docker方式安装jumpserver开源堡垒机

企业级堡垒机 JumpServer

一、jumpserver环境准备

操作系统：Rocky8.6
docker: 20.10.18
mysql: 5.7.30
redis: 6.2.7

二、安装部署

docker

安装docker
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -P /etc/yum.repos.d/
# yum -y install docker-ce

创建docker目录
# mkdir -p /etc/docker

添加镜像加速器
# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://pga7kpej.mirror.aliyuncs.com"]
}
EOF

启动docker服务
# systemctl enable --now docker.service

mysql

创建mysql数据目录
# mkdir -p /etc/mysql/mysql.conf.d/
# mkdir -p /etc/mysql/conf.d/

生成服务器配置文件,指定字符集
# tee /etc/mysql/mysql.conf.d/mysqld.cnf <
[mysqld]
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
datadir= /var/lib/mysql
symbolic-links=0
character-set-server=utf8   #指定字符集
EOF

生成客户端配置文件,指定字符集
# tee /etc/mysql/conf.d/mysql.cnf <
[mysql]
default-character-set=utf8  #指定字符集
EOF

安装mysql镜像
# docker run -d -p 3306:3306 --name mysql --restart always \
-e MYSQL_ROOT_PASSWORD=123456 \
-e MYSQL_DATABASE=jumpserver  \
-e MYSQL_USER=jumpserver      \
-e MYSQL_PASSWORD=123456       \
-v /data/mysql:/var/lib/mysql   \
-v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf  \
-v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf   mysql:5.7.30

redis

安装redis镜像
# docker run -d -p 6379:6379 --name redis --restart always  redis:6.2.7

jumpserver

创建token认证脚本
# vim key.sh 

#!/bin/bash
if [ ! "$SECRET_KEY" ]; then
  SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
  echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
  echo SECRET_KEY=$SECRET_KEY;
else
  echo SECRET_KEY=$SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
  BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
  echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
  echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
else
  echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
fi

生成token密码
# bash key.sh 
SECRET_KEY=IrRmbzTEii0NpOk2KJFwqtz6Qb14QL1HDhNO3HTHmymWf7IkoK
BOOTSTRAP_TOKEN=qb1ngaYDWb1rRgTQ

安装jumpserver
# docker run --name jms_all -d \
   -v /opt/jumpserver/core/data:/opt/jumpserver/data \
   -v /opt/jumpserver/koko/data:/opt/koko/data \
   -v /opt/jumpserver/lion/data:/opt/lion/data \
   -p 80:80 \
   -p 2222:2222 \
   -e SECRET_KEY=IrRmbzTEii0NpOk2KJFwqtz6Qb14QL1HDhNO3HTHmymWf7IkoK \
   -e BOOTSTRAP_TOKEN=qb1ngaYDWb1rRgTQ \
   -e LOG_LEVEL=ERROR \
   -e DB_HOST=10.0.0.159 \
   -e DB_PORT=3306 \
   -e DB_USER=jumpserver \
   -e DB_PASSWORD=123456 \
   -e DB_NAME=jumpserver \
   -e REDIS_HOST=10.0.0.159 \
   -e REDIS_PORT=6379 \
   -e REDIS_PASSWORD='' \
   --privileged=true \
   --restart always \
   jumpserver/jms_all:v2.25.5

三、浏览器访问JumpServer

查看IP
# hostname -I
10.0.0.159

登录 JumpServer 默认用户: admin 密码: admin

第一次登录要求重置密码

主页面

四、ssh 登录

# ssh -p2222 [email protected]