Docker-compose部署jumpserver堡垒机-挚爱Linux-51CTO博客

一.环境部署 1.搭建docker环境

yum -y install docker

2.安装docker-compose

curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose

3.创建项目目录

mkdir -p /data/jms
cd /data/jms

4.下载jms的docker项目

git clone https://github.com/wojiushixiaobai/docker-compose.git

[root@localhost docker-compose]# cat docker-compose.yml 
version: '3'
services:
  mysql:
    image: wojiushixiaobai/jms_mysql:${Version}
    container_name: jms_mysql
    restart: always
    tty: true
    environment:
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_NAME: $DB_NAME
    volumes:
      - mysql-data:/var/lib/mysql
    networks:
      - jumpserver

  redis:
    image: wojiushixiaobai/jms_redis:${Version}
    container_name: jms_redis
    restart: always
    tty: true
    environment:
      REDIS_PORT: $REDIS_PORT
      REDIS_PASSWORD: $REDIS_PASSWORD
    volumes:
      - redis-data:/var/lib/redis/
    networks:
      - jumpserver

  core:
    image: wojiushixiaobai/jms_core:${Version}
    container_name: jms_core
    restart: always
    tty: true
    environment:
      SECRET_KEY: $SECRET_KEY
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
      DB_HOST: $DB_HOST
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_NAME: $DB_NAME
      REDIS_HOST: $REDIS_HOST
      REDIS_PORT: $REDIS_PORT
      REDIS_PASSWORD: $REDIS_PASSWORD
    depends_on:
      - mysql
      - redis
    volumes:
      - static:/opt/jumpserver/data/static
      - media:/opt/jumpserver/data/media
    networks:
      - jumpserver

  koko:
    image: wojiushixiaobai/jms_koko:${Version}
    container_name: jms_koko
    restart: always
    tty: true
    environment:
      CORE_HOST: http://core:8080
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
    depends_on:
      - core
      - mysql
      - redis
    volumes:
      - koko-keys:/opt/koko/data/keys
    ports:
      - 2222:2222
    networks:
      - jumpserver

  guacamole:
    image: wojiushixiaobai/jms_guacamole:${Version}
    container_name: jms_guacamole
    restart: always
    tty: true
    environment:
      JUMPSERVER_SERVER: http://core:8080
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
      JUMPSERVER_KEY_DIR: /config/guacamole/keys
      GUACAMOLE_HOME: /config/guacamole
      GUACAMOLE_LOG_LEVEL: ERROR
      JUMPSERVER_ENABLE_DRIVE: 'true'
    depends_on:
      - core
      - mysql
      - redis
    volumes:
      - guacamole-keys:/config/guacamole/keys
    networks:
      - jumpserver

  nginx:
    image: wojiushixiaobai/jms_nginx:${Version}
    container_name: jms_nginx
    restart: always
    tty: true
    depends_on:
      - core
      - koko
      - mysql
      - redis
    volumes:
      - static:/opt/jumpserver/data/static
      - media:/opt/jumpserver/data/media
    ports:
      - 80:80
    networks:
      - jumpserver

volumes:
  static:
  media:
  mysql-data:
  redis-data:
  koko-keys:
  guacamole-keys:

networks:
  jumpserver:

5.用docker-compose启动项目

docker-compose up -d

二.jumpserver后台配置添加主机资产并授权访问。 1.登录jump server后台，默认的登录用户名和密码均为：admin

2.配置系统用户。

3.配置管理用户。

4.创建用户组

5.创建jumpserver后台用户.

6.创建资产主机。

7.创建资产授权规则。

8.后台web查看是否有资产并验证登录

9.使用xsheel登录jumpserver，登录被控主机。

登录用户名为后台配置得后台用户，例如admin ：admin 登录端口为2222