本站文章总数为:165
Search Posts

jumpserver3.8.0 3.8.1无法访问502报错解决

Posted on | By qiuf | No comments
内容纲要

公司总部安全巡检提示

漏洞描述:
JumpServer是一款开源的堡垒机和权限管理系统,旨在帮助企业实现对服务器和网络设备的安全管理和访问控制。JumpServer的权限管理存在缺陷,未经授权的远程攻击者可以下载历史会话连接期间的所有操作日志。
复现:
http://xxxxx.com/api/v1/terminal/sessions/
修复方案:
JumpServer更新到最新版本3.7.0(https://github.com/jumpserver/

原来安装的3.4只好升级了,下载离线包3.8.0升级,开始访问报502 ,后面搞了很久升突然更新的3.8.1也一样
我的部署架构是二级反代 服务器nginx 反代jumpserver里的nginx
按官方教程搞的 原来3.4版本以前一直没问题
https://docs.jumpserver.org/zh/v3/installation/proxy/#2-nginx

启动也没报错

[root@dl-devops jumpserver-offline-installer-v3.8.1-amd64]# ./jmsctl.sh restart
Stopping jms_core   ... done
Stopping jms_celery ... done
Stopping jms_chen   ... done
Stopping jms_web    ... done
Stopping jms_magnus ... done
Stopping jms_koko   ... done
Stopping jms_lion   ... done
Stopping jms_kael   ... done
Stopping jms_redis  ... done
Stopping jms_mysql  ... done
Removing jms_core   ... done
Removing jms_celery ... done
Removing jms_chen   ... done
Removing jms_web    ... done
Removing jms_magnus ... done
Removing jms_koko   ... done
Removing jms_lion   ... done
Removing jms_kael   ... done
Removing jms_redis  ... done
Removing jms_mysql  ... done
Removing network jms_net

Creating network "jms_net" with driver "bridge"
Creating jms_kael   ... done
Creating jms_chen   ... done
Creating jms_redis  ... done
Creating jms_celery ... done
Creating jms_mysql  ... done
Creating jms_koko   ... done
Creating jms_magnus ... done
Creating jms_web    ... done
Creating jms_core   ... done
Creating jms_lion   ... done
[root@dl-devops jumpserver-offline-installer-v3.8.1-amd64]# curl 127.0.0.1:8080
curl: (56) Recv failure: Connection reset by peer

nc 倒是正常

[root@dl-devops ~]# nc -zv 127.0.0.1 8080
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:8080.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

进容器内正常

docker exec -it jms_web bash
curl 127.0.0.1:10808

最后怀疑 跟这一句有关系

Creating network "jms_net" with driver "bridge"

下个汉化的容器管理portainer
https://hub.docker.com/r/6053537/portainer-ce

docker pull 6053537/portainer-ce
docker run -d --restart=always --name="portainer" -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock 6053537/portainer-ce

bridge网络里外网正常访问的容器换成jms_net网络就不能访问,切回bridge网络又正常,最后解决方案 所有jumpserver相关容器加入bridge网络,可以访问了

不懂什么鬼问题 启动也不报错

Category: Linux, 运维 | Tag: ,

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注