jumpserver docker-compose部署

环境:centos7 ubuntu20.04 Docker version 24.0.2 Docker Compose version v2.16.0

参考:

https://blog.51cto.com/mpflinux/2479093

项目地址:

https://github.com/wojiushixiaobai/docker-compose.git
https://github.com/GEGEWU-CLOUD/jumpserver1.5.7-2.git (留存)

note :

  • Jumpserver 目前的内存最低要求是 4GB ,但是生产环境中发现 jumpserver 程序占用的实际内存更多
    部署时尽量选择配置高一点的环境
  • 搭建环境配置太低会导致搭建完成后无法访问web界面 本次演示部署环境配置 4核16G100G centos7.9 搭建使用服务器为移动云 云服务器噢

一. 低版本部署

1.创建项目目录(此目录任意)

1
2
3
# 创建项目目录
mkdir -p /data/jms
cd /data/jms

2.拉取项目文件

1
2
3
4
# 有代理用户拉取
git clone https://github.com/wojiushixiaobai/docker-compose.git
# 无代理用户拉取
git clone https://mirrors.chenby.cn/https://github.com/wojiushixiaobai/docker-compose

3.环境变量.env文件留存

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 版本号可以自己根据项目的版本修改
Version=1.5.7

# MySQL
DB_HOST=mysql
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
DB_NAME=jumpserver

# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj

# Core
SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO

##
# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole

4.docker-compose文件留存

镜像留存阿里云(只需要自行替换文件即可):

1
2
3
4
5
6
7
# 镜像可选
registry.cn-hangzhou.aliyuncs.com/zznn/mycentos:jms_core1.5.7
registry.cn-hangzhou.aliyuncs.com/zznn/mycentos:jms_nginx1.5.7
registry.cn-hangzhou.aliyuncs.com/zznn/mycentos:jms_koko1.5.7
registry.cn-hangzhou.aliyuncs.com/zznn/mycentos:jms_guacamole1.5.7
registry.cn-hangzhou.aliyuncs.com/zznn/mycentos:jms_mysql1.5.7
registry.cn-hangzhou.aliyuncs.com/zznn/mycentos:jms_redis1.5.7

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
version: '3'
services:
  mysql:
    image: wojiushixiaobai/jms_mysql:${Version}
    container_name: jms_mysql
    restart: always
    tty: true
    environment:
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_NAME: $DB_NAME
    volumes:
      - mysql-data:/var/lib/mysql
    networks:
      - jumpserver

  redis:
    image: wojiushixiaobai/jms_redis:${Version}
    container_name: jms_redis
    restart: always
    tty: true
    environment:
      REDIS_PORT: $REDIS_PORT
      REDIS_PASSWORD: $REDIS_PASSWORD
    volumes:
      - redis-data:/var/lib/redis/
    networks:
      - jumpserver

  core:
    image: wojiushixiaobai/jms_core:${Version}
    container_name: jms_core
    restart: always
    tty: true
    environment:
      SECRET_KEY: $SECRET_KEY
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
      DB_HOST: $DB_HOST
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_NAME: $DB_NAME
      REDIS_HOST: $REDIS_HOST
      REDIS_PORT: $REDIS_PORT
      REDIS_PASSWORD: $REDIS_PASSWORD
    depends_on:
      - mysql
      - redis
    volumes:
      - static:/opt/jumpserver/data/static
      - media:/opt/jumpserver/data/media
    networks:
      - jumpserver

  koko:
    image: wojiushixiaobai/jms_koko:${Version}
    container_name: jms_koko
    restart: always
    tty: true
    environment:
      CORE_HOST: http://core:8080
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
    depends_on:
      - core
      - mysql
      - redis
    volumes:
      - koko-keys:/opt/koko/data/keys
    ports:
      - 2222:2222
    networks:
      - jumpserver

  guacamole:
    image: wojiushixiaobai/jms_guacamole:${Version}
    container_name: jms_guacamole
    restart: always
    tty: true
    environment:
      JUMPSERVER_SERVER: http://core:8080
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
      JUMPSERVER_KEY_DIR: /config/guacamole/keys
      GUACAMOLE_HOME: /config/guacamole
      GUACAMOLE_LOG_LEVEL: ERROR
      JUMPSERVER_ENABLE_DRIVE: 'true'
    depends_on:
      - core
      - mysql
      - redis
    volumes:
      - guacamole-keys:/config/guacamole/keys
    networks:
      - jumpserver

