本次基于JumpServer的2.19.1版本
JumpServer官网:https://www.jumpserver.org/
JumpServer官方的Docker版安装文档:https://github.com/jumpserver/Dockerfile/tree/master/allinone
建议你有自己的nexus,解决各种网络加速问题,参考:Docker部署Nexus和nexus配置的一些实践
1.安装启动
参考官网 JumpServer官方的Docker版安装文档:https://github.com/jumpserver/Dockerfile/tree/master/allinone
注意,mysql需要大于等5.7,且需utf8,不能是utf8-mb4,redis大于等于6.0
提供示例如下:
2.19.1版本
1
| docker run --name jms_all -d -e TZ=Asia/Shanghai -v /opt/jumpserver/logs:/opt/jumpserver/logs -v /opt/jumpserver/core/data:/opt/jumpserver/data -v /opt/jumpserver/koko/data:/opt/koko/data -v /opt/jumpserver/lion/data:/opt/lion/data -v /opt/jumpserver/kael/data:/opt/kael/data -v /opt/jumpserver/chen/data:/opt/chen/data -v /opt/jumpserver/web/log:/var/log/nginx -p 80:80 -p 2222:2222 -e SECRET_KEY=xxxxxx -e BOOTSTRAP_TOKEN=yyyyyy -e LOG_LEVEL=ERROR -e DB_HOST=你的mysql地址 -e DB_PORT=3306 -e DB_USER=jumpserver -e DB_PASSWORD=你的mysql密码 -e DB_NAME=jumpserver -e REDIS_HOST=你的redis域名或者ip -e REDIS_PORT=你的redis端口 -e REDIS_PASSWORD=你的redis密码 -e DOMAINS=你的域名 --restart=always --privileged=true jumpserver/jms_all:v2.19.1
|
3.10.7
1
2
| mkdir -p /opt/jumpserver/;;
docker run --name jms_all -d -e TZ=Asia/Shanghai -v /opt/jumpserver/logs:/opt/jumpserver/logs -v /opt/jumpserver/core/data:/opt/jumpserver/data -v /opt/jumpserver/koko/data:/opt/koko/data -v /opt/jumpserver/lion/data:/opt/lion/data -v /opt/jumpserver/kael/data:/opt/kael/data -v /opt/jumpserver/chen/data:/opt/chen/data -v /opt/jumpserver/web/log:/var/log/nginx -p 80:80 -p 2222:2222 -p 30000-30100:30000-30100 -e SECRET_KEY=4erieIGHPI31oYQBALOiXHd7J2hwE58T -e BOOTSTRAP_TOKEN=deh1d3LbCkj2mmvxpnz43k6A8MU1WhAQ -e LOG_LEVEL=ERROR -e DB_HOST=pc-bp1882kg6s787bw49.rwlb.rds.aliyuncs.com -e DB_PORT=3306 -e DB_USER=jumpserver -e DB_PASSWORD=rzHp35EaR7@Mbe2 -e DB_NAME=ops_jumpserver -e REDIS_HOST=10.0.0.186 -e REDIS_PORT=6379 -e REDIS_PASSWORD=evRc4hWnTETJuk -e DOMAINS=qa-jump.corp.occloud.net --restart=always --privileged=true jumpserver/jms_all:v3.10.7
|
其中BOOTSTRAP_TOKEN 和SECRET_KEY非常重要,一定要妥善保管,再设置好mysql和redis信息即可
默认账号密码:admin/admin
2.修改logo
1
2
3
4
|
\cp /tmp/jump-red-32.png /opt/jumpserver/core/data/static/img/facio.ico
\cp /tmp/jump-red-128.png /opt/jumpserver/core/data/static/img/logo.png
\cp /tmp/red-jumpserver.png /opt/jumpserver/core/data/static/img/logo_text_white.png
|
3.nginx配置
参考配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| # 针对 WebSocket 配置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 http2;
listen [::]:80 http2;
server_name jumpserver.xxxx.com;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jumpserver.xxxx.com;
#charset koi8-r;
access_log /var/log/nginx/jumpserver.access.log;
error_log /var/log/nginx/jumpserver.error.log;
# 修改为你的证书路径
ssl_certificate /etc/nginx/conf.d/cert/jumpserver.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/jumpserver.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#error_page 400 497 https://$http_host$request_uri;
location / {
proxy_next_upstream error timeout invalid_header;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://127.0.0.1:80/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 这里一定不要添加,否则会出现token问题
#proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
proxy_request_buffering off;
# 这里是解决websocket问题
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
|