操作系统:ubuntu20.4
1.安装docker和docker-compose
apt-get update
apt-get upgrade -y
apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io -y
安装完成后要去/etc/docker/daemon.json换源
curl -L "https://get.daocloud.io/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
2.获取jumpserver2.5.3的安装文件
cd /opt
git clone https://github.com/jumpserver/Dockerfile.git
注:可以通过gitee中转一下,要不然太慢了
3.基础docker的网络和卷
docker network create jumpserver
docker volumes create core-data ## 这个卷要被两个容器共享,docker官方推荐的共享卷方式就是先生成卷,然后分别挂载
docker volumes create guacamole-data
docker volumes create koko-data
docker volumes create redis-data
docker volumes create mysql-data
4.部署mysql和redis
直接给出docker-compose.yml
version: '3'
services:
mysql:
image: mysql:8
networks:
- jumpserver
restart: always
volumes:
- mysql-data:/var/lib/mysql
- $PWD/mysql:/etc/mysql
environment:
- MYSQL_ROOT_PASSWORD=自定义mysql的root密码
container_name: mysql
security_opt:
- seccomp:unconfined
networks:
jumpserver:
external: true
version: '3'
services:
redis:
image: redis:6
container_name: redis
volumes:
- $PWD/redis.conf:/usr/local/etc/redis/redis.conf
- redis-data:/data
restart: always
networks:
- jumpserver
command: redis-server /usr/local/etc/redis/redis.conf
networks:
jumpserver:
external: true
volumes:
redis-data:
external: true
在mysql新增jumpserver用户,并新增jumpserver数据库,将jumpserver数据库权限完全赋予jumpserver用户
由于mysql8的认证方式变化,需要将jumpserver登陆认证修改为mysql自带认证。
5.jumpserver的docker-compose-external.yml
version: '3'
services:
core:
image: jumpserver/core:${Version} ## 此处与2.5.3的镜像名不一样,切记要改,以下各个容器一样,2.5.3为jumpserver/jms_core:tag,而2.6以后为jumpserver/core:tag
container_name: core ## 此处与2.5.3的容器名不一样,切记要改,切记要改,以下各个容器一样
restart: always
tty: true
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
volumes:
- core-data:/opt/jumpserver/data
networks:
- jumpserver
koko:
image: jumpserver/koko:${Version}
container_name: koko
restart: always
privileged: true
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
LOG_LEVEL: $LOG_LEVEL
depends_on:
- core
volumes:
- koko-data:/opt/koko/data
ports:
- 2222:2222
networks:
- jumpserver
guacamole:
image: jumpserver/guacamole:${Version}
container_name: guacamole
restart: always
tty: true
environment:
JUMPSERVER_SERVER: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
GUACAMOLE_LOG_LEVEL: $LOG_LEVEL
depends_on:
- core
volumes:
- guacamole-data:/config/guacamole/data
networks:
- jumpserver
nginx:
image: jumpserver/nginx:alpine2 ## 该处镜像选择这个
container_name: nginx
restart: always
tty: true
depends_on:
- core
- koko
- guacamole
volumes:
- $PWD/nginx/nginx.conf:/etc/nginx/nginx.conf ## 此文件简单修改一下servername即可,https证书暂时未配置
- $PWD/nginx/luna:/opt/luna ## 此处参照Dockerfile/nginx目录下的Dockerfile,将https://github.com/jumpserver/luna/releases/download/${Version}/luna-${Version}.tar.gz下载并解压
- $PWD/nginx/lina:/opt/lina ## 同上,将lina-v2.6.1.tar.gz下载并解压
- core-data:/opt/jumpserver/data
ports:
- 80:80
- 443:443
networks:
- jumpserver
volumes:
core-data:
external: true
koko-data:
external: true
guacamole-data:
external: true
networks:
jumpserver:
external: true
6. 配置文件
# 版本号可以自己根据项目的版本修改
Version=v2.6.1
# MySQL
DB_HOST=mysql
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=jumpserver用户在mysql数据库的密码
DB_NAME=jumpserver
# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=redis的密码,在redis.conf里面设置
# Core
SECRET_KEY=随便生成个超长随机字符串
BOOTSTRAP_TOKEN=随便生成个超长随机字符串
LOG_LEVEL=ERROR
##
# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole
7.启动jumpserver
cd /opt/Dockerfile
docker-compose -f docker-compose-external.yml up -d
8.排坑
8.1 数据库连接异常导致core服务无法启动
mysql8的认证方式要改成基本认证方式
8.2core服务正常,其他服务请求不到http://core:8080
检查docker-compose-external.yml中的container_name是否为core,在2.5.3版本里面是jms_core
8.3core服务正常,其他服务的docker logs显示错误
一般来说,是因为在core服务启动之前,相关容器已经启动了,简单重启其他容器即可。
docker-compose -f docker-compose-external.yml restart 容器名
8.4从github上下载东西太慢
在gitee上注册个账号,从github上同步到gitee再下载