  nginx:
    image: wojiushixiaobai/jms_nginx:${Version}
    container_name: jms_nginx
    restart: always
    tty: true
    depends_on:
      - core
      - koko
      - mysql
      - redis
    volumes:
      - static:/opt/jumpserver/data/static
      - media:/opt/jumpserver/data/media
    ports:
      - 88:80
    networks:
      - jumpserver

volumes:
  static:
  media:
  mysql-data:
  redis-data:
  koko-keys:
  guacamole-keys:

networks:
  jumpserver:

二. 用docker-compose启动项目

1
2
# 执行启动
docker-compose up -d

image-20240608153726791

三. 高版本部署

社区版下载地址:https://community.fit2cloud.com/#/products/jumpserver/downloads

部署参考:

开源堡垒机 JumpServer (qq.com)

官方

1. 安装部署⚓︎

1
2
3
4
5
6
7
8
9
10
11
#️⃣ root@localhost:/opt#
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash

████████████████████████████████████████ 100%
[Success]: download install script to /opt/jumpserver-installer-v3.10.10
[Info]: Start executing the installation script.
[Info]: In an automated script deployment, note the message prompts on the screen.
████████████████████████████████████████ 100%
[Success]: The Installation is Complete.

For more commands, you can enter jmsctl --help to view help information.

提示

  • 首次安装后需要修改配置文件,定义 DOMAINS 字段后即可正常使用
  • 如果服务器是一键安装并且旧版本就已经使用 JumpServer 开启了 HTTPS,则不需要进行任何更改。
  • 需要使用 IP 地址来访问 JumpServer 的场景,可以根据自己的 IP 类型来填写 config.txt 配置文件中 DOMAINS 字段为公网 IP 还是内网 IP。
1
2
3
4
5
6
7
8
9
# 打开config.txt 配置文件,定义 DOMAINS 字段
vim /opt/jumpserver/config/config.txt 

# 可信任 DOMAINS 定义,
# 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP,
# DOMAINS="demo.jumpserver.org"    # 使用域名访问
# DOMAINS="172.17.200.191"         # 使用 IP 访问
# DOMAINS="demo.jumpserver.org,172.17.200.191"    # 使用 IP 和 域名一起访问
DOMAINS=

安装完成后 JumpServer 配置文件路径为: /opt/jumpserver/config/config.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
cd /opt/jumpserver-installer-v3.10.10

# 启动
./jmsctl.sh start

# 停止
./jmsctl.sh down

# 卸载
./jmsctl.sh uninstall

# 帮助
./jmsctl.sh -h

解读其实停止和启动就下面两个命令

1
2
3
4
5
6
# 到资源目录
cd /opt/jumpserver-installer-v3.10.10
# 启动
docker-compose -f compose/docker-compose-network.yml -f compose/docker-compose-core.yml -f compose/docker-compose-celery.yml -f compose/docker-compose-koko.yml -f compose/docker-compose-lion.yml -f compose/docker-compose-magnus.yml -f compose/docker-compose-chen.yml -f compose/docker-compose-kael.yml -f compose/docker-compose-web.yml -f compose/docker-compose-mariadb.yml -f compose/docker-compose-redis.yml up -d
# 停止
docker-compose -f compose/docker-compose-network.yml -f compose/docker-compose-core.yml -f compose/docker-compose-celery.yml -f compose/docker-compose-koko.yml -f compose/docker-compose-lion.yml -f compose/docker-compose-magnus.yml -f compose/docker-compose-chen.yml -f compose/docker-compose-kael.yml -f compose/docker-compose-web.yml -f compose/docker-compose-mariadb.yml -f compose/docker-compose-redis.yml down -v

2. 环境访问⚓︎

安装成功后,通过浏览器访问登录 JumpServer

1
2
3
地址: http://<JumpServer服务器IP地址>:<服务运行端口>
用户名: admin
密码: admin

登录页面

四. 效果

浏览器访问:http://10.0.0.10:88 (admin/admin)

image-20230919135303037

image-20230919135411510

结语fighting