跳板机器搭建

最新推荐文章于 2025-03-05 03:05:27 发布
最新推荐文章于 2025-03-05 03:05:27 发布
阅读量971 收藏 10
点赞数 10
文章标签: linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/cojn52/article/details/135946518
版权 
前提是安装docker和docker-compose

[root@nginx ~]#  cd /data
[root@nginx data]# mkdir -p  /data/conf
[root@nginx data]# cat docker-compose.yml
version: '3'
services:
  openvpn:
    cap_add:
     - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
     - "1194:1194"
    restart: always
    privileged: true
    volumes:
     - /data/conf:/etc/openvpn
## 把后面的 udp 改成自己的网址  也可以是tcp    
[root@nginx data]# docker-compose run --rm openvpn ovpn_genconfig -u tcp://公网ip
Creating network "data_default" with the default driver
Pulling openvpn (kylemanna/openvpn:)...
latest: Pulling from kylemanna/openvpn
188c0c94c7c5: Pull complete
e470f824352c: Pull complete
d6ed0c7c142e: Pull complete
74586f3c5cd4: Pull complete
cb26244a2b2a: Pull complete
Digest: sha256:643531abb010a088f1e23a1c99d44f0bd417a3dbb483f809caf4396b5c9829a0
Status: Downloaded newer image for kylemanna/openvpn:latest
Creating data_openvpn_run ... done
Processing PUSH Config: 'block-outside-dns'
Processing Route Config: '192.168.254.0/24'
Processing PUSH Config: 'dhcp-option DNS 8.8.8.8'
Processing PUSH Config: 'dhcp-option DNS 8.8.4.4'
Processing PUSH Config: 'comp-lzo no'
Successfully generated config
Cleaning up before Exit ...
[root@nginx data]#
# 生成密钥文件,随后根据提示输入密钥和CA名称
[root@nginx data]# docker-compose run --rm openvpn ovpn_initpki
Creating data_openvpn_run ... done
 
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/pki
 
 
Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
 
Enter New CA Key Passphrase: 输入密码
Re-Enter New CA Key Passphrase: 输入密码
Generating RSA private key, 2048 bit long modulus (2 primes)
..............................................................+++++
.......+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:hengshi@2023
 
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt
 
 
Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........................................+...+..............................................+.................................................................................................................................................................................................................................................................................+......................................................................................................................................+..............................................................................................................................................+..............................................+.............................................+.+.............+..........................................+.........+...........................+.............................+.................................................................................................+...................................+................................................+..............................................................+........................................................+............................................................................................................+......................................................+.......................................................................................................................................................................................+.....................................................................................+...............................................................................................................................................................+...............+.........................................................................................................................................+...............................................................................................................................................................................................................................................................................................................................+................+................+..+.................................+...................................................................................................................................+.............................................+.....................+................................................................................................................................................................................................................................................................................................................................................................+....................................................................................................................................................................................................................................................................................................................+...................................................................+...................................................+...........................+................................................................................................+.......................................+..................................................................................................................................................................................................................................................+......................................................................+..............................................................................................+..............................+.........................................................................................................+....................................................................................................................................................................................................................................+.................+.......+....+....................................................................+.................................................................................................................................................................................++*++*++*++*
 
DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem
 
 
Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Generating a RSA private key
...................+++++
...+++++
writing new private key to '/etc/openvpn/pki/easy-rsa-73.aEPEOP/tmp.NoCeAF'
-----
Using configuration from /etc/openvpn/pki/easy-rsa-73.aEPEOP/tmp.KJApjP
Enter pass phrase for /etc/openvpn/pki/private/ca.key:输入密码
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'公网ip'
Certificate is to be certified until Feb 19 09:02:24 2026 GMT (825 days)
 
Write out database with 1 new entries
Data Base Updated
 
Using SSL: openssl OpenSSL 1.1.1g  21 Apr 2020
Using configuration from /etc/openvpn/pki/easy-rsa-148.FCaoCp/tmp.nEEnOK
Enter pass phrase for /etc/openvpn/pki/private/ca.key:输入密码
 
An updated CRL has been created.
CRL file: /etc/openvpn/pki/crl.pem
 
# 启动服务
docker-compose up -d
 
生成客户端
1、不带密码的
#生成一个叫user1的用户,输入密钥
docker-compose run --rm  openvpn easyrsa build-client-full user nopass
2、带密码的
# 如果生成的用户需要输入密码则把后面的nopass去掉,根据提示输入密钥和个人密码
docker-compose run --rm  openvpn easyrsa build-client-full user1
 
导出user1用户证书到client文件夹里
docker-compose run --rm openvpn ovpn_getclient user1 > ./user1.ovpn
这个就是openvpn客户端使用的
 
