本地无外网的 CentOS7 与 Python2.7 环境下搭建, 采用下载源码方式安装;
1、外网先下载安装 GateOne
源码地址:https://github.com/liftoff/GateOne
下载git源码或者zip包到部署目录;
2、安装检查本地环境需求 与 源码安装需要的模块
python 运行 源码或zip包中的 run_gateone.py 文件
python run_gateone.py
按提示下载安装需要的Python模块,
例如如果有外网可以直接pip命令安装
pip install tornado==4 //备注tornado版本高会有异常,建议版本4 pip install certifi==2016.8.31 pip install --upgrade futures pip install --upgrade html5lib如果无外网需要手动下载python模块并源码安装;
例如下载与源码安装如下模块:
wget https://files.pythonhosted.org/packages/3f/69/dd214321e2d85baa95873536974a2d0e38ffffb492769e09a0ecd22d7316/tornado-4.0.tar.gz wget https://files.pythonhosted.org/packages/1c/d1/0133a5084f0d17db0270c6061e824a11b0e417d743f5ff4c594f4090ed89/certifi-2016.8.31.tar.gz wget https://files.pythonhosted.org/packages/56/99/75ceaebf317cb027319909ed09ee117388f0d53ba0880520952a0e8a8458/futures-3.4.0.tar.gz wget https://files.pythonhosted.org/packages/0b/02/ae6ceac1baeda530866a85075641cec12989bd8d31af6d5ab4a3e8c92f47/webencodings-0.5.1.tar.gz wget https://files.pythonhosted.org/packages/71/39/171f1c67cd00715f190ba0b100d606d440a28c93c7714febeca8b79af85e/six-1.16.0.tar.gz wget https://files.pythonhosted.org/packages/ac/b6/b55c3f49042f1df3dcd422b7f224f939892ee94f22abcf503a9b7339eaf2/html5lib-1.1.tar.gz
下载模块后逐个解压,进入解压目录后运行安装命令
python setup.py install
如果环境有提示报错或还缺其他模块,可按提示排查或继续下载模块进行源码安装;
直到 运行 “python run_gateone.py” 正常看到端口(默认10443)被启动后,表示安装环境的需求已无问题;
3、配置文件修改
GateOne 配置如下:
默认配置文件存在于部署目录的 “conf.d” 下,其中 主要修改 10server.conf 的 //###### 位置
// This is Gate One's main settings file. { // "gateone" server-wide settings fall under "*" "*": { "gateone": { // These settings apply to all of Gate One "address": "", "ca_certs": null, "cache_dir": "/home/szbz/s/s/cache", "certificate": "/home/szbz/s/s/ssl/certificate.pem", "cookie_secret": "YjJhZDEzNTQ2ZmVlNGFiMzg4ZDU4NGU2NjM1YzJjYmI0N", "debug": false, "disable_ssl": true,//######是否关闭SSL访问,默认是开启SSL访问,此处不需要SSL访问就修改为 true "embedded": false, "enable_unix_socket": false, "gid": "0", "https_redirect": false, "js_init": "", "keyfile": "/home/szbz/s/s/ssl/keyfile.pem", "locale": "en_US", "log_file_max_size": 100000000, "log_file_num_backups": 10, "log_file_prefix": "/home/szbz/s/s/logs/gateone.log", "log_to_stderr": null, "logging": "info", "multiprocessing_workers": null, "origins": ["localhost:10443", "127.0.0.1:10443", "10.55.232.18:10443"],//######此处需要本服务器本地IP与端口 以及 外网出口或外网代理的IP与端口都下上,不然无法访问或WS(WSS) 异常 "pid_file": "/home/szbz/s/s/gateone.pid", "port": 10443, "session_dir": "/home/szbz/s/s/sessions", "session_timeout": "5d", "syslog_facility": "daemon", "uid": "0", "unix_socket_mode": "0600", "unix_socket_path": "/tmp/gateone.sock", "url_prefix": "/s/",//######此处默认是/,如果需要结合nginx反向代理到nginx的WEB二级目录对外提供服务,此处设置nginx代理目录名称 "user_dir": "/home/szbz/s/s/users", "user_logs_max_age": "30d" } } }
Nginx 反向代理配置如下:
map $http_upgrade $connection_upgrade { default upgrade; '' close; } #以上map设置Nginx支持上联websocket通信 upstream gateone_backend { server 127.0.0.1:10443; #gateone 运行在本地的 10443 端口 } server { listen 8090; server_name 10.55.232.18; add_header Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' https://view.officeapps.live.com https://*.kodcloud.com; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self';"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options SAMEORIGIN always; add_header Strict-Transport-Security "max-age=63072001; includeSubDomains; preload" always; add_header 'Referrer-Policy' 'origin'; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Download-Options noopen; root /home/www/api; index index.html index.htm index.php; location /s/{ auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/.htpasswd;//配置BasicAuth的认证服务 proxy_pass http://gateone_backend; # 转发到上面定义的 upstream proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # 异常反馈 备注以下三行需要注释 ##if (!-e $request_filename) { ## return 404; ##} error_page 404 /404.html; }
4、 安装与系统服务设置
配置文件修改完成后,本地部署目录运行安装命令
python setup.py install
默认安装完成后执行程序为/usr/bin/gateone,其会在systemctl 下产生相关服务。可以通过如下命令启动和配置开机自启动。
systemctl start gateone systemctl enable gateone
浏览器访问 https://xxxxx 即可看到以下页面:
如果浏览器无法访问,则检查gateone服务文件内容相关是否正确;
例如修改 服务文件 gateone.service
用户自定义系统服务存储目录 /usr/lib/systemd/system/
系统服务文件存储目录 /etc/systemd/system/
服务文件内容如下:
[Unit] Description=Web-based terminal After=network.target remote-fs.target nss-lookup.target [Service] Type=simple PIDFile=/tmp/gateone.pid WorkingDirectory=/var/lib/gateone //###### 检查目录是否存在 是否有权限写入 ExecStart=/usr/bin/gateone //###### 检查文件是否存在 是否有权限执行 Restart=on-abort [Install] WantedBy=multi-user.target
如果修改后,重新启动 gateone 服务仍然无法启动gateone服务(端口), 请检查gateone配置文件中日志文件,根据日志文件提示排查解决;
微信扫码添加微信好友