GitHub地址: https://github.com/jumpserver/Dockerfile
创建目录
创建持久化目录
mkdir -pv /data/jumpserver/SECRET
创建docker-compose目录
mkdir -pv /data/docker-compose/jumpserver
生成密钥
生成SECRET_KEY和BOOTSTRAP_TOKEN
# 生成SECRET_KEY
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> /data/docker-compose/jumpserver/BOOTSTRAP_TOKEN; echo "$SECRET_KEY" >> /data/jumpserver/SECRET/SECRET_KEY ;echo $SECRET_KEY; else echo $SECRET_KEY; fi
# 生成BOOTSTRAP_TOKEN
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> /data/docker-compose/jumpserver/BOOTSTRAP_TOKEN; echo "$BOOTSTRAP_TOKEN" >> /data/jumpserver/SECRET/BOOTSTRAP_TOKEN;echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
创建变量文件.env
- 文件名不可随意更改, docker-compose会自动加载.env作为环境变量
# 版本号可以自己根据项目的版本修改
Version=v2.24.0
TZ=Asia/Shanghai
# Compose
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=172.16.240.0/24
# 持久化存储
VOLUME_DIR=/data/jumpserver
# MySQL # 填写你的 Mysql 服务器信息
DB_HOST=jms_db
DB_PORT=3306
DB_ROOT_PASSWORD=Aa123456
DB_USER=jumpserver
DB_PASSWORD=jumpserver
DB_NAME=jumpserver
# Redis # 填写你的 Redis 服务器信息
REDIS_HOST=jms_redis
REDIS_PORT=6379
REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
# Core
UI_PORT=8088
SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
DEBUG=FALSE
LOG_LEVEL=ERROR
# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole
SECRET_KEY=C72P84gH0RzQCYGW4nINLUZMKKzWwsnntzBiWK3jo4g0vWq71V
BOOTSTRAP_TOKEN=nKp3K2P0oSDuIS2u
docker-compose编排
示例
version: '3'
services:
jms_db:
container_name: jms_db
image: mysql:8.0
restart: always
# docker安全验证
security_opt:
- seccomp:unconfined
volumes:
- /etc/localtime:/etc/localtime
- $VOLUME_DIR/mysql:/var/lib/mysql
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASSWORD}
MYSQL_DATABASE: ${DB_NAME}
command: --character-set-server=utf8 --collation-server=utf8_general_ci --default-authentication-plugin=mysql_native_password --skip-name-resolve
deploy:
resources:
limits:
memory: 4G
networks:
- jumpserver
jms_redis:
container_name: jms_redis
image: redis:6.2.1
restart: always
command: redis-server --requirepass $REDIS_PASSWORD --loglevel warning --maxmemory-policy allkeys-lru
environment:
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
healthcheck:
test: "redis-cli -h 127.0.0.1 -p $$REDIS_PORT -a $$REDIS_PASSWORD info Replication"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- $VOLUME_DIR/redis:/data
networks:
- jumpserver
core:
image: jumpserver/core:${Version}
container_name: jms_core
restart: always
tty: true
command: start web
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DEBUG: $DEBUG
LOG_LEVEL: $LOG_LEVEL
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
healthcheck:
test: "curl -fsL http://localhost:8080/api/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs
networks:
- jumpserver
celery:
image: jumpserver/core:${Version}
container_name: jms_celery
restart: always
tty: true
command: start task
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DEBUG: $DEBUG
LOG_LEVEL: $LOG_LEVEL
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
depends_on:
core:
condition: service_healthy
healthcheck:
test: "bash /opt/jumpserver/utils/check_celery.sh"
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs
networks:
- jumpserver
koko:
image: jumpserver/koko:${Version}
container_name: jms_koko
restart: always
privileged: true
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost:5000/koko/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/koko/data:/opt/koko/data
ports:
- 2222:2222
networks:
- jumpserver
lion:
image: jumpserver/lion:${Version}
container_name: jms_lion
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost:8081/lion/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/lion/data:/opt/lion/data
networks:
- jumpserver
magnus:
image: jumpserver/magnus:${Version}
container_name: jms_magnus
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
depends_on:
core:
condition: service_healthy
healthcheck:
test: "ps axu | grep -v 'grep' | grep magnus"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/magnus/data:/opt/magnus/data
ports:
- 33060:33060
- 33061:33061
networks:
- jumpserver
web:
image: jumpserver/web:${Version}
container_name: jms_web
restart: always
tty: true
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- ${VOLUME_DIR}/nginx/data/logs:/var/log/nginx
ports:
- $UI_PORT:80
networks:
- jumpserver
networks:
jumpserver:
启动JMS
创建容器:
docker-compose up -d
稍等一会, docker-compose ps查看, jms_core健康监测为healthy后, 所有服务将会启动成功
验证:
http://ip:端口
认证: admin/admin