一、安装docker-ce
1) 安装/升级Docker客户端,安装必要的一些系统工具。
yum update -y
yum install -y yum-utils device-mapper-persistent-data lvm2
2) 添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3) 更新并安装
yum makecache fast
yum -y install docker-ce
4) 开启Docker服务可开机自启
service docker start
chkconfig docker on
二、安装docker-compose
方法一:
curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-uname -s
-uname -m
> /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
查看版本信息
docker-compose --version
但是此方法会经常因为网络的原因而无法安装
方法二:
1、安装python-pip
yum -y install epel-release
yum -y install python-pip
2、安装docker-compose
pip install docker-compose
待安装完成后,执行查询版本的命令,即可安装docker-compose
docker-compose version
三、安装jumpserver
创建随机的SECRET_KEY和BOOTSTRAP_TOKEN
SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时用。组件指 koko、guacamole
vim get_secret_and_token.sh
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
chomd a+x get_secret_and_token.sh && sh get_secret_and_token.sh
将获取到的secret和token替换docker-compose.yml中所有SECRET_KEY和BOOTSTRAP_TOKEN对应的值
vim docker-compose.yml
version: '3'
services:
mysql:
image: jumpserver/jms_mysql:v2.2.0
container_name: jms_mysql
restart: always
tty: true
environment:
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: nu4x599Wq7u0Bn8EABh3J91G
DB_NAME: jumpserver
volumes:
- /share/Container/container-station-data/Mount/Jumpserver/mysql-data:/var/lib/mysql
networks:
- jumpserver
redis:
image: jumpserver/jms_redis:v2.2.0
container_name: jms_redis
restart: always
tty: true
environment:
REDIS_PORT: 6379
REDIS_PASSWORD: 8URXPL2x3HZMi7xoGTdk3Upj
volumes:
- /share/Container/container-station-data/Mount/Jumpserver/redis-data:/var/lib/redis/
networks:
- jumpserver
core:
image: jumpserver/jms_core:v2.2.0
container_name: jms_core
restart: always
tty: true
environment:
SECRET_KEY: B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
BOOTSTRAP_TOKEN: 7Q11Vz6R2J6BLAdO
LOG_LEVEL: ERROR
DB_HOST: mysql
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: nu4x599Wq7u0Bn8EABh3J91G
DB_NAME: jumpserver
REDIS_HOST: redis
REDIS_PORT: 6379
REDIS_PASSWORD: 8URXPL2x3HZMi7xoGTdk3Upj
depends_on:
- mysql
- redis
volumes:
- /share/Container/container-station-data/Mount/Jumpserver/core-data:/opt/jumpserver/data
networks:
- jumpserver
koko:
image: jumpserver/jms_koko:v2.2.0
container_name: jms_koko
restart: always
privileged: true
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: 7Q11Vz6R2J6BLAdO
LOG_LEVEL: ERROR
depends_on:
- core
- mysql
- redis
volumes:
- /share/Container/container-station-data/Mount/Jumpserver/koko-keys:/opt/koko/data/keys
ports:
- 2222:2222
networks:
- jumpserver
guacamole:
image: jumpserver/jms_guacamole:v2.2.0
container_name: jms_guacamole
restart: always
tty: true
environment:
JUMPSERVER_SERVER: http://core:8080
BOOTSTRAP_TOKEN: 7Q11Vz6R2J6BLAdO
GUACAMOLE_LOG_LEVEL: ERROR
depends_on:
- core
- mysql
- redis
volumes:
- /share/Container/container-station-data/Mount/Jumpserver/guacamole-keys:/config/guacamole/keys
networks:
- jumpserver
nginx:
image: jumpserver/jms_nginx:v2.2.0
container_name: jms_nginx
restart: always
tty: true
depends_on:
- core
- koko
- mysql
- redis
volumes:
- /share/Container/container-station-data/Mount/Jumpserver/core-data:/opt/jumpserver/data
ports:
- 8888:80
networks:
- jumpserver
networks:
jumpserver:
执行docker-compose up -d启动,等待几分钟后访问http://服务器IP:8888即可看到jumpserver登陆页面
执行docker-compose down停止
默认账号密码admin/admin
yml中数据库密码、nginx端口、存储映射路径、镜像服务版本都可以根据情况修改
由于docker重启后修改的文件会丢失,故添加自定义挂载路径
这里使用的qnap_nas作为服务器所以配置的挂载路径映射为
/share/Container/container-station-data/Mount/Jumpserver/
可自行修改文件存储路径
四、QNAP搭建