docker部署jumpserver
1、安装Docker以及相关依赖
配置yum源
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.reposudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
2、添加国内镜像
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo3、启动Docker后台服务
systemctl start docker
4、设置开机启动
systemctl enable docker
5、查看Docker版本
docker --version
6、查看Docker compose版本
docker compose version
7、安装mysql5.7
~]#docker pull mysql:5.7
~]# mkdir -p /data/mysql/data
~]# docker run -d --name mysql --restart=always -e MYSQL_ROOT_PASSWORD=abcd@1234 -p 3306:3306 -v /data/mysql/data:/var/lib/mysql mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3453d20feed2 mysql:5.7 "docker-entrypoint..." 16 seconds ago Up 15 seconds 0.0.0.0:3306->3306/tcp, 33060/tcp mysql8、创建jumpserver数据库
~]# docker exec -it mysql /bin/bash
/# mysql -uroot -pabcd@1234
mysql> create database jumpserver default charset 'utf8mb4';
mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'abcd@1234';
mysql> flush privileges;
mysql> exit
/# mysql -ujumpserver -pabcd@1234
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
+--------------------+
2 rows in set (0.00 sec)
9、安装redis
~]# docker pull redis:4.0.10
~]# mkdir -p /data/redis/data
~]# docker run -d -it --name redis -p 6379:6379 -v /data/redis/data:/data --restart=always --sysctl net.core.somaxconn=1024 redis:4.0.10 --requirepass "abcd@1234"
~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
71840c9b0f6f redis:4.0.10 "docker-entrypoint..." 6 minutes ago Up 6 minutes 0.0.0.0:6379->6379/tcp redis
3453d20feed2 mysql:5.7 "docker-entrypoint..." 5 hours ago Up 5 hours 0.0.0.0:3306->3306/tcp, 33060/tcp mysql10、生成密钥
~]# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
fiWE7DI5hyVYznyX4XQlzwJm46K9NgHkPcUCIF01NDSudKfJKN4J
~]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
co6QU93I0RXj3Cy111、安装jumpserver
]#docker pull jumpserver/jms_all:v2.5.0
]# mkdir -p /data/jumpserver
~]# docker run -d --name jumpserver -h jumpserver --restart=always \-v /data/jumpserver:/opt/jumpserver/data/media \-p 80:80 \-p 2222:2222 \-e SECRET_KEY=$SECRET_KEY \-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \-e DB_HOST=192.168.48.152 \-e DB_PORT=3306 \-e DB_USER=jumpserver \-e DB_PASSWORD="abcd@1234" \-e DB_NAME=jumpserver \-e REDIS_HOST=192.168.48.152 \-e REDIS_PORT=6379 \-e REDIS_PASSWORD="abcd@1234" \jumpserver/jms_all:v2.5.0
12、jumpserver防火墙与改密(给目标机器添加防火墙规则)
防火墙规则是自上而下加载匹配的
### 查看防火墙
[root@VM-16-17-centos ~]# iptables -L
Chain INPUT (policy ACCEPT) ###入口链
target prot opt source destination Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT) ###出口链
target prot opt source destination Chain YJ-FIREWALL-INPUT (0 references)
target prot opt source destination 给入口链加规则
1.只允许jumpserver机器的IP可以登录,其他机器拒绝
[root@VM-16-17-centos ~]# iptables -A INPUT -s 150.158.127.76 -p tcp --dport 22 -j ACCEPT2.其他机器拒绝[root@VM-16-17-centos ~]# iptables -A INPUT -p tcp --dport 22 -j REJECT13、环境准备,关闭防火墙服务
[root@jumpserver ~]# iptables -F #清空规则[root@jumpserver ~]# systemctl disable firewalld #关闭防火墙开机自启[root@jumpserver ~]# systemctl stop firewalld #停止防火墙[root@jumpserver ~]# getenforce #获取selinux 的状态
Disabled #当前是关闭的