一、安装Docker
1.安装需要的软件包, yum-util 提供yum-config-manager功能,另两个是devicemapper驱动依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
2.设置yum源
yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo(中央仓库)
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo(阿里仓库)
3.选择docker版本并安装
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-版本号
4、启动 Docker 并设置开机自启
systemctl start docker
systemctl enable docker
二、部署mysql说明
1.下载mysql dockerfile
docker pull mysql:5.7
2、部署mysql:5.7
docker run -it -d --name mysql \ --restart=always \ -p 3306:3306 \ -v /opt/jumpserver/mysql/conf:/etc/mysql/conf.d \ #持久化存储mysql配置 -v /opt/jumpserver/mysql/logs:/var/log/mysql \ #持久化存储mysql日志 -v /opt/jumpserver/mysql/data:/var/lib/mysql \ #持久化存储mysql数据 -e MYSQL_ROOT_PASSWORD="love-520" \ #生成mysql root密码 mysql:5.73、初始化jumpserver的docker镜像数据库
docker exec -ti mysql mysql -uroot -plove-520 -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'root'@'%';flush privileges;quit"三、部署redis说明
1.下载redis dockerfile
docker pull redis
2、部署redis,密码为xxxxxx
docker run -it -d --name redis --restart=always \ -p 6379:6379 redis \ --requirepass "love-520"四、部署jumpserver
1、下载jumpServer镜像
docker pull jumpserver/jms_all:latest
2、生成随机加密秘钥和初始化token
#/bin/shif [ ! "$SECRET_KEY" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY;else echo $SECRET_KEY;fiif [ ! "$BOOTSTRAP_TOKEN" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN;else echo $BOOTSTRAP_TOKEN;fiEOBhaGJrj2PKorzVmlzyOsbtqqn4UwQdpqCDneOghAS2fFQj2wkkUVjid3aZVFWp013、部署jumpserver
docker run --name jumpserver -d --restart=always \ -v /opt/jumpserver/data:/opt/jumpserver/data \ -v /opt/jumpserver/koko:/opt/koko/data \ -v /opt/jumpserver/lion:/opt/lion/data \ -p 80:80 \ -p 2222:2222 \ -e SECRET_KEY=EOBhaGJrj2PKorzVmlzyOsbtqqn4UwQdpqCDneOghAS2fFQj2w \ #SECRET_KEY -e BOOTSTRAP_TOKEN=kkUVjid3aZVFWp01 \ #BOOTSTRAP_TOKEN -e DB_HOST=172.17.0.1 \ #docker0 ip或者其它主机IP -e DB_PORT=3306 \ -e DB_USER=root \ -e DB_PASSWORD=xxxxxx \ -e DB_NAME=jumpserver \ -e REDIS_HOST=172.17.0.1 \ #docker0 ip或者其它主机IP -e REDIS_PORT=6379 \ -e REDIS_PASSWORD=xxxxxx \ jumpserver/jms_all五、配置防火墙
为了堡垒机安全,应该禁止mysql和redis的外部访问链接,脚本如下:
#!/bin/shiptables -F INPUTiptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -i docker0 -j ACCEPT#允许22、80、443iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPTiptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPTiptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT#deny alliptables -A INPUT -j REJECT --reject-with icmp-host-prohibited六、部署完毕,查看日志!
docker logs -f jumpserver
七、建议命令(仅供参考可忽略)
mkdir -p /opt/jumpserver/mysql/{conf,logs,data}docker run -it -d --name mysql --restart=always -p 3306:3306 -v /opt/jumpserver/mysql/conf:/etc/mysql/conf.d -v /opt/jumpserver/mysql/logs:/var/log/mysql -v /opt/jumpserver/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="love-520" mysql:5.7[root@localhost data]# docker run --name jumpserver -d --restart=always -v /opt/jumpserver/data:/opt/jumpserver/data -v /opt/jumpserver/koko:/opt/koko/data -v /opt/jumpserver/lion:/opt/lion/data -p 80:80 -p 2222:2222 -e SECRET_KEY=M0LoWZ0UlvuvhN962JD1FQTiBwxSWrS90xP729yLHSynD0Y9Sz -e BOOTSTRAP_TOKEN=w4QxKAeaaq6khcmm -e DB_HOST=172.17.0.1 -e DB_PORT=3306 -e DB_USER=root -e DB_PASSWORD=love-520 -e DB_NAME=jumpserver -e REDIS_HOST=172.17.0.1 -e REDIS_PORT=6379 -e REDIS_PASSWORD=love-520 jumpserver/jms_all来源地址:https://blog.csdn.net/weixin_48227918/article/details/131797836
