安装docker
略
版本
$ docker version
Client: Docker Engine - Community
Version: 24.0.7
API version: 1.43
Go version: go1.20.10
Git commit: afdd53b
Built: Thu Oct 26 09:07:41 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.7
API version: 1.43 (minimum version 1.12)
Go version: go1.20.10
Git commit: 311b9ff
Built: Thu Oct 26 09:07:41 2023
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.6.24
GitCommit: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
runc:
Version: 1.1.9
GitCommit: v1.1.9-0-gccaecfc
docker-init:
Version: 0.19.0
GitCommit: de40ad0
$ docker compose version
Docker Compose version v2.21.0
安装部署
官方源码库 https://github.com/jumpserver/Dockerfile
相关目录
.
├── config_example.conf
├── db.yml
├── docker-compose-build.yml
├── docker-compose-init-db.yml
├── docker-compose-network.yml
└── docker-compose.yml
修改配置
$ mv config_example.conf .env
$ vim .env
# 版本号可以自己根据项目的版本修改
VERSION=v3.8.2
# 构建参数, 支持 amd64/arm64/loong64
TARGETARCH=amd64
# Compose
COMPOSE_PROJECT_NAME=jms
# COMPOSE_HTTP_TIMEOUT=3600
# DOCKER_CLIENT_TIMEOUT=3600
# 持久化存储
VOLUME_DIR=/data/jumpserver/data
# MySQL 修改为你的外置 **数据库** 地址
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=xxxxxxxxxxxxxxx
DB_NAME=jumpserver
# Redis 修改为你的外置 **Redis** 地址 这里也是采用容器的方式部署,所以,redis直接使用容器名成
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=xxxxxxxxxxxxxxx
# Core 修改 SECRET_KEY 和 BOOTSTRAP_TOKEN
SECRET_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
BOOTSTRAP_TOKEN=xxxxxxxxxxxxxxx
DEBUG=FALSE
LOG_LEVEL=ERROR
DOMAINS=192.168.xxx.xxx
# Web
HTTP_PORT=80
SSH_PORT=2222
MAGNUS_MYSQL_PORT=33061
MAGNUS_MARIADB_PORT=33062
MAGNUS_REDIS_PORT=63790
# Xpack
RDP_PORT=3389
MAGNUS_POSTGRESQL_PORT=54320
MAGNUS_ORACLE_PORTS=30000-30010
##
# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole
各资源清单文件
# docker-compose-network.yml
version: '2.4'
networks:
net:
enable_ipv6: true
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
gateway: 172.16.238.1
- subnet: 2001:1111:1111:1111::/64
gateway: 2001:1111:1111:1111::1
# docker-compose-init-db.yml
version: '2.4'
services:
core:
image: jumpserver/core:${VERSION}
container_name: jms_core
tty: true
command: sleep
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DEBUG: $DEBUG
LOG_LEVEL: $LOG_LEVEL
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs
networks:
- net
# db.yml
---
version: '3'
services:
mysql:
image: jumpserver/mariadb:10.6
container_name: jms_mysql
restart: always
command: --character-set-server=utf8 --collation-server=utf8_general_ci
environment:
DB_PORT: $DB_PORT
MARIADB_ROOT_PASSWORD: $DB_PASSWORD
MARIADB_DATABASE: $DB_NAME
healthcheck:
test: "mysql -h127.0.0.1 -P$$DB_PORT -uroot -p$$MARIADB_ROOT_PASSWORD -e 'SHOW DATABASES;'"
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
volumes:
- ${VOLUME_DIR}/mariadb/data:/var/lib/mysql
networks:
- net
redis:
image: jumpserver/redis:6.2
container_name: jms_redis
restart: always
command: redis-server --requirepass $REDIS_PASSWORD --loglevel warning --maxmemory-policy allkeys-lru
ports:
- ${REDIS_PORT}:6379
environment:
TZ: Asia/Shanghai
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
healthcheck:
test: "redis-cli -h 127.0.0.1 -p $$REDIS_PORT -a $$REDIS_PASSWORD info Replication"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/redis/data:/data
networks:
- net
core:
depends_on:
mysql:
condition: service_healthy
redis:
condition: service_healthy
# docker-compose.yml
version: '2.4'
services:
core:
image: jumpserver/core:${VERSION}
container_name: jms_core
ulimits:
core: 0
restart: always
tty: true
command: start web
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DEBUG: $DEBUG
LOG_LEVEL: $LOG_LEVEL
#DOMAINS: $DOMAINS
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020}
DOMAINS: ${DOMAINS:-}
healthcheck:
test: "curl -fsL http://localhost:8080/api/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
networks:
- net
celery:
image: jumpserver/core:${VERSION}
container_name: jms_celery
ulimits:
core: 0
restart: always
tty: true
command: start task
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DEBUG: $DEBUG
LOG_LEVEL: $LOG_LEVEL
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020}
depends_on:
core:
condition: service_healthy
healthcheck:
test: "bash /opt/jumpserver/utils/check_celery.sh"
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
networks:
- net
koko:
image: jumpserver/koko:${VERSION}
container_name: jms_koko
ulimits:
core: 0
restart: always
privileged: true
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
SSHD_PORT: ${SSH_PORT:-2222}
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost:5000/koko/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/koko/data:/opt/koko/data
ports:
- ${SSH_PORT:-2222}:${SSH_PORT}
networks:
- net
lion:
image: jumpserver/lion:${VERSION}
container_name: jms_lion
ulimits:
core: 0
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost:8081/lion/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/lion/data:/opt/lion/data
networks:
- net
magnus:
image: jumpserver/magnus:${VERSION}
container_name: jms_magnus
ulimits:
core: 0
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061}
MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062}
MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790}
depends_on:
core:
condition: service_healthy
healthcheck:
test: "nc -z 127.0.0.1 33061 || exit 1"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/magnus/data:/opt/magnus/data
ports:
- ${MAGNUS_MYSQL_PORT:-33061}:33061
- ${MAGNUS_MARIADB_PORT:-33062}:33062
- ${MAGNUS_REDIS_PORT:-63790}:63790
networks:
- net
chen:
image: jumpserver/chen:${VERSION}
container_name: jms_chen
ulimits:
core: 0
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
volumes:
- ${VOLUME_DIR}/chen/data:/opt/chen/data
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -f 127.0.0.1:8082/chen"
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
networks:
- net
kael:
image: jumpserver/kael:${VERSION}
container_name: jms_kael
ulimits:
core: 0
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
volumes:
- ${VOLUME_DIR}/kael/data:/opt/kael/data
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost:8083/kael/health/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
networks:
- net
web:
image: jumpserver/web:${VERSION}
container_name: jms_web
restart: always
tty: true
depends_on:
core:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost/ > /dev/null"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- ${VOLUME_DIR}/nginx/data/logs:/var/log/nginx
ports:
- ${HTTP_PORT:-80}:${HTTP_PORT:-80}
networks:
- net
部署
docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml -f db.yml up -d
# 查看日志等待稳定
# 导入数据库表数据
docker exec -i jms_core bash -c './jms upgrade_db'
# 等待结束
# 起各组件容器
docker compose -f docker-compose-network.yml -f docker-compose.yml up -d
至此,容器化部署完成
浏览器访问 http://192.168.140.28
初始化密码是admin/admin
初次进入需要修改密码