Docker-compose部署jumpserver堡壘機

一.環境部署

1.搭建docker環境

yum -y install docker

2.安裝docker-compose

curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose

3.創建項目目錄

mkdir -p /data/jms
cd /data/jms

4.下載jms的docker項目

git clone https://github.com/wojiushixiaobai/docker-compose.git

[root@localhost docker-compose]# cat docker-compose.yml 
version: '3'
services:
  mysql:
    image: wojiushixiaobai/jms_mysql:${Version}
    container_name: jms_mysql
    restart: always
    tty: true
    environment:
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_NAME: $DB_NAME
    volumes:
      - mysql-data:/var/lib/mysql
    networks:
      - jumpserver

  redis:
    image: wojiushixiaobai/jms_redis:${Version}
    container_name: jms_redis
    restart: always
    tty: true
    environment:
      REDIS_PORT: $REDIS_PORT
      REDIS_PASSWORD: $REDIS_PASSWORD
    volumes:
      - redis-data:/var/lib/redis/
    networks:
      - jumpserver

  core:
    image: wojiushixiaobai/jms_core:${Version}
    container_name: jms_core
    restart: always
    tty: true
    environment:
      SECRET_KEY: $SECRET_KEY
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
      DB_HOST: $DB_HOST
      DB_PORT: $DB_PORT
      DB_USER: $DB_USER
      DB_PASSWORD: $DB_PASSWORD
      DB_NAME: $DB_NAME
      REDIS_HOST: $REDIS_HOST
      REDIS_PORT: $REDIS_PORT
      REDIS_PASSWORD: $REDIS_PASSWORD
    depends_on:
      - mysql
      - redis
    volumes:
      - static:/opt/jumpserver/data/static
      - media:/opt/jumpserver/data/media
    networks:
      - jumpserver

  koko:
    image: wojiushixiaobai/jms_koko:${Version}
    container_name: jms_koko
    restart: always
    tty: true
    environment:
      CORE_HOST: http://core:8080
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
    depends_on:
      - core
      - mysql
      - redis
    volumes:
      - koko-keys:/opt/koko/data/keys
    ports:
      - 2222:2222
    networks:
      - jumpserver

  guacamole:
    image: wojiushixiaobai/jms_guacamole:${Version}
    container_name: jms_guacamole
    restart: always
    tty: true
    environment:
      JUMPSERVER_SERVER: http://core:8080
      BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
      JUMPSERVER_KEY_DIR: /config/guacamole/keys
      GUACAMOLE_HOME: /config/guacamole
      GUACAMOLE_LOG_LEVEL: ERROR
      JUMPSERVER_ENABLE_DRIVE: 'true'
    depends_on:
      - core
      - mysql
      - redis
    volumes:
      - guacamole-keys:/config/guacamole/keys
    networks:
      - jumpserver

  nginx:
    image: wojiushixiaobai/jms_nginx:${Version}
    container_name: jms_nginx
    restart: always
    tty: true
    depends_on:
      - core
      - koko
      - mysql
      - redis
    volumes:
      - static:/opt/jumpserver/data/static
      - media:/opt/jumpserver/data/media
    ports:
      - 80:80
    networks:
      - jumpserver

volumes:
  static:
  media:
  mysql-data:
  redis-data:
  koko-keys:
  guacamole-keys:

networks:
  jumpserver:

5.用docker-compose啓動項目

docker-compose up -d

二.jumpserver後臺配置添加主機資產並授權訪問。

1.登錄jump server後臺，默認的登錄用戶名和密碼均爲：admin

2.配置系統用戶。

3.配置管理用戶。

4.創建用戶組

5.創建jumpserver後臺用戶.

6.創建資產主機。

7.創建資產授權規則。

8.後臺web查看是否有資產並驗證登錄

9.使用xsheel登錄jumpserver，登錄被控主機。

登錄用戶名爲後臺配置得後臺用戶，例如admin ：admin 登錄端口爲2222