Docker部署Jumpserver

注意：关闭防火墙、selinux

注意：关闭防火墙、selinux

注意：关闭防火墙、selinux

数据库：mysql 版本大于等于 5.6 mariadb 版本大于等于 5.5.6

配置路由转发

否则，容器不通主机内网

cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
EOF

sysctl --system

安装Docker服务

yum -y install docker
systemctl start docker

创建映射目录

mkdir -p /data/mysql/data
mkdir -p /data/redis/data
mkdir -p /data/jumpserver

部署mysql服务

docker run -d --name mysql --restart=always -e MYSQL_ROOT_PASSWORD=abcd@1234 -p 3306:3306 -v /data/mysql/data:/var/lib/mysql mariadb:latest

进入数据库授权用户

docker exec -it mysql bash
mysql> create database jumpserver default charset 'utf8mb4';
mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'abcd@1234';
mysql> flush privileges;
mysql> exit;
# exit

部署redis服务

docker run -d -it --name redis -p 6379:6379 -v /data/redis/data:/data --restart=always  --sysctl net.core.somaxconn=1024  redis --requirepass "123456"

生成随机加密密钥

if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

部署JumpServer

docker run -d --name jumpserver --restart=always \
-v /data/jumpserver/:/opt/jumpserver/data/media \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=$SECRET_KEY \
-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
-e DB_HOST=10.99.2.161 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD="abcd@1234" \
-e DB_NAME=jumpserver \
-e REDIS_HOST=10.99.2.161 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD="123456" \
jumpserver/jms_all:1.5.6

查看jumpserver日志

docker logs -f jumpserver 
...
Starting guacd: SUCCESS
Tomcat started.
Jumpserver ALL 1.5.6
官网 http://www.jumpserver.org
文档 http://docs.jumpserver.org
有问题请参考 http://docs.jumpserver.org/zh/docs/faq.html

进入容器命令 docker exec -it jms_all /bin/bash

最后访问IP即可