Docker快速部署一款堡垒机系统

JumpServer介绍

JumpServer是一款广受欢迎的开源堡垒机，设计用于帮助企业更安全地管控和登录各种类型的IT资产。它遵循4A规范（身份认证、账号管理、授权控制、安全审计），提供了一套专业的运维安全审计解决方案。

创建持久化存储目录

mkdir -p /home/jump
mkdir -p /home/jump/mariadb
mkdir -p /home/jump/redis/conf
mkdir -p /home/jump/jump
mkdir -p /home/jump/jump/core/data
mkdir -p /home/jump/jump/koko/data
mkdir -p /home/jump/jump/lion/data
mkdir -p /home/jump/jump/kael/data
mkdir -p /home/jump/jump/kael/data
mkdir -p /home/jump/jump/chen/data
mkdir -p /home/jump/jump/web/log

创建Redis配置文件

cat >> /home/jump/redis/conf/redis.conf <<EOF
bind 0.0.0.0
maxmemory-policy allkeys-lru
requirepass handsome
EOF

创建Redis容器服务

docker run -itd --name jumpserver_redis --restart=always -p 6379:6379 -v /home/jump/redis/conf:/etc/redis -v /home/jump/redis/data:/data docker.m.daocloud.io/redis:7.4.2 redis-server /etc/redis/redis.conf

创建MariaDB数据库服务

docker run -itd --name jumpserver_mariadb --restart=always -e MYSQL_ROOT_PASSWORD=handsome -p 3306:3306 -v /home/jump/mariadb:/var/lib/mysql docker.m.daocloud.io/mariadb:11.7.2

登录数据库，创建用户密码

[root@Dean ~]# docker exec -it jumpserver_mariadb bash 
root@0f7761b6d339:/# mariadb -u root -phandsome
# 执行以下SQL
create database jumpserver default charset 'utf8';
create user 'jumpserver'@'%' identified by 'handsome';
grant all on jumpserver.* to 'jumpserver'@'%';
flush privileges;

创建JumpServer服务

docker run -itd --name jms_all --restart=always \
-p 80:80  -p 2222:2222  -p 30000-30100:30000-30100 \
-e SECRET_KEY=4kGNxyAucTuXdYKehaXavPaA5zat224PEcdovfxax2TABP5XNJ \
-e BOOTSTRAP_TOKEN=ch4c8wTsh7dhKyd513jAvNyU \
-e LOG_LEVEL=ERROR \
-e DB_ENGINE=mysql \
-e DB_HOST=192.168.1.250 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=handsome \
-e DB_NAME=jumpserver \
-e REDIS_HOST=192.168.1.250 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD=handsome \
--privileged=true \
-v /home/jump/jump/core/data:/opt/jumpserver/data \
-v /home/jump/jump/koko/data:/opt/koko/data \
-v /home/jump/jump/lion/data:/opt/lion/data \
-v /home/jump/jump/kael/data:/opt/kael/data \
-v /home/jump/jump/chen/data:/opt/chen/data \
-v /home/jump/jump/web/log:/var/log/nginx \
docker.1panel.live/jumpserver/jms_all:v4.10.12

查看服务状态

[root@Dean ~]# docker ps 
CONTAINER ID   IMAGE                                            COMMAND                   CREATED          STATUS          PORTS                                                                                                                                                 NAMES
55fe8e4bd0d6   docker.1panel.live/jumpserver/jms_all:v4.10.12   "./entrypoint.sh"         32 minutes ago   Up 32 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:2222->2222/tcp, :::2222->2222/tcp, 0.0.0.0:30000-30100->30000-30100/tcp, :::30000-30100->30000-30100/tcp   jms_all
0f7761b6d339   docker.m.daocloud.io/mariadb:11.7.2              "docker-entrypoint.s…"   39 minutes ago   Up 39 minutes   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp                                                                                                             jumpserver_mariadb
b8727c25b94d   docker.m.daocloud.io/redis:7.4.2                 "docker-entrypoint.s…"   40 minutes ago   Up 40 minutes   0.0.0.0:6379->6379/tcp, :::6379->6379/tcp  

登录JumpServer系统

地址：http://192.168.1.250
账户：admin
密码：ChangeMe