docker部署jumpserver

1、安装Docker以及相关依赖

配置yum源

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

2、添加国内镜像

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3、启动Docker后台服务

systemctl start docker

4、设置开机启动

systemctl enable docker

5、查看Docker版本

docker --version

6、查看Docker compose版本

docker compose version

7、安装mysql5.7

~]#docker pull mysql:5.7
~]# mkdir -p /data/mysql/data
~]# docker run -d --name mysql --restart=always -e MYSQL_ROOT_PASSWORD=abcd@1234  -p 3306:3306 -v /data/mysql/data:/var/lib/mysql mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
3453d20feed2        mysql:5.7           "docker-entrypoint..."   16 seconds ago      Up 15 seconds       0.0.0.0:3306->3306/tcp, 33060/tcp   mysql

8、创建jumpserver数据库

~]# docker exec -it mysql /bin/bash
/# mysql -uroot -pabcd@1234
mysql> create database jumpserver default charset 'utf8mb4';
mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'abcd@1234';
mysql> flush privileges;
mysql> exit
/# mysql -ujumpserver -pabcd@1234
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| jumpserver         |
+--------------------+
2 rows in set (0.00 sec)

9、安装redis

~]# docker pull redis:4.0.10
~]# mkdir -p /data/redis/data
~]# docker run -d -it --name redis -p 6379:6379 -v /data/redis/data:/data --restart=always  --sysctl net.core.somaxconn=1024  redis:4.0.10 --requirepass "abcd@1234"
~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
71840c9b0f6f        redis:4.0.10        "docker-entrypoint..."   6 minutes ago       Up 6 minutes        0.0.0.0:6379->6379/tcp              redis
3453d20feed2        mysql:5.7           "docker-entrypoint..."   5 hours ago         Up 5 hours          0.0.0.0:3306->3306/tcp, 33060/tcp   mysql

10、生成密钥

~]# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
fiWE7DI5hyVYznyX4XQlzwJm46K9NgHkPcUCIF01NDSudKfJKN4J
~]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
co6QU93I0RXj3Cy1

11、安装jumpserver

]#docker pull jumpserver/jms_all:v2.5.0
]# mkdir -p /data/jumpserver
~]# docker run -d --name jumpserver -h jumpserver --restart=always  \-v /data/jumpserver:/opt/jumpserver/data/media \-p 80:80 \-p 2222:2222 \-e SECRET_KEY=$SECRET_KEY \-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \-e DB_HOST=192.168.48.152 \-e DB_PORT=3306 \-e DB_USER=jumpserver \-e DB_PASSWORD="abcd@1234" \-e DB_NAME=jumpserver \-e REDIS_HOST=192.168.48.152 \-e REDIS_PORT=6379 \-e REDIS_PASSWORD="abcd@1234" \jumpserver/jms_all:v2.5.0

12、jumpserver防火墙与改密（给目标机器添加防火墙规则）

防火墙规则是自上而下加载匹配的

### 查看防火墙
[root@VM-16-17-centos ~]# iptables -L
Chain INPUT (policy ACCEPT)  ###入口链
target     prot opt source               destination         Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         Chain OUTPUT (policy ACCEPT)  ###出口链
target     prot opt source               destination         Chain YJ-FIREWALL-INPUT (0 references)
target     prot opt source               destination 

给入口链加规则

1.只允许jumpserver机器的IP可以登录，其他机器拒绝
[root@VM-16-17-centos ~]# iptables -A INPUT -s 150.158.127.76 -p tcp --dport 22 -j ACCEPT2.其他机器拒绝[root@VM-16-17-centos ~]# iptables -A INPUT -p tcp --dport 22 -j REJECT

13、环境准备，关闭防火墙服务

[root@jumpserver ~]# iptables -F   #清空规则[root@jumpserver ~]# systemctl disable firewalld  #关闭防火墙开机自启[root@jumpserver ~]# systemctl stop firewalld  #停止防火墙[root@jumpserver ~]# getenforce   #获取selinux 的状态
Disabled            #当前是关闭的