diff --git a/.github/workflows/check-latest-version.yml b/.github/workflows/check-latest-version.yml new file mode 100644 index 00000000..e5600ce6 --- /dev/null +++ b/.github/workflows/check-latest-version.yml @@ -0,0 +1,30 @@ +name: Check Release +on: + workflow_dispatch: + schedule: + - cron: '0 20 * * *' +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: v4.0 + + - name: Get Version + run: | + version=$(curl -s https://api.github.com/repos/jumpserver/jumpserver/releases/latest | jq -r .tag_name) + echo "Current Version: ${version}" + if [ -z "${version}" ]; then + exit 1 + fi + echo "version=${version}" >> $GITHUB_ENV + grep -q "tag: v${version}" mkdocs.yml || echo "update=true" >> $GITHUB_ENV + + - name: Update Version + if: env.update == 'true' + run: | + sed -i "s@tag: v.*@tag: ${{ env.version }}@" mkdocs.yml + git add . + git commit -m "Update Version to ${{ env.version }}" + git push origin HEAD \ No newline at end of file diff --git a/docs/dev/rest_api.md b/docs/dev/rest_api.md index d46ea808..e297204c 100644 --- a/docs/dev/rest_api.md +++ b/docs/dev/rest_api.md @@ -6,22 +6,9 @@ ## 1 API 访问 !!! tip "" - | Version | Access method | example | - | --------- | ------------------------ | ---------------------------------- | - | < 2.0.0 | `http:///docs` | `http://192.168.244.144/docs` | - | >=2.0.0 | `http:///api/docs/` | `http://192.168.244.144/api/docs/` | - | >=2.6.0 | `http:///api/docs/` | `http://192.168.244.144/api/docs/` | - -!!! tip "版本小于 v2.6 需要打开 DEBUG 模式" - ```sh - vi config.yml - ``` - ```yaml - ... - # 如果版本更低的话,配置文件是 config.py - # Debug = true - DEBUG: true - ``` + | Version | Access method | example | + | ------------------------ | ------------------------ | ---------------------------------- | + | `{{ jumpserver.tag }}` | `http:///api/docs/` | `http://192.168.244.144/api/docs/` | ### 1.2 页面效果 ![api_swagger](../img/api_swagger.png) diff --git a/docs/dev/shell.md b/docs/dev/shell.md index e676d306..3da813b3 100644 --- a/docs/dev/shell.md +++ b/docs/dev/shell.md @@ -1,7 +1,6 @@ # 交互命令 !!! warning "操作不当将导致数据丢失,操作前请仔细确认" -!!! tip "参考 [Django 文档](https://docs.djangoproject.com/zh-hans/3.2/intro/tutorial02/)" ## 1 操作方法 diff --git a/docs/index.md b/docs/index.md index af806d4f..45227090 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,30 +1,5 @@ # 产品介绍 -??? warning "重要通知 | JumpServer 漏洞通知及修复方案(JS-2024.03.29)" - **2024年3月,有用户反馈发现 JumpServer 开源堡垒机存在安全漏洞,并向 JumpServer 开源项目组进行上报。** - - **漏洞信息:** -
[Ansible Playbook 文件存在 JinJa2 模版代码注入导致的 Celery 容器远程执行漏洞,CVE编号为CVE-2024-29202。](https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch) -
[JumpServer 作业管理中 Ansible Playbook 文件存在参数验证缺陷导致的 Celery 容器远程执行漏洞,CVE编号为CVE-2024-29201。](https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj) -
[JumpServer 作业管理中 Ansible Playbook 文件存在用户权限未隔离漏洞,CVE编号为CVE-2024-29020。](https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62) -
[JumpServer 作业管理中文件管理批量传输功能存在不安全直接对象引用(IDOR)漏洞,CVE编号为CVE-2024-29024。](https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q) - - **以上漏洞影响版本为:**
JumpServer v3.0.0-v3.10.6版本 - - **安全版本为:**
JumpServer版本>=v3.10.7版本 - - **修复方案:** -
**永久修复方案:** 升级 JumpServer 软件至上述安全版本。 -
**临时修复方案:** 关闭作业中心功能。关闭作业中心功能的具体步骤为: -
以管理员身份登录至JumpServer堡垒机。依次选择“系统设置”→“功能设置”→“任务中心”,在打开的页面中关闭作业中心功能。 -
![close_job](img/close_job.png) - - **特别鸣谢:**
感谢以下社区用户向JumpServer开源社区及时反馈上述漏洞。 -
CVE-2024-29202:@oskar-zeinomahmalat-sonarsource -
CVE-2024-29201:@oskar-zeinomahmalat-sonarsource -
CVE-2024-29020: @ilyazavyalov -
CVE-2024-29024: @secur30nly - ## 1 JumpServer 是什么? !!! tip "" JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的专业运维安全审计系统。JumpServer 帮助企业以更安全的方式管控和登录所有类型的资产,实现事前授权、事中监察、事后审计,满足等保合规要求。 @@ -46,29 +21,7 @@ !!! tip "文档指引" - **JumpServer 介绍** - [**产品简介**](https://docs.jumpserver.org/zh/v3/)       [**安装部署**](installation/setup_linux_standalone/requirements/)       [**体验环境**](https://demo.jumpserver.org/ )       [**企业试用**](https://jinshuju.net/f/kyOYpi)       [**社区论坛**](https://bbs.fit2cloud.com/c/js/5) - - - **功能指南** - - [**用户管理**](guide/admin/user/user_list/)       [**资产管理**](guide/admin/asset/asset_list/)       [**帐号管理**](guide/admin/account/account_list/)       [**权限管理**](guide/admin/permission/asset_permissions/) - - [**远程应用**](guide/system/remoteapp/)       [**会话审计**](guide/audit/session_audit/session_record/)       [**日志审计**](guide/audit/log_audit/login_log/) - - [**文件管理**](guide/user/file_management/)       [**作业中心**](guide/user/ops/quick_command/)       [**资产连接**](guide/user/web_terminal/)       [**系统设置**](guide/system/basic/) - - - **企业应用(X-Pack)** - - [**资产登录复核**](guide/admin/permission/host_acls/)     [**连接方式控制**](guide/admin/permission/connect_method_acls/) - - [**工单**](guide/admin/admin_tickets/)         [**云同步**](guide/admin/asset/asset_list/#33)        [**角色列表**](guide/admin/user/role_list/) - - [**帐号收集**](guide/admin/account/account_gather/)       [**帐号改密**](guide/admin/account/account_change_secret/)       [**帐号备份**](guide/admin/account/account_backup/) - - [**短信设置**](guide/system/message/#2-x-pack)       [**界面设置**](guide/system/index_logo/)       [**组织管理**](guide/system/organization/)       [**认证设置**](faq/faq/#4) - - - **进阶学习** - - [**客户案例**](user_stories/)       [**视频学习**](https://space.bilibili.com/510493147/channel/collectiondetail?sid=1394720)       [**更多实践**](https://kb.fit2cloud.com/categories/jumpserver)  + [**产品简介**](https://docs.jumpserver.org/zh/v3/)       [**安装部署**](installation/setup_linux_standalone/requirements/)       [**体验环境**](https://demo.jumpserver.org/ )       [**企业试用**](https://jinshuju.net/f/kyOYpi)       [**社区论坛**](https://bbs.fit2cloud.com/c/js/5)       [**20分钟掌握 JumpServer 视频教学**](https://www.bilibili.com/video/BV11AsDegEo8/?from_spmid=main.space-contribution.0.0&plat_id=411&share_from=season&share_medium=android&share_plat=android&share_session_id=b4f8e48e-a702-4117-b312-8674afac5150&share_source=WEIXIN&share_tag=s_i&spmid=united.player-video-detail.0.0×tamp=1727075002&unique_k=O5Z1B2e) ## 2 产品特色 !!! tip "" diff --git a/docs/installation/setup_kubernetes/helm_online_install.md b/docs/installation/setup_kubernetes/helm_online_install.md index 222d991b..dad98a28 100644 --- a/docs/installation/setup_kubernetes/helm_online_install.md +++ b/docs/installation/setup_kubernetes/helm_online_install.md @@ -1,13 +1,10 @@ # 在线安装 -??? info "国内可以使用由 [华为云](https://www.huaweicloud.com/) 提供的容器镜像服务" - | 区域 | 镜像仓库地址 | 配置文件 /opt/jumpserver/config/config.txt | Kubernetes values.yaml | OS/ARCH | - | :----------- | :----------------------------------- | -------------------------------------------------------- | ------------------------------------------------ | -------------- | - | 华北-北京一 | swr.cn-north-1.myhuaweicloud.com | DOCKER_IMAGE_PREFIX=swr.cn-north-1.myhuaweicloud.com | repository: swr.cn-north-1.myhuaweicloud.com | linux/amd64 | - | 华南-广州 | swr.cn-south-1.myhuaweicloud.com | DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com | repository: swr.cn-south-1.myhuaweicloud.com | linux/amd64 | - | 华北-北京四 | swr.cn-north-4.myhuaweicloud.com | DOCKER_IMAGE_PREFIX=swr.cn-north-4.myhuaweicloud.com | repository: swr.cn-north-4.myhuaweicloud.com | linux/arm64 | - | 华东-上海一 | swr.cn-east-3.myhuaweicloud.com | DOCKER_IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com | repository: swr.cn-east-3.myhuaweicloud.com | linux/arm64 | - | 西南-贵阳一 | swr.cn-southwest-2.myhuaweicloud.com | DOCKER_IMAGE_PREFIX=swr.ap-southeast-1.myhuaweicloud.com | repository: swr.ap-southeast-1.myhuaweicloud.com | linux/loong64 | +??? info "可以使用由 [华为云](https://www.huaweicloud.com/) 提供的容器镜像服务" + | 区域 | 镜像仓库地址 | Kubernetes values.yaml | OS/ARCH | + | :----------- | :----------------------------------- | --------------------------------------------------- | -------------- | + | 华北-北京一 | swr.cn-north-1.myhuaweicloud.com | imageRegistry: swr.cn-north-1.myhuaweicloud.com | linux/amd64 | + | 华南-广州 | swr.cn-south-1.myhuaweicloud.com | imageRegistry: swr.cn-south-1.myhuaweicloud.com | linux/amd64 | ## 1 环境要求 @@ -22,882 +19,33 @@ helm repo list ``` +!!! tip "" + | Name | Description | Value | + | :------------------------ | :---------------------------------------------- | :---------------------- | + | global.imageRegistry | Global Docker image registry | docker.io | + | global.imageOwner | Global Docker image owner | jumpserver | + | global.imagePullSecrets | Global Docker registry secret names as an array | [] | + | global.storageClass | Global StorageClass for Persistent Volume(s) | "" | + | externalDatabase.engine | External database engine | postgresql | + | externalDatabase.host | External database host | localhost | + | externalDatabase.port | External database port | 5432 | + | externalDatabase.user | External database user | postgres | + | externalDatabase.password | External database password | "" | + | externalDatabase.database | External database name | jumpserver | + | externalRedis.host | External Redis host | localhost | + | externalRedis.port | External Redis port | 6379 | + | externalRedis.password | External Redis password | "" | + | ingress.enabled | Enable ingress | true | + | ingress.hosts | Ingress hosts | ["test.jumpserver.org"] | + | core.config.secretKey | Core secret key | "" | + | core.config.bootstrapToken| Core bootstrap token | "" | + | core.env.DOMAINS | CSRF_TRUSTED_ORIGINS | "test.jumpserver.org | + ### 2.2 编辑 JumpServer values.yaml 文件 !!! tip "" ```sh vi values.yaml ``` - ```yaml - # 模板 https://github.com/jumpserver/helm-charts/blob/main/charts/jumpserver/values.yaml - # Default values for jumpserver. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - - nameOverride: "" - fullnameOverride: "" - - ## @param global.imageRegistry Global Docker image registry - ## @param global.imagePullSecrets Global Docker registry secret names as an array - ## @param global.storageClass Global StorageClass for Persistent Volume(s) - ## @param global.redis.password Global Redis™ password (overrides `auth.password`) - ## - global: - imageRegistry: ghcr.io - imageOwner: jumpserver - ## E.g. - # imagePullSecrets: - # - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - - ## Please configure your MySQL server first - ## Jumpserver will not start the external MySQL server. - ## - externalDatabase: - engine: mysql - host: localhost - port: 3306 - user: root - password: "" - database: jumpserver - - ## Please configure your Redis server first - ## Jumpserver will not start the external Redis server. - ## - externalSentinel: {} - # hosts: mymaster/localhost:26379,localhost:26380,localhost:26381 - # password: "" - # socketTimeout: 5 - - ## Sentinel or Redis one of them must be configured. - - externalRedis: - host: localhost - port: 6379 - password: "" - - serviceAccount: - ## Specifies whether a service account should be created - create: false - ## The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template - name: - - ingress: - enabled: true - annotations: - # kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: "4096m" - nginx.ingress.kubernetes.io/server-snippets: | - proxy_set_header Upgrade "websocket"; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - hosts: - - "test.jumpserver.org" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - core: - enabled: true - - labels: - app.jumpserver.org/name: jms-core - - config: - ## Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` - secretKey: "" - ## Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` - bootstrapToken: "" - ## Enabled it for debug - debug: false - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: - ## See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core - SESSION_EXPIRE_AT_BROWSER_CLOSE: true - # SESSION_COOKIE_AGE: 86400 - # SECURITY_VIEW_AUTH_NEED_MFA: true - ## Django CSRF_TRUSTED_ORIGINS need to be set to the domain name of the jumpserver (https://docs.jumpserver.org/zh/v3/installation/upgrade_notice/) - # DOMAINS: "demo.jumpserver.org:443, 172.17.200.11:80" - - livenessProbe: - initialDelaySeconds: 90 - failureThreshold: 3 - timeoutSeconds: 5 - exec: - command: - - curl - - -fsL - - http://localhost:8080/api/health/ - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8080 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 1000m - # memory: 2048Mi - # requests: - # cpu: 500m - # memory: 1024Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 100Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - koko: - enabled: true - - labels: - app.jumpserver.org/name: jms-koko - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: [] - ## See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko - # LANGUAGE_CODE: zh - # REUSE_CONNECTION: true - # ENABLE_LOCAL_PORT_FORWARD: true - # ENABLE_VSCODE_SUPPORT: true - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - httpGet: - path: /koko/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: - privileged: true - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 5000 - ssh: - port: 2222 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - lion: - enabled: true - - labels: - app.jumpserver.org/name: jms-lion - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: - ## See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion - JUMPSERVER_ENABLE_FONT_SMOOTHING: true - # JUMPSERVER_COLOR_DEPTH: 32 - # JUMPSERVER_ENABLE_WALLPAPER: true - # JUMPSERVER_ENABLE_THEMING: true - # JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true - # JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true - # JUMPSERVER_ENABLE_MENU_ANIMATIONS: true - - livenessProbe: - initialDelaySeconds: 90 - failureThreshold: 3 - timeoutSeconds: 5 - httpGet: - path: /lion/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8081 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - magnus: - enabled: true - - labels: - app.jumpserver.org/name: jms-magnus - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - tcpSocket: - port: 9090 - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - mysql: - port: 33061 - mariadb: - port: 33062 - redis: - port: 63790 - postgresql: - port: 54320 - sqlserver: - port: 14330 - oracle: - ports: 30000-30100 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - chen: - enabled: true - - labels: - app.jumpserver.org/name: jms-chen - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 60 - failureThreshold: 3 - timeoutSeconds: 5 - tcpSocket: - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8082 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - kael: - enabled: true - - labels: - app.jumpserver.org/name: jms-kael - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - httpGet: - path: /kael/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8083 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - xpack: - enabled: false - - xrdp: - labels: - app.jumpserver.org/name: jms-xrdp - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - tcpSocket: - port: rdp - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - rdp: - port: 3390 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - razor: - labels: - app.jumpserver.org/name: jms-razor - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - tcpSocket: - port: rdp - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - rdp: - port: 3389 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - video: - labels: - app.jumpserver.org/name: jms-video - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - httpGet: - path: /video-worker/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - service: - type: ClusterIP - web: - port: 9000 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - web: - enabled: true - - labels: - app.jumpserver.org/name: jms-web - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: - # nginx client_max_body_size, default 4G - CLIENT_MAX_BODY_SIZE: 4096m - ## See: https://github.com/jumpserver/docker-web/blob/master/init.sh#L37 - # USE_LB: 1, then nginx use 'proxy_set_header X-Forwarded-For $remote_addr' - # USE_LB: 0, then nginx use 'proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for' - USE_LB: 0 - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - httpGet: - path: /api/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 80 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 1Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - ``` ### 2.3 安装 JumpServer diff --git a/docs/installation/setup_kubernetes/helm_online_upgrade.md b/docs/installation/setup_kubernetes/helm_online_upgrade.md index 551b1cb6..7c47a3d1 100644 --- a/docs/installation/setup_kubernetes/helm_online_upgrade.md +++ b/docs/installation/setup_kubernetes/helm_online_upgrade.md @@ -1,17 +1,14 @@ # 在线升级 -!!! warning "注意" - - [JumpServer 在做升级或迁移操作前,请先阅读升级须知](../upgrade_notice.md) - - 升级前做好数据库的备份工作是一个良好的习惯。 +!!! warning "升级到 v4 前需要先升级到 v3 最新版本,否则升级将会直接失败" !!! tip "" - 请先手动备份好数据库, 然后继续操作。 - - values.yaml 从 https://github.com/jumpserver/helm-charts/blob/main/charts/jumpserver/values.yaml 获取。 + - values.yaml 从 https://github.com/jumpserver/helm-charts/blob/main/charts/jumpserver/values.yaml 获取指定版本的配置文件。 + - 不想使用 values.yaml 可以使用 --set key=value 的方式传参 +!!! tip "" ```sh helm repo update helm upgrade jms-k8s jumpserver/jumpserver -n default -f values.yaml - ``` - -!!! warning "注意" - - 也可以使用 --set key=value 的方式传参。 \ No newline at end of file + ``` \ No newline at end of file diff --git a/docs/installation/setup_linux_standalone/offline_install.md b/docs/installation/setup_linux_standalone/offline_install.md index 20262311..be357197 100644 --- a/docs/installation/setup_linux_standalone/offline_install.md +++ b/docs/installation/setup_linux_standalone/offline_install.md @@ -1,13 +1,16 @@ # 离线安装 -!!! info "离线包解压需要 tar 命令, 参考 [环境要求](./requirements.md) 手动安装" +!!! info "安装所需命令, 参考 [环境要求](./requirements.md) 手动安装" -| OS/Arch | Architecture | Linux Kernel | Offline Name | -| :------------ | :----------- | :----------- | :------------------------------------------------------------------------------------------- | -| linux/amd64 | x86_64 | >= 4.0 | jumpserver-offline-installer-{{ jumpserver.tag }}-amd64.tar.gz | +| OS/Arch | Architecture | Linux Kernel | Offline Name | +| :------------ | :----------- | :----------- | :----------------------------------------------- | +| linux/amd64 | x86_64 | >= 4.0 | jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz | ## 1. 安装部署 +!!! warning "" + - 离线安装目前只支持 linux/amd64 架构, 其他架构请参考 [在线安装](./online_install.md) + === "linux/amd64" !!! tip "" 从飞致云社区 [下载最新的 linux/amd64 离线包](https://community.fit2cloud.com/#/products/jumpserver/downloads){:target="_blank"}, 并上传到部署服务器的 /opt 目录 @@ -15,8 +18,8 @@ !!! tip "" ```sh cd /opt - tar -xf jumpserver-offline-installer-{{ jumpserver.tag }}-amd64.tar.gz - cd jumpserver-offline-installer-{{ jumpserver.tag }}-amd64 + tar -xf jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz + cd jumpserver-ce-{{ jumpserver.tag }}-x86_64 ``` ```sh # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改 @@ -25,92 +28,96 @@ ```vim # JumpServer configuration file example. # - # 如果不了解用途可以跳过修改此配置文件, 系统会自动填入 - # 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/ + # If you don't understand the purpose, you can skip modifying this configuration file, the system will automatically fill in + # Complete parameter documentation https://docs.jumpserver.org/zh/v3/guide/env/ - ################################## 镜像配置 ################################### + ################################# Image Configuration ################################# # - # 国内连接 docker.io 会超时或下载速度较慢, 开启此选项使用华为云镜像加速 - # 取代旧版本 DOCKER_IMAGE_PREFIX + # The connection to docker.io in China will timeout or the download speed will be slow, enable this option to use Huawei Cloud image acceleration + # Replace the old version DOCKER_IMAGE_PREFIX # # DOCKER_IMAGE_MIRROR=1 - ################################## 安装配置 ################################### + # Image pull policy Always, IfNotPresent + # Always means that the latest image will be pulled every time, IfNotPresent means that the image will be pulled only if it does not exist locally + # + # IMAGE_PULL_POLICY=Always + + ############################## Installation Configuration ############################# # - # JumpServer 数据库持久化目录, 默认情况下录像、任务日志都在此目录 - # 请根据实际情况修改, 升级时备份的数据库文件(.sql)和配置文件也会保存到该目录 + # JumpServer database persistence directory, by default, recordings, task logs are in this directory + # Please modify according to the actual situation, the database file (.sql) and configuration file backed up during the upgrade will also be saved to this directory # VOLUME_DIR=/data/jumpserver - # 加密密钥, 迁移请保证 SECRET_KEY 与旧环境一致, 请勿使用特殊字符串 + # Encryption key, please ensure that SECRET_KEY is consistent with the old environment when migrating, do not use special strings # (*) Warning: Keep this value secret. - # (*) 勿向任何人泄露 SECRET_KEY + # (*) Do not disclose SECRET_KEY to anyone # SECRET_KEY= - # 组件向 core 注册使用的 token, 迁移请保持 BOOTSTRAP_TOKEN 与旧环境一致, - # 请勿使用特殊字符串 + # The token used by the component to register with core, please keep BOOTSTRAP_TOKEN consistent with the old environment when migrating, + # Do not use special strings # (*) Warning: Keep this value secret. - # (*) 勿向任何人泄露 BOOTSTRAP_TOKEN + # (*) Do not disclose BOOTSTRAP_TOKEN to anyone # BOOTSTRAP_TOKEN= - # 日志等级 INFO, WARN, ERROR + # Log level INFO, WARN, ERROR # LOG_LEVEL=ERROR - # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改 + # The network segment used by the JumpServer container, please do not conflict with the existing network, modify according to the actual situation # DOCKER_SUBNET=192.168.250.0/24 - # ipv6 nat, 正常情况下无需开启 - # 如果宿主不支持 ipv6 开启此选项将会导致无法获取真实的客户端 ip 地址 + # ipv6 nat, no need to enable under normal circumstances + # If the host does not support ipv6, enabling this option will prevent the real client ip address from being obtained # USE_IPV6=0 DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64 - ################################# MySQL 配置 ################################## - # 外置 MySQL 需要输入正确的 MySQL 信息, 内置 MySQL 系统会自动处理 + ################################# DB Configuration #################################### + # For external databases, you need to enter the correct database information, the system will automatically handle the built-in database + # (*) The password part must not contain single quotes and double quotes # - DB_HOST=mysql - DB_PORT=3306 - DB_USER=root + DB_ENGINE=postgresql + DB_HOST=postgresql + DB_PORT=5432 + DB_USER=postgres DB_PASSWORD= DB_NAME=jumpserver - # 如果外置 MySQL 需要开启 TLS/SSL 连接, 参考 https://docs.jumpserver.org/zh/master/install/install_security/#ssl + # If external MySQL needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/mysql_ssl/ # - # DB_USE_SSL=True + # DB_USE_SSL=true - ################################# Redis 配置 ################################## - # 外置 Redis 需要请输入正确的 Redis 信息, 内置 Redis 系统会自动处理 + ################################# Redis Configuration ################################# + # For external Redis, please enter the correct Redis information, the system will automatically handle the built-in Redis + # (*) The password part must not contain single quotes and double quotes # REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD= - # 如果使用外置 Redis Sentinel, 请手动填写下面内容 + # If you are using external Redis Sentinel, please manually fill in the following content # # REDIS_SENTINEL_HOSTS=mymaster/192.168.100.1:26379,192.168.100.1:26380,192.168.100.1:26381 # REDIS_SENTINEL_PASSWORD=your_sentinel_password # REDIS_PASSWORD=your_redis_password # REDIS_SENTINEL_SOCKET_TIMEOUT=5 - # 如果外置 Redis 需要开启 TLS/SSL 连接, 参考 https://docs.jumpserver.org/zh/master/install/install_security/#redis-ssl + # If external Redis needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/redis_ssl/ # - # REDIS_USE_SSL=True + # REDIS_USE_SSL=true - ################################## 访问配置 ################################### - # 对外提供服务端口, 如果与现有服务冲突请自行修改 + ################################# Access Configuration ################################ + # The service port provided to the outside, if it conflicts with the existing service, please modify it yourself # HTTP_PORT=80 - SSH_PORT=2222 - MAGNUS_MYSQL_PORT=33061 - MAGNUS_MARIADB_PORT=33062 - MAGNUS_REDIS_PORT=63790 - ################################# HTTPS 配置 ################################# - # 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置 + ################################# HTTPS Configuration ################################# + # Refer to https://docs.jumpserver.org/zh/v3/installation/proxy/ for configuration # # HTTPS_PORT=443 # SERVER_NAME=your_domain_name @@ -118,53 +125,68 @@ # SSL_CERTIFICATE_KEY=your_cert_key # - # Nginx 文件上传下载大小限制 + # Nginx file upload and download size limit # CLIENT_MAX_BODY_SIZE=4096m - ################################## 组件配置 ################################### - # 组件注册使用, 默认情况下向 core 容器注册, 集群环境需要修改为集群 vip 地址 + ################################# Component Configuration ############################# + # Component registration use, by default, register to the core container, the cluster environment needs to be modified to the cluster vip address # CORE_HOST=http://core:8080 - PERIOD_TASK_ENABLED=True + PERIOD_TASK_ENABLED=true - # Core Session 定义, - # SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, - # SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期 + # Core Session definition, + # SESSION_COOKIE_AGE indicates how many seconds the session expires after idling, + # SESSION_EXPIRE_AT_BROWSER_CLOSE=true means that the session expires as soon as the browser is closed # # SESSION_COOKIE_AGE=86400 - SESSION_EXPIRE_AT_BROWSER_CLOSE=True + SESSION_EXPIRE_AT_BROWSER_CLOSE=false - # 可信任 DOMAINS 定义, - # 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP, - # DOMAINS="demo.jumpserver.org" - # DOMAINS="172.17.200.191" - # DOMAINS="demo.jumpserver.org,172.17.200.191" + # Trusted DOMAINS definition, + # Define the trusted access IP, please modify according to the actual situation, if it is a public IP, please change to the corresponding public IP, + # DOMAINS="demo.jumpserver.org:443" + # DOMAINS="172.17.200.191:80" + # DOMAINS="demo.jumpserver.org:443,172.17.200.191:80" DOMAINS= - # Lion 开启字体平滑, 优化体验 + # Configure the components that do not need to be started, by default all components will be started, if you do not need a certain component, you can set {component name}_ENABLED to 0 to turn it off + # CORE_ENABLED=0 + # CELERY_ENABLED=0 + # KOKO_ENABLED=0 + # LION_ENABLED=0 + # CHEN_ENABLED=0 + # WEB_ENABLED=0 + + # Lion enables font smoothing to optimize the experience # - JUMPSERVER_ENABLE_FONT_SMOOTHING=True + JUMPSERVER_ENABLE_FONT_SMOOTHING=true - ################################# XPack 配置 ################################# - # XPack 