Jumpserver of Django Instances

Discover a nice open-source bastion machine Jumpserver:https://github.com/ibuler/jumpserver

The first thing to look at is the jumpserver2.0.0 version, which is implemented in the following way:

1. Django + UWGSI Implementation of the Web front-end user management interface

For Django, refer to: http://xianglong.me/article/django-request-work-flow/

Django's MVC, with Jumpserver as an example:

-The urls.py file, which controls which method the user requests is processed, is the regular expression of the URL and corresponds to the specific method name in the views

-views.py file, processing user requests, the specific content of the URLs corresponding to each method.

-models.py file, define the data model, process the database request, the specific content is the corresponding database table field name.

Finally, the views return the processing result to the corresponding front-end file in the template directory, complete a complete request.

With Pip, which is a Python Egg pack manager, we can easily install the Django package. With the tools provided by Django, we can easily build a Web project under the Django framework:

django-admin Startproject mywebproject

2. LDAP + Paramiko for server Rights Management

LDAP is a Lightweight Directory Access Protocol, and a more well-known LDAP protocol implementation is openldap/openldap-server.

It is a CS architecture that contains two components for both client and server. The client can query and modify the data through Ldapsearch/ldapadd/ldapdel and other commands, the server is in fact Berkeley database for data management, with the same command for database operations, it does not have SQL resolution steps, According to Baidu is a relational database such as MySQL and memory database, such as the file database between Redis.

Below is a brief introduction to how LDAP authentication can be turned on in Linux:

In Linux, most of our software is authenticated by calling the Pam component,

-To verify the content, you can view/etc/pam.d/system-auth, which can be automatically generated by invoking the command authconfig or Authconfig-tui.

-In addition, Authconfig will also update the configuration file/etc/sysconfig/authconfig, which can be controlled specifically using which method of authentication (open LDAP authentication we need, update to this file, set Useldapauth = yes

Finally, we need to update nsswitch.conf, which controls the sequencing of the validation mechanism, such as files, where LDAP represents the first local passwd file validation, and then looks for the LDAP server.

Note: When deciding to use LDAP authentication, do not forget to install the NSS-PAM-LDAP component

3. Express + socket.io for online user monitoring

Express is JS Web Open source Framework, before this need to install NodeJS This JS parser, NodeJS to the JS language, similar to the PHP-FPM parser in the PHP language.

Speaking of PHP, we know that the FASTCGI protocol is used to define the communication interface between PHP and other Web servers, and PHP-FPM is the implementation of the Protocol.

The UWGSI protocol mentioned earlier is an interface similar to fastcgi, but it is the one that defines Python's communication with other Web servers, and UWGSI is the implementation of the Protocol.

Finally, Socket.io is also an implementation, it is websocket the implementation of this Protocol, a lot of implementation.

Jumpserver of Django Instances