企业级堡垒机 JumpServer
一、jumpserver环境准备
操作系统:Rocky8.6
docker: 20.10.18
mysql: 5.7.30
redis: 6.2.7
二、安装部署
docker
安装docker
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -P /etc/yum.repos.d/
# yum -y install docker-ce
创建docker目录
# mkdir -p /etc/docker
添加镜像加速器
# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://pga7kpej.mirror.aliyuncs.com"]
}
EOF
启动docker服务
# systemctl enable --now docker.service
mysql
创建mysql数据目录
# mkdir -p /etc/mysql/mysql.conf.d/
# mkdir -p /etc/mysql/conf.d/
生成服务器配置文件,指定字符集
# tee /etc/mysql/mysql.conf.d/mysqld.cnf <<EOF
[mysqld]
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
datadir= /var/lib/mysql
symbolic-links=0
character-set-server=utf8 #指定字符集
EOF
生成客户端配置文件,指定字符集
# tee /etc/mysql/conf.d/mysql.cnf <<EOF
[mysql]
default-character-set=utf8 #指定字符集
EOF
安装mysql镜像
# docker run -d -p 3306:3306 --name mysql --restart always \
-e MYSQL_ROOT_PASSWORD=123456 \
-e MYSQL_DATABASE=jumpserver \
-e MYSQL_USER=jumpserver \
-e MYSQL_PASSWORD=123456 \
-v /data/mysql:/var/lib/mysql \
-v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
-v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf mysql:5.7.30
redis
安装redis镜像
# docker run -d -p 6379:6379 --name redis --restart always redis:6.2.7
jumpserver
创建token认证脚本
# vim key.sh
#!/bin/bash
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo SECRET_KEY=$SECRET_KEY;
else
echo SECRET_KEY=$SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
else
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
fi
生成token密码
# bash key.sh
SECRET_KEY=IrRmbzTEii0NpOk2KJFwqtz6Qb14QL1HDhNO3HTHmymWf7IkoK
BOOTSTRAP_TOKEN=qb1ngaYDWb1rRgTQ
安装jumpserver
# docker run --name jms_all -d \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=IrRmbzTEii0NpOk2KJFwqtz6Qb14QL1HDhNO3HTHmymWf7IkoK \
-e BOOTSTRAP_TOKEN=qb1ngaYDWb1rRgTQ \
-e LOG_LEVEL=ERROR \
-e DB_HOST=10.0.0.159 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=10.0.0.159 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD='' \
--privileged=true \
--restart always \
jumpserver/jms_all:v2.25.5
三、浏览器访问JumpServer
查看IP
# hostname -I
10.0.0.159
登录 JumpServer 默认用户: admin 密码: admin
第一次登录要求重置密码
主页面
四、ssh 登录
# ssh -p2222 admin@10.0.0.158