包, 开源版本设置无效 + ################################# XPack Configuration ################################# + # XPack package, invalid setting in open source version # + SSH_PORT=2222 RDP_PORT=3389 + XRDP_PORT=3390 + MAGNUS_MYSQL_PORT=33061 + MAGNUS_MARIADB_PORT=33062 + MAGNUS_REDIS_PORT=63790 MAGNUS_POSTGRESQL_PORT=54320 + MAGNUS_SQLSERVER_PORT=14330 MAGNUS_ORACLE_PORTS=30000-30030 - ################################## 其他配置 ################################## - # 终端使用宿主 HOSTNAME 标识, 首次安装自动生成 + ################################## Other Configuration ################################ + # The terminal uses the host HOSTNAME as the identifier, automatically generated during the first installation # SERVER_HOSTNAME=${HOSTNAME} - # 使用内置 SLB,如果 Web 页面获取到的客户端 IP 地址不正确,请将 USE_LB 设置为 0 - # USE_LB 设置为 1 时,使用配置 proxy_set_header X-Forwarded-For $remote_addr - # USE_LB 设置为 0 时,使用配置 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + # Use built-in SLB, if the client IP address obtained by the Web page is not correct, please set USE_LB to 0 + # When USE_LB is set to 1, use the configuration proxy_set_header X-Forwarded-For $remote_addr + # When USE_LB is set to 0, use the configuration proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for USE_LB=1 - # 当前运行的 JumpServer 版本号, 安装和升级完成后自动生成 + # The current running version number of JumpServer, automatically generated after installation and upgrade # + TZ=Asia/Shanghai CURRENT_VERSION= ``` ```sh @@ -179,7 +201,7 @@ !!! tip "" ```sh - cd jumpserver-offline-release-{{ jumpserver.tag }}-amd64 + cd jumpserver-ce-{{ jumpserver.tag }}-x86_64 # 启动 ./jmsctl.sh start @@ -199,7 +221,7 @@ ```sh 地址: http://:<服务运行端口> 用户名: admin - 密码: admin + 密码: ChangeMe ``` ![登录页面](../../img/online_install_01.png) diff --git a/docs/installation/setup_linux_standalone/offline_upgrade.md b/docs/installation/setup_linux_standalone/offline_upgrade.md index 2e32f81c..921e0f9c 100644 --- a/docs/installation/setup_linux_standalone/offline_upgrade.md +++ b/docs/installation/setup_linux_standalone/offline_upgrade.md @@ -1,18 +1,25 @@ # 离线升级 -!!! warning "v3 版本与 v2 版本存在一定的差异,如需 v2 版本升级至 v3 版本 [请先阅读此文档](https://kb.fit2cloud.com/?p=06638d69-f109-4333-b5bf-65b17b297ed9){:target="_blank"}" +!!! warning "升级到 v4 前需要先升级到 v3 最新版本,否则升级将会直接失败" -!!! info "升级前请先参考 [升级或迁移须知](../upgrade_notice.md)" +| OS/Arch | Architecture | Linux Kernel | Offline Name | +| :------------ | :----------- | :----------- | :----------------------------------------------- | +| linux/amd64 | x86_64 | >= 4.0 | jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz | -=== "离线升级(linux/amd64)" +## 1. 升级部署 + +!!! warning "" + - 离线升级目前只支持 linux/amd64 架构,其他架构升级请参考 [在线升级](./online_upgrade.md) + +=== "linux/amd64" !!! tip "" 从飞致云社区 [下载最新的 linux/amd64 离线包](https://community.fit2cloud.com/#/products/jumpserver/downloads){:target="_blank"}, 并上传到部署服务器的 /opt 目录。 !!! tip "" ```sh cd /opt - tar -xf jumpserver-offline-installer-{{ jumpserver.tag }}-amd64.tar.gz - cd jumpserver-offline-installer-{{ jumpserver.tag }}-amd64 + tar -xf jumpserver-ce-{{ jumpserver.tag }}-x86_64.tar.gz + cd jumpserver-ce-{{ jumpserver.tag }}-x86_64 ``` ```sh ./jmsctl.sh upgrade diff --git a/docs/installation/setup_linux_standalone/online_install.md b/docs/installation/setup_linux_standalone/online_install.md index 18169fdd..885f684e 100644 --- a/docs/installation/setup_linux_standalone/online_install.md +++ b/docs/installation/setup_linux_standalone/online_install.md @@ -1,59 +1,213 @@ # 在线安装 -!!! tip "[JumpServer 部署环境要求可点击后进行参考](../setup_linux_standalone/requirements.md)" +!!! info "安装所需命令, 参考 [环境要求](./requirements.md) 手动安装" + +| OS/Arch | Architecture | Linux Kernel | Offline Name | +| :------------ | :----------- | :----------- | :----------------------------------------------- | +| linux/amd64 | x86_64 | >= 4.0 | jumpserver-installer-{{ jumpserver.tag }}.tar.gz | + + +??? info "可以使用由 [华为云](https://www.huaweicloud.com/) 提供的容器镜像服务" + | 区域 | 镜像仓库地址 | /opt/jumpserver/config/config.txt | Kubernetes values.yaml | OS/ARCH | + | :----------- | :----------------------------------- | --------------------------------- | --------------------------------------------------- | -------------- | + | 华北-北京一 | swr.cn-north-1.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.cn-north-1.myhuaweicloud.com | linux/amd64 | + | 华南-广州 | swr.cn-south-1.myhuaweicloud.com | DOCKER_IMAGE_MIRROR=1 | imageRegistry: swr.cn-south-1.myhuaweicloud.com | linux/amd64 | ## 1. 安装部署 === "中国大陆" !!! tip "" -
- ```console - // root@localhost:/opt# - $ curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash - - ---> 100% - [Success]: download install script to /opt/jumpserver-installer-{{jumpserver.tag}} - [Info]: Start executing the installation script. - [Info]: In an automated script deployment, note the message prompts on the screen. - ---> 100% - [Success]: The Installation is Complete. - - For more commands, you can enter jmsctl --help to view help information. + ```sh + cd /opt + wget https://resource.fit2cloud.com/jumpserver/installer/releases/download/{{ jumpserver.tag }}/jumpserver-installer-{{ jumpserver.tag }}.tar.gz + tar -xf jumpserver-installer-{{ jumpserver.tag }}.tar.gz + cd jumpserver-installer-{{ jumpserver.tag }} ``` -
+ === "其他地区" !!! tip "" -
- ```console - // root@localhost:/opt# - $ curl -sSL https://github.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash - - ---> 100% - [Success]: download install script to /opt/jumpserver-installer-{{jumpserver.tag}} - [Info]: Start executing the installation script. - [Info]: In an automated script deployment, note the message prompts on the screen. - ---> 100% - [Success]: The Installation is Complete. - - For more commands, you can enter jmsctl --help to view help information. + ```sh + cd /opt + wget https://github.com/jumpserver/installer/releases/download/{{ jumpserver.tag }}/jumpserver-installer-{{ jumpserver.tag }}.tar.gz + tar -xf jumpserver-installer-{{ jumpserver.tag }}.tar.gz + cd jumpserver-installer-{{ jumpserver.tag }} ``` -