 
删除用户
#删除用户证书
docker-compose run --rm openvpn easyrsa revoke user_name
#更新证书数据库
docker-compose run --rm openvpn easyrsa gen-crl update-db
#重启openvpn容器
docker-compose restart

junior1206
关注
VSCode通过跳板免密连接远程服务器的解决方案
weixin_43178406的博客
04-24 5万+
本文主要介绍了VSCode通过跳板免密连接远程服务器的解决方案,希望能对使用VSCode的同学们有所帮助。 文章目录 1. 问题描述 2. 解决方案
linux 跳板 外网,linux 基于ssh创建跳板
weixin_42097967的博客
05-13 1140
搭建基于ssh的跳板,服务器至少2台及以上一、在所有服务器上创建相同的跳板用户[root@dev ~]$ useradd test[root@dev ~]$ echo "test123456"|passwd --stdin test二、在跳板上创建密钥[root@dev ~]$ su - test[root@dev ~]$ ssh-keygen -t dsa -P -f ~/.ssh/id_...
跳板搭建及使用
热门推荐
灬紫荆灬
10-08 4万+
一、跳板搭建 1. 关闭防御制 [root@localhost ~]# setenforce 0 [root@localhost ~]# sed -i ‘7 s/enforcing/disabled/’ /etc/selinux/config [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl ...
简单跳板搭建笔记
weixin_33698823的博客
10-23 1313
摘录自https://github.com/LaiJingli/open_bastion_host环境: CentOS6.7 X86_64 跳板地址:192.168.2.11 后端服务器地址:192.168.2.120、下载跳板文件git clone https://github.com/LaiJingli/open_bastion_host.gi...
搭建一个跳板服务器的全过程
最新发布
百锦再的博客
03-05 3591
本文介绍了完整的。
跳板的简单搭建
qq_57422382的博客
06-10 6247
CentOS6.7 X86_64跳板地址:192.168.2.11后端服务器地址:192.168.2.120、下载跳板文件git clone https://github.com/LaiJingli/open_bastion_host.git1、创建跳板用户先创建tianbanji用户及tiaobanji组,只有跳板组的用户ssh登录时才登录到非shell的跳板程序useradd tiaobanjiusermod -s /sbin/nologin tiaobanji # 安全起见不允许tiao
搭建简易的跳板
weixin_34250709的博客
11-06 522
一、下载开源的jailkit并解压后安装 wgethttps://olivier.sessink.nl/jailkit/jailkit-2.19.tar.bz2 cd jailkit-2.19 ./configure && make && make install 二、新建跳板虚拟的用户和一些用户配置 mkdir /h...
跳板搭建
weixin_30512089的博客
10-26 804
在之前要搭建云yum仓库,需要量个源 还有一个epel.repo源就可以,都是aliyun的 首先把调班的压缩包,解压到非root目录下, 在root目录下回出现权限问题,解压到/usr/src即可 进入到跳板的了里的install目录 然后用Python启动自动安装脚本install.py 在安装的过程中会有交互式的询问,一律y 安装成功 请输入管理...
群集搭建【LNMP+负载均衡+高可用+跳板
大虾好吃吗
12-09 1824
实验目标:根据拓扑图搭建环境,安装论坛,创建证书通过https访问,实现负载均衡与高可用。
跳板
02-18
Springboard是一个在线学习平台,专注于数据科学、人工智能和机器学习等领域,它提供一系列课程和实战项目,帮助学员提升技能并为职业生涯搭建跳板。在该压缩包中,可能包含了课程的Jupyter Notebook实例,学员可以...
华为云(三)跳板设置
qq_37061589的博客
06-22 1428
下载createrepo软件,这个软甲可以创建yum软件清单创建好文件夹localrepo作为跳板的本地yum源文件夹,更新localrepo,目前还没有软件最后将localrepo文件夹链接nginx的html文件夹,让内网主可以通过http访问跳板的yum源。
Jumpserver跳板搭建.pdf
07-29
详细每一步,值的拥有!
jumpserver跳板搭建
lijun_work的博客
05-18 324
安装jumpserver 环境说明:主IP:192.168.31.10 关闭sellinux与防火墙 一、 准备python3和python虚拟环境 安装依赖包: yum -y install wget libselinux-python sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git 下载并解压python包 cd /usr/local/src/ wget https://www.python.org/ftp
房简单跳板搭建
li_rong_fu的博客
10-11 807
房简单跳板搭建 在华为云服务器搭建jump-server 配置 基本环境 mkdir -p /etc/yum.repos.d/repo_bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo_bak/ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.myhuaweicloud....
Linux服务器搭建超简易跳板连接阿里云服务器
执笔阑珊的博客
03-03 1584
想要规范内部连接阿里云云服务器的方式,但是最近懒病犯了,先搞一个简易式的跳板过渡一下,顺便在出一个教程,其他以后再说!
堡垒/跳板JumpServer3.4的搭建
ivesgg的博客
06-24 4152
为了保证服务器安全,加个堡垒,所有ssh连接都通过堡垒来完成,堡垒也需要有身份认证,授权,访问控制,审计等功能。Jumpserver 是一款由python编写开源的跳板(堡垒)系统,实现了跳板应有的功能。基于ssh协议来管理,客户端无需安装agent。在公司中,分配人员服务器权限也是相当方便,如:来一个新人,在Jumpserver分配Jumpserver账号即可,人员离职,在Jumpserver删掉人员账号即可。
linux 跳板脚本,shell 搭建简易跳板
weixin_36239323的博客
04-30 456
创建跳板脚本[root@jumpserver sbin]# pwd/usr/local/sbin[root@jumpserver sbin]# vim jumpserver.sh#!/bin/bashfunction trapper(){trap '' INT QUIT TSTP TERM HUP}function menu(){cat <==============Host List==...
pycharm怎么设置跳板连接服务器
01-17
编辑本地机器中的 `~/.ssh/config` 文件,添加针对目标主的配置项并指定跳转路径。 ```bash Host target_server HostName 实际服务器IP地址或域名 User 用户名 Port 端口号,默认22可省略 ProxyJump 中间跳板...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值