部署JumpServer
# Docker-compose部署jumpserver
# 🔖搭建docker环境
提前安装好Docker的环境,配置阿里镜像加速。
[root@junpserver ~]# docker version
Client:
Version: 18.06.3-ce
API version: 1.38
Go version: go1.10.4
Git commit: d7080c1
Built: Wed Feb 20 02:24:22 2019
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.3-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: d7080c1
Built: Wed Feb 20 02:25:33 2019
OS/Arch: linux/amd64
Experimental: false
[root@junpserver docker-compose-master]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://ably8t50.mirror.aliyuncs.com"]
}
[root@junpserver docker-compose-master]# systemctl daemon-reload
[root@junpserver docker-compose-master]# systemctl restart docker
# 🔖安装docker-compose
安装docker-compose,版本随意,可以去github下载自己喜欢的版本。
将docker-compose移动到/usr/bin/下面之后,查看当前的docker-compose版本。
[root@junpserver ~]# docker-compose version
docker-compose version 1.27.4, build 40524192
docker-py version: 4.3.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
# 🔖下载jms的docker项目
[root@junpserver ~]# git clone https://github.com/wojiushixiaobai/docker-compose.git
[root@junpserver ~]# tree docker-compose-master/
docker-compose-master/
├── core
│ ├── Dockerfile
│ └── entrypoint.sh
├── docker-compose-build.yml
├── docker-compose.yml
├── guacamole
│ ├── Dockerfile
│ └── entrypoint.sh
├── koko
│ ├── Dockerfile
│ └── entrypoint.sh
├── mysql
│ ├── Dockerfile
│ └── entrypoint.sh
├── nginx
│ ├── Dockerfile
│ └── nginx.conf
├── README.md
└── redis
├── Dockerfile
└── entrypoint.sh
# 🔖部署docker-compose
执行docker-compose up -d的时候。会自动先执行docker-compose build去拉取构建镜像。 一共有六个服务组成的jumpserver服务。
部署完成访问http://192.168.1.3
[root@junpserver docker-compose-master]# cat docker-compose.yml
version: '3'
services:
mysql:
image: wojiushixiaobai/jms_mysql:${Version}
container_name: jms_mysql
restart: always
tty: true
environment:
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
volumes:
- mysql-data:/var/lib/mysql
networks:
- jumpserver
redis:
image: wojiushixiaobai/jms_redis:${Version}
container_name: jms_redis
restart: always
tty: true
environment:
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
volumes:
- redis-data:/var/lib/redis/
networks:
- jumpserver
core:
image: wojiushixiaobai/jms_core:${Version}
container_name: jms_core
restart: always
tty: true
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
depends_on:
- mysql
- redis
volumes:
- static:/opt/jumpserver/data/static
- media:/opt/jumpserver/data/media
networks:
- jumpserver
koko:
image: wojiushixiaobai/jms_koko:${Version}
container_name: jms_koko
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
depends_on:
- core
- mysql
- redis
volumes:
- koko-keys:/opt/koko/data/keys
ports:
- 2222:2222
networks:
- jumpserver
guacamole:
image: wojiushixiaobai/jms_guacamole:${Version}
container_name: jms_guacamole
restart: always
tty: true
environment:
JUMPSERVER_SERVER: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
JUMPSERVER_KEY_DIR: /config/guacamole/keys
GUACAMOLE_HOME: /config/guacamole
GUACAMOLE_LOG_LEVEL: ERROR
JUMPSERVER_ENABLE_DRIVE: 'true'
depends_on:
- core
- mysql
- redis
volumes:
- guacamole-keys:/config/guacamole/keys
networks:
- jumpserver
nginx:
image: wojiushixiaobai/jms_nginx:${Version}
container_name: jms_nginx
restart: always
tty: true
depends_on:
- core
- koko
- mysql
- redis
volumes:
- static:/opt/jumpserver/data/static
- media:/opt/jumpserver/data/media
ports:
- 80:80
networks:
- jumpserver
volumes:
static:
media:
mysql-data:
redis-data:
koko-keys:
guacamole-keys:
networks:
jumpserver:
[root@junpserver docker-compose-master]# docker-compose up -d
Creating jms_redis ... done
Creating jms_mysql ... done
Creating jms_core ... done
Creating jms_koko ... done
Creating jms_guacamole ... done
Creating jms_nginx ... done
[root@junpserver docker-compose-master]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------
jms_core ./entrypoint.sh Up
jms_guacamole ./entrypoint.sh Up
jms_koko ./entrypoint.sh Up 0.0.0.0:2222->2222/tcp
jms_mysql ./entrypoint.sh Up
jms_nginx nginx -g daemon off; Up 0.0.0.0:80->80/tcp
jms_redis ./entrypoint.sh Up
# 🔖访问Jumpserver
登录jump server后台,默认的登录用户名和密码均为:admin。
# 🔖添加远控主机
# 1.配置系统用户
# 2.配置管理用户
# 3.创建用户组
# 4.创建jumpserver后台用户
# 5.创建资产
# 6.创建资产授权
# 7.web终端查看
# 8.登录Jumpserver主机
[root@junpserver docker-compose-master]# ssh -p 2222 admin@192.168.1.3
The authenticity of host '[192.168.1.3]:2222 ([192.168.1.3]:2222)' can't be established.
RSA key fingerprint is SHA256:VNJRSrnvS6XpD0NceX3eY+ORLPhyRbo1QHB6z2PvmgE.
RSA key fingerprint is MD5:61:37:59:b3:4d:f5:93:77:9c:a6:65:a2:1e:22:ce:ac.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.3]:2222' (RSA) to the list of known hosts.
admin@192.168.1.3's password:
Administrator, 欢迎使用Jumpserver开源堡垒机系统
1) 输入 部分IP、主机名、备注 进行搜索登录(如果唯一).
2) 输入 / + IP,主机名 or 备注 进行搜索,如:/192.168.
3) 输入 p 进行显示您有权限的主机.
4) 输入 g 进行显示您有权限的节点.
5) 输入 d 进行显示您有权限的数据库.
6) 输入 r 进行刷新最新的机器和节点信息.
7) 输入 h 进行显示帮助.
8) 输入 q 进行退出.
Opt>
上次更新: 2023/11/28, 22:03:59