- -!!! tip "提示" - - 首次安装后需要修改配置文件,定义 DOMAINS 字段后即可正常使用 - - 如果服务器是一键安装并且旧版本就已经使用 JumpServer 开启了 HTTPS,则不需要进行任何更改。 - - 需要使用 IP 地址来访问 JumpServer 的场景,可以根据自己的 IP 类型来填写 config.txt 配置文件中 DOMAINS 字段为公网 IP 还是内网 IP。 +!!! tip "" + ```sh + # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改 + cat config-example.txt + ``` + ```vim + # JumpServer configuration file example. + # + # If you don't understand the purpose, you can skip modifying this configuration file, the system will automatically fill in + # Complete parameter documentation https://docs.jumpserver.org/zh/v3/guide/env/ + + ################################# Image Configuration ################################# + # + # The connection to docker.io in China will timeout or the download speed will be slow, enable this option to use Huawei Cloud image acceleration + # Replace the old version DOCKER_IMAGE_PREFIX + # + # DOCKER_IMAGE_MIRROR=1 + + # Image pull policy Always, IfNotPresent + # Always means that the latest image will be pulled every time, IfNotPresent means that the image will be pulled only if it does not exist locally + # + # IMAGE_PULL_POLICY=Always + + ############################## Installation Configuration ############################# + # + # JumpServer database persistence directory, by default, recordings, task logs are in this directory + # Please modify according to the actual situation, the database file (.sql) and configuration file backed up during the upgrade will also be saved to this directory + # + VOLUME_DIR=/data/jumpserver + + # Encryption key, please ensure that SECRET_KEY is consistent with the old environment when migrating, do not use special strings + # (*) Warning: Keep this value secret. + # (*) Do not disclose SECRET_KEY to anyone + # + SECRET_KEY= + + # The token used by the component to register with core, please keep BOOTSTRAP_TOKEN consistent with the old environment when migrating, + # Do not use special strings + # (*) Warning: Keep this value secret. + # (*) Do not disclose BOOTSTRAP_TOKEN to anyone + # + BOOTSTRAP_TOKEN= + + # Log level INFO, WARN, ERROR + # + LOG_LEVEL=ERROR + + # The network segment used by the JumpServer container, please do not conflict with the existing network, modify according to the actual situation + # + DOCKER_SUBNET=192.168.250.0/24 + + # ipv6 nat, no need to enable under normal circumstances + # If the host does not support ipv6, enabling this option will prevent the real client ip address from being obtained + # + USE_IPV6=0 + DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64 + + ################################# DB Configuration #################################### + # For external databases, you need to enter the correct database information, the system will automatically handle the built-in database + # (*) The password part must not contain single quotes and double quotes + # + DB_ENGINE=postgresql + DB_HOST=postgresql + DB_PORT=5432 + DB_USER=postgres + DB_PASSWORD= + DB_NAME=jumpserver + + # If external MySQL needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/mysql_ssl/ + # + # DB_USE_SSL=true + + ################################# Redis Configuration ################################# + # For external Redis, please enter the correct Redis information, the system will automatically handle the built-in Redis + # (*) The password part must not contain single quotes and double quotes + # + REDIS_HOST=redis + REDIS_PORT=6379 + REDIS_PASSWORD= + + # If you are using external Redis Sentinel, please manually fill in the following content + # + # REDIS_SENTINEL_HOSTS=mymaster/192.168.100.1:26379,192.168.100.1:26380,192.168.100.1:26381 + # REDIS_SENTINEL_PASSWORD=your_sentinel_password + # REDIS_PASSWORD=your_redis_password + # REDIS_SENTINEL_SOCKET_TIMEOUT=5 + + # If external Redis needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/redis_ssl/ + # + # REDIS_USE_SSL=true + + ################################# Access Configuration ################################ + # The service port provided to the outside, if it conflicts with the existing service, please modify it yourself + # + HTTP_PORT=80 + + ################################# HTTPS Configuration ################################# + # Refer to https://docs.jumpserver.org/zh/v3/installation/proxy/ for configuration + # + # HTTPS_PORT=443 + # SERVER_NAME=your_domain_name + # SSL_CERTIFICATE=your_cert + # SSL_CERTIFICATE_KEY=your_cert_key + # + + # Nginx file upload and download size limit + # + CLIENT_MAX_BODY_SIZE=4096m + + ################################# Component Configuration ############################# + # Component registration use, by default, register to the core container, the cluster environment needs to be modified to the cluster vip address + # + CORE_HOST=http://core:8080 + PERIOD_TASK_ENABLED=true + + # Core Session definition, + # SESSION_COOKIE_AGE indicates how many seconds the session expires after idling, + # SESSION_EXPIRE_AT_BROWSER_CLOSE=true means that the session expires as soon as the browser is closed + # + # SESSION_COOKIE_AGE=86400 + SESSION_EXPIRE_AT_BROWSER_CLOSE=false + + # Trusted DOMAINS definition, + # Define the trusted access IP, please modify according to the actual situation, if it is a public IP, please change to the corresponding public IP, + # DOMAINS="demo.jumpserver.org:443" + # DOMAINS="172.17.200.191:80" + # DOMAINS="demo.jumpserver.org:443,172.17.200.191:80" + DOMAINS= + + # Configure the components that do not need to be started, by default all components will be started, if you do not need a certain component, you can set {component name}_ENABLED to 0 to turn it off + # CORE_ENABLED=0 + # CELERY_ENABLED=0 + # KOKO_ENABLED=0 + # LION_ENABLED=0 + # CHEN_ENABLED=0 + # WEB_ENABLED=0 + + # Lion enables font smoothing to optimize the experience + # + JUMPSERVER_ENABLE_FONT_SMOOTHING=true + + ################################# XPack Configuration ################################# + # XPack package, invalid setting in open source version + # + SSH_PORT=2222 + RDP_PORT=3389 + XRDP_PORT=3390 + MAGNUS_MYSQL_PORT=33061 + MAGNUS_MARIADB_PORT=33062 + MAGNUS_REDIS_PORT=63790 + MAGNUS_POSTGRESQL_PORT=54320 + MAGNUS_SQLSERVER_PORT=14330 + MAGNUS_ORACLE_PORTS=30000-30030 + + ################################## Other Configuration ################################ + # The terminal uses the host HOSTNAME as the identifier, automatically generated during the first installation + # + SERVER_HOSTNAME=${HOSTNAME} + + # Use built-in SLB, if the client IP address obtained by the Web page is not correct, please set USE_LB to 0 + # When USE_LB is set to 1, use the configuration proxy_set_header X-Forwarded-For $remote_addr + # When USE_LB is set to 0, use the configuration proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + USE_LB=1 + + # The current running version number of JumpServer, automatically generated after installation and upgrade + # + TZ=Asia/Shanghai + CURRENT_VERSION= ``` - # 打开config.txt 配置文件,定义 DOMAINS 字段 - vim /opt/jumpserver/config/config.txt - - # 可信任 DOMAINS 定义, - # 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP, - # DOMAINS="demo.jumpserver.org" # 使用域名访问 - # DOMAINS="172.17.200.191" # 使用 IP 访问 - # DOMAINS="demo.jumpserver.org,172.17.200.191" # 使用 IP 和 域名一起访问 - DOMAINS= + ```sh + # 安装 + ./jmsctl.sh