad477b2   registry.fit2cloud.com/jumpserver/kael:v3.10.6           "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   8083/tcp                                                                                                                                                                                                                                                                                              jms_kael
bddd9c66441f   registry.fit2cloud.com/jumpserver/koko:v3.10.6           "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   0.0.0.0:2222->2222/tcp, :::2222->2222/tcp, 5000/tcp                                                                                                                                                                                                                                                   jms_koko
48ca1f2b5a7f   registry.fit2cloud.com/jumpserver/xrdp:v3.10.6           "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   0.0.0.0:3390->3390/tcp, :::3390->3390/tcp                                                                                                                                                                                                                                                             jms_xrdp
3cf88384957f   registry.fit2cloud.com/jumpserver/panda:v3.10.6          "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   9001/tcp                                                                                                                                                                                                                                                                                              jms_panda
2debb7ba6553   registry.fit2cloud.com/jumpserver/razor:v3.10.6          "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   0.0.0.0:3389->3389/tcp, :::3389->3389/tcp                                                                                                                                                                                                                                                             jms_razor
f06a6f0e8ad7   registry.fit2cloud.com/jumpserver/lion:v3.10.6           "./entrypoint.sh"        About a minute ago   Up About a minute (unhealthy)   4822/tcp, 8081/tcp                                                                                                                                                                                                                                                                                    jms_lion
c39ac3f047e8   jumpserver/mariadb:10.6                                  "docker-entrypoint.s…"   About a minute ago   Up About a minute (healthy)     3306/tcp                                                                                                                                                                                                                                                                                              jms_mysql
1c649811179a   registry.fit2cloud.com/jumpserver/web:v3.10.6            "/docker-entrypoint.…"   About a minute ago   Up About a minute (unhealthy)   0.0.0.0:80->80/tcp, :::80->80/tcp                                                                                                                                                                                                                                                                     jms_web
6ed3fa66a1c9   registry.fit2cloud.com/jumpserver/core-ee:v3.10.6        "./entrypoint.sh sta…"   About a minute ago   Up About a minute (unhealthy)   8080/tcp                                                                                                                                                                                                                                                                                              jms_celery

登录 JumpServer,查看 HTTPS 是否正常开启,证书是否生效(登录页面无安全风险提示)。

替换方式二

将上传的文件放置到 /opt/jumpserver/config/nginx/cert。
根据实际使用的证书名称修改 JumpServer 的配置文件中的 HTTPS 配置的相关部分。

################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
HTTPS_PORT=443
SERVER_NAME=your_domain_name
SSL_CERTIFICATE=server.crt
SSL_CERTIFICATE_KEY=server.key
#

然后重新启动 JumpServer 服务,待重启结束,各个模块状态正常后,访问验证。



是否对你有帮助?