install + + # 启动 + ./jmsctl.sh start ``` !!! info "安装完成后 JumpServer 配置文件路径为: /opt/jumpserver/config/config.txt" @@ -80,6 +234,6 @@ ```sh 地址: http://:<服务运行端口> 用户名: admin - 密码: admin + 密码: ChangeMe ``` ![登录页面](../../img/online_install_01.png) diff --git a/docs/installation/setup_linux_standalone/online_upgrade.md b/docs/installation/setup_linux_standalone/online_upgrade.md index 937565bd..7304373a 100644 --- a/docs/installation/setup_linux_standalone/online_upgrade.md +++ b/docs/installation/setup_linux_standalone/online_upgrade.md @@ -1,8 +1,12 @@ # 在线升级 -!!! warning "v3 版本与 v2 版本存在一定的差异,如需 v2 版本升级至 v3 版本 [请先阅读此文档](https://kb.fit2cloud.com/?p=06638d69-f109-4333-b5bf-65b17b297ed9){:target="_blank"}" +!!! warning "升级到 v4 前需要先升级到 v3 最新版本,否则升级将会直接失败" -!!! info "升级前请先参考 [升级或迁移须知](../upgrade_notice.md)" +| OS/Arch | Architecture | Linux Kernel | Offline Name | +| :------------ | :----------- | :----------- | :----------------------------------------------- | +| linux/amd64 | x86_64 | >= 4.0 | jumpserver-installer-{{ jumpserver.tag }}.tar.gz | + +## 1. 升级部署 === "中国大陆" !!! tip "" diff --git a/docs/installation/setup_linux_standalone/requirements.md b/docs/installation/setup_linux_standalone/requirements.md index 769bc83b..2ea75762 100644 --- a/docs/installation/setup_linux_standalone/requirements.md +++ b/docs/installation/setup_linux_standalone/requirements.md @@ -4,14 +4,12 @@ !!! tip "" - 支持主流 Linux 发行版本(基于 Debian / RedHat,包括国产操作系统) - - Gentoo / Arch Linux 请通过 [源码安装](../source_install/requirements.md) + - Gentoo / Arch Linux 请通过源码安装 | 操作系统 | 架构 | Linux 内核 | 软件要求 | 最小化硬件配置 | -| :------------ | :----------- | :------------ | :------------------------------------ | :-------------------- | +| :------------ | :----------- | :-------- | :------------------------------------ | :-------------------- | | linux/amd64 | x86_64 | >= 4.0 | wget curl tar gettext iptables python | 2Core/8GB RAM/60G HDD | | linux/arm64 | aarch64 | >= 4.0 | wget curl tar gettext iptables python | 2Core/8GB RAM/60G HDD | -| linux/loong64 | loongarch64 | == 4.19 | wget curl tar gettext iptables python | 2Core/8GB RAM/60G HDD | - === "Debian / Ubuntu" !!! tip "" @@ -27,15 +25,13 @@ yum install -y wget curl tar gettext iptables ``` ## 2 数据库 -!!! tip "" - **JumpServer 需要使用 MySQL 或 MariaDB 存储数据,使用 Redis 缓存数据,如果有自建数据库或云数据库的使用需求请参考下列的数据库环境要求:** -!!! tip "我们支持[数据库 SSL 连接](../security_setup/mysql_ssl.md) 和 [Redis SSL 连接](../security_setup/redis_ssl.md)" +!!! tip "JumpServer 需要使用 PostgreSQL、MySQL 或 MariaDB 存储数据,使用 Redis 缓存数据" - -| 名称 | 版本 | 默认字符集 | 默认字符编码 | TLS/SSL | -| :------ | :------ | :--------------- | :----------------- | :--------------- | -| MySQL | >= 5.7 | utf8 | utf8_general_ci | :material-check: | -| MariaDB | >= 10.6 | utf8mb3 | utf8mb3_general_ci | :material-check: | +| 名称 | 版本 | 默认字符集 | 默认字符编码 | TLS/SSL | +| :--------- | :------ | :--------------- | :----------------- | :--------------- | +| PostgreSQL | >= 9.6 | UTF8 | en_US.utf8 | :material-check: | +| MySQL | >= 5.7 | utf8 | utf8_general_ci | :material-check: | +| MariaDB | >= 10.6 | utf8mb3 | utf8mb3_general_ci | :material-check: | | 名称 | 版本 | Sentinel | Cluster | TLS/SSL | | :------ | :------ | :--------------- | :----------------- | :--------------- | @@ -43,6 +39,21 @@ !!! tip "创建数据库 SQL 参考" + +=== "PostgreSQL" + !!! tip "" + ```pgsql + create database jumpserver with encoding='UTF8'; + ``` + ```pgsql + postgres=# \l + List of databases + Name | Owner | Encoding | Locale Provider | Collate | Ctype | ICU Locale | ICU Rules | Access privileges + --------------+------------+----------+-----------------+------------+------------+------------+-----------+----------------------- + jumpserver | postgres | UTF8 | libc | en_US.utf8 | en_US.utf8 | | | + (1 rows) + ``` + === "MySQL" !!! tip "" ```mysql diff --git a/docs/quick_start.md b/docs/quick_start.md index 2b044a4a..927ca99d 100644 --- a/docs/quick_start.md +++ b/docs/quick_start.md @@ -39,28 +39,11 @@ ``` -!!! tip "提示" - - 首次安装后需要修改配置文件,定义 DOMAINS 字段后即可正常使用。 - - 如果服务器是一键安装并且旧版本就已经使用 JumpServer 开启了 HTTPS,则不需要进行任何更改。 - - 需要使用 IP 地址来访问 JumpServer 的场景,可以根据自己的 IP 类型来填写 config.txt 配置文件中 DOMAINS 字段为公网 IP 还是内网 IP。 - - ``` - # 打开config.txt 配置文件,定义 DOMAINS 字段 - vim /opt/jumpserver/config/config.txt - - # 可信任 DOMAINS 定义, - # 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP, - # DOMAINS="demo.jumpserver.org" # 使用域名访问 - # DOMAINS="172.17.200.191" # 使用 IP 访问 - # DOMAINS="demo.jumpserver.org,172.17.200.191" # 使用 IP 和 域名一起访问 - DOMAINS= - ``` - !!! info "安装成功后,通过浏览器访问登录 JumpServer" ```sh 地址: http://:<服务运行端口> 用户名: admin - 密码: admin + 密码: ChangeMe ``` ## 2 资产管理 @@ -90,7 +73,7 @@ Default ├─ SSH Server └─ RDP Server - └─ DB + └─ DB Server ``` !!! warning "注意" @@ -136,18 +119,18 @@ !!! tip "" - | 名称 | 地址 | 节点 | 数据库 | 协议组 | 账号列表 | - | ------------ | ----- | ------------ | ---- | ----- | ----- | - | test_mysql01 | 172.16.80.31 | /Default/DB | test | mysql:3306 | 添加 | + | 名称 | 地址 | 节点 | 数据库 | 协议组 | 账号列表 | + | ------------ | ------------ | ------------------ | ----- | ----------- | -------- | + | test_mysql01 | 172.16.80.31 | /Default/DB Server | test | mysql:3306 | 添加 | !!! tip "" - 添加登录数据库用户样式如下: !!! tip "" - | 名称 | 用户名 | 特权用户 | 密文类型 | 密码 | - | ----------------- | ----- | ------ | ------- | -------- | - | 172.16.80.23_root | root | root | 密码 |Test2020.M | + | 名称 | 用户名 | 特权用户 | 密文类型 | 密码 | + | ----------------- | ----- | ------ | ------- | ---------- | + | 172.16.80.23_root | root | root | 密码 | Test2020.M | !!! warning "注意" - 名称、主机、数据库选项为必填项。 @@ -215,15 +198,6 @@ !!! warning "注意" - 不可以同时勾选 `使用 SSL` 和 `使用 TLS`。 -=== "EXCHANGE" - !!! tip "" - - | 名称 | 示例 | 备注 | - | ---------- | ---------------- | ---------------------------------- | - | EXCHANGE主机 | smtp.qq.com | 服务商提供的 smtp 服务器 | - | EXCHANGE帐号 | **********@qq.com | 通常是 `user@domain.com` | - | EXCHANGE密码 | **************** | 一些邮件提供商需要输入的是授权码 | - ## 6 常用功能操作 !!! tip "" diff --git a/mkdocs.yml b/mkdocs.yml index 2d16e67b..fb113c02 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -39,157 +39,25 @@ theme: nav: - 产品介绍: index.md - 快速入门: quick_start.md - - 系统架构: architecture.md - 安装部署: - - 网络端口说明: installation/network_port.md - Linux 单机部署: - 环境要求: installation/setup_linux_standalone/requirements.md - - 离线安装: installation/setup_linux_standalone/offline_install.md - - 离线升级: installation/setup_linux_standalone/offline_upgrade.md - - 1Panel 安装: installation/setup_linux_standalone/1panel_install.md - 在线安装: installation/setup_linux_standalone/online_install.md + - 离线安装: installation/setup_linux_standalone/offline_install.md - 在线升级: installation/setup_linux_standalone/online_upgrade.md - - Linux 集群模式部署: - - 准备工作: installation/setup_linux_lb/requirements.md - - 部署 NFS 服务: installation/setup_linux_lb/nfs_install.md - - 部署 MySQL 服务: installation/setup_linux_lb/mysql_install.md - - 部署 Redis 服务: installation/setup_linux_lb/redis_install.md - - 部署 JumpServer 01 节点: installation/setup_linux_lb/installation_node01.md - - 部署 JumpServer 02 节点: installation/setup_linux_lb/installation_node02.md - - 部署 JumpServer 03 节点: installation/setup_linux_lb/installation_node03.md - - 部署 JumpServer 04 节点: installation/setup_linux_lb/installation_node04.md - - 部署 HAProxy 服务: installation/setup_linux_lb/haproxy_install.md - - 部署 MinIO 服务: installation/setup_linux_lb/minio_install.md - - 部署 Elasticsearch 服务: installation/setup_linux_lb/elasticsearch_install.md - - 注意事项: installation/setup_linux_lb/linux_lb_upgrade.md + - 离线升级: installation/setup_linux_standalone/offline_upgrade.md - Kubernetes Helm 模式部署: - 在线安装: installation/setup_kubernetes/helm_online_install.md - 在线升级: installation/setup_kubernetes/helm_online_upgrade.md - - 源码部署: - - 环境说明: installation/source_install/requirements.md - - Core 环境部署: installation/source_install/core_install.md - - Lina 环境部署: installation/source_install/lina_install.md - - Luna 环境部署: installation/source_install/luna_install.md - - KoKo 环境部署: installation/source_install/koko_install.md - - Lion 环境部署: installation/source_install/lion_install.md - - Magnus 环境部署: installation/source_install/magnus_install.md - - Nginx 环境部署: installation/source_install/nginx_install.md - - JumpServer 环境整合: installation/source_install/merge_jumpserver.md - - 迁移文档: installation/migration.md - - 升级须知: installation/upgrade_notice.md - - 反向代理: installation/proxy.md - - 资源下载: installation/download.md - - 命令行工具: installation/jmsctl_sh.md - - 数据库加密连接: - - 数据库 SSL 连接: installation/security_setup/mysql_ssl.md - - Redis SSL 连接: installation/security_setup/redis_ssl.md - - 功能手册: - - 页面说明: guide/index_description.md - - 通用功能: guide/currency.md - - 资产要求: - - Telnet: guide/asset_requirements/telnet.md - - Linux SSH: guide/asset_requirements/linux_ssh.md - - Linux VNC: guide/asset_requirements/linux_vnc.md - - macOS VNC: guide/asset_requirements/macos_vnc.md - - Windows SSH: guide/asset_requirements/windows_ssh.md - - Windows VNC: guide/asset_requirements/windows_vnc.md - - Windows RDP: guide/asset_requirements/windows_rdp.md - - MySQL: guide/asset_requirements/mysql.md - - Kubernetes: guide/asset_requirements/kubernetes.md - - 管理手册: - - 仪表盘: guide/admin/dashboard.md - - 用户管理: - - 用户列表: guide/admin/user/user_list.md - - 用户组: guide/admin/user/user_group.md - - 角色列表 (X-Pack): guide/admin/user/role_list.md - - 资产管理: - - 资产列表: guide/admin/asset/asset_list.md - - 网域列表: guide/admin/asset/domain_list.md - - 平台列表: guide/admin/asset/platform_list.md - - 账号管理: - - 账号列表: guide/admin/account/account_list.md - - 账号模版: guide/admin/account/account_template.md - - 账号推送: guide/admin/account/account_push.md - - 账号收集 (X-Pack): guide/admin/account/account_gather.md - - 账号改密 (X-Pack): guide/admin/account/account_change_secret.md - - 账号备份 (X-Pack): guide/admin/account/account_backup.md - - 权限管理: - - 资产授权: guide/admin/permission/asset_permissions.md - - 用户登录: guide/admin/permission/user_acls.md - - 命令过滤: guide/admin/permission/cmd_acls.md - - 资产登录 (X-Pack): guide/admin/permission/host_acls.md - - 连接方式(X-Pack): guide/admin/permission/connect_method_acls.md - - 更多选项: - - 标签列表: guide/admin/more_options/label_list.md - - 工单 (X-Pack): guide/admin/admin_tickets.md - - 审计手册: - - 仪表盘: guide/audit/dashboard.md - - 会话审计: - - 会话记录: guide/audit/session_audit/session_record.md - - 命令记录: guide/audit/session_audit/command_record.md - - 文件传输: guide/audit/session_audit/ftp.md - - 日志审计: - - 登录日志: guide/audit/log_audit/login_log.md - - 操作日志: guide/audit/log_audit/operation_log.md - - 改密日志: guide/audit/log_audit/secret_change_log.md - - 作业日志: guide/audit/log_audit/job_log.md - - 用户手册: - - 概览页: guide/user/index_overview.md - - 个人信息: - - 用户信息: guide/user/personal_information/user_information.md - - 认证设置: guide/user/personal_information/authentication_settings.md - - 偏好设置: guide/user/personal_information/preference_settings.md - - API Key: guide/user/personal_information/api_key.md - - 临时密码: guide/user/personal_information/temporary_passwd.md - - 连接令牌: guide/user/personal_information/connect_token.md - - Passkey: guide/user/personal_information/passkey.md - - 我的资产: guide/user/my_asset.md - - Web 终端: guide/user/web_terminal.md - - 文件管理: guide/user/file_management.md - - 作业中心: - - 快捷命令: guide/user/ops/quick_command.md - - 作业管理: guide/user/ops/job_management.md - - 模版管理: guide/user/ops/template_management.md - - 执行历史: guide/user/ops/execution_history.md - - 工单 (X-Pack): guide/user/user_tickets.md - - 系统设置: - - 概览页: guide/system/index_overview.md - - 基本设置: guide/system/basic.md - - 组织管理 (X-Pack): guide/system/organization.md - - 消息通知: guide/system/message.md - - 功能设置: guide/system/function.md - - 认证设置: - - MFA: guide/system/authentication/mfa.md - - LDAP: guide/system/authentication/ldap.md - - CAS: guide/system/authentication/cas.md - - Passkey: guide/system/authentication/passkey.md - - SSO (X-Pack): guide/system/authentication/sso.md - - OpenID (X-Pack): guide/system/authentication/openid.md - - SAML2 (X-Pack): guide/system/authentication/saml2.md - - Slack (X-Pack): guide/system/authentication/slack.md - - Radius (X-Pack): guide/system/authentication/radius.md - - 钉钉 (X-Pack): guide/system/authentication/dingtalk.md - - 微信 (X-Pack): guide/system/authentication/wechat.md - - 飞书 (X-Pack): guide/system/authentication/feishu.md - - 存储设置: guide/system/storages.md - - 组件设置: guide/system/component.md - - 远程应用: guide/system/remoteapp.md - - 安全设置: guide/system/security.md - - 界面设置 (X-Pack): guide/system/index_logo.md - - 系统工具: guide/system/tools.md - - 系统任务: guide/system/tasks.md - - 参数说明: guide/env.md - - 存储说明: guide/storages.md - - 最佳实践: best_practices.md - 常见问题: - 产品 FAQ: faq/faq.md - 安全建议: faq/security.md - - 企业版: faq/enterprise.md + - 企业版: https://www.jumpserver.org/enterprise.html - 开发文档: - API 文档: dev/rest_api.md - 交互命令: dev/shell.md - 用户案例: user_stories.md - - 更新日志: change_log.md + - 更新日志: https://github.com/jumpserver/jumpserver/releases/latest - 技术咨询: https://jinshuju.net/f/sQ91MK - 联系我们: contact.md @@ -238,9 +106,7 @@ markdown_extensions: extra: jumpserver: - tag: v3.10.10 - jmservisor: v1.2.5 - wisp: v0.1.16 + tag: v4.1.0 search: separator: '[\s\-\.]+' language: 'zh' diff --git a/theme/main.html b/theme/main.html index 4e6a3769..6a1cfe7e 100644 --- a/theme/main.html +++ b/theme/main.html @@ -15,26 +15,6 @@ {{ super() }} {% endblock styles %} -{% block content %} - {{ super() }} - -{% endblock %} - - {% block footer %}