Docker部署JumpServer堡垒机
引言
- JumpServer是一款广受欢迎的开源堡垒机,设计用于帮助企业更安全地管控和登录各种类型的IT资产。它遵循4A规范(身份认证、账号管理、授权控制、安全审计),提供了一套专业的运维安全审计解决方案。
环境准备
- 硬件要求: 2核 4G 内存起步,10GB+ 磁盘空间
- 软件依赖:Docker Engine 20.10+、Docker Compose 2.0+
- 操作系统:支持Linux发行版(Ubuntu/CentOS等)
部署流程
- 创建存储目录
sudo mkdir -p /home/jump /home/jump/mariadb /home/jump/redis/conf /home/jump/jump /home/jump/jump/core/data /home/jump/jump/koko/data /home/jump/jump/lion/data /home/jump/jump/kael/data /home/jump/jump/chen/data /home/jump/jump/web/log- 创建Redis配置文件
sudo cat >> /home/jump/redis/conf/redis.conf <<EOF bind 0.0.0.0 maxmemory-policy allkeys-lru requirepass handsome EOF- 创建Redis容器
docker run -itd --name jumpserver_redis --restart=always -p 6379:6379 -v /home/jump/redis/conf:/etc/redis -v /home/jump/redis/data:/data docker.m.daocloud.io/redis:7.4.2 redis-server /etc/redis/redis.conf- 创建MariaDB数据库服务
docker run -itd --name jumpserver_mariadb --restart=always -e MYSQL_ROOT_PASSWORD=handsome -p 3306:3306 -v /home/jump/mariadb:/var/lib/mysql docker.m.daocloud.io/mariadb:11.7.2登录数据库,创建用户密码
[root@ubuntu]# docker exec -it jumpserver_mariadb bash root@bf7763b6d459:/# mariadb -u root -phandsome # 执行以下SQL CREATE DATABASE jumpserver DEFAULT CHARACTER SET utf8; CREATE USER 'jumpserver'@'%' IDENTIFIED BY 'handsome'; GRANT ALL PRIVILEGES ON jumpserver.* TO 'jumpserver'@'%'; FLUSH PRIVILEGES;- 创建JumpServer服务
docker run -itd --name jms_all --restart=always \ -p 80:80 \ -p 2222:2222 \ -p 30000-30100:30000-30100 \ -e SECRET_KEY=4kGNxyAucTuXdYKehaXavPaA5zat224PEcdovfxax2TABP5XNJ \ -e BOOTSTRAP_TOKEN=ch4c8wTsh7dhKyd513jAvNyU \ -e LOG_LEVEL=ERROR \ -e DB_ENGINE=mysql \ -e DB_HOST=192.168.1.19 \ -e DB_PORT=3306 \ -e DB_USER=jumpserver \ -e DB_PASSWORD=handsome \ -e DB_NAME=jumpserver \ -e REDIS_HOST=192.168.1.19 \ -e REDIS_PORT=6379 \ -e REDIS_PASSWORD=handsome \ --privileged=true \ -v /home/jump/jump/core/data:/opt/jumpserver/data \ -v /home/jump/jump/koko/data:/opt/koko/data \ -v /home/jump/jump/lion/data:/opt/lion/data \ -v /home/jump/jump/kael/data:/opt/kael/data \ -v /home/jump/jump/chen/data:/opt/chen/data \ -v /home/jump/jump/web/log:/var/log/nginx \ docker.xuanyuan.me/jumpserver/jms_all:v4.10.12- docker加速
镜像加速地址 | 是否正常使用 |
|---|---|
https://dockercf.jsdelivr.fyi | 正常 |
https://docker.jsdelivr.fyi | 正常 |
https://docker.1panel.live | 正常 |
https://docker.zhai.cm | 正常 |
https://a.ussh.net | 正常 |
https://docker.sunzishaokao.com | 正常 |
https://docker.xuanyuan.me | 正常 |
https://lispy.org | 正常 |
https://docker.yomansunter.com | 正常 |
https://docker-mirror.aigc2d.com | 正常 |
https://666860.xyz | 正常 |
https://docker-0.unsee.tech | 正常 |
https://docker.hlmirror.com | 正常 |
https://dockerpull.pw | 正常 |
https://hub3.nat.tf | 正常 |
https://hub.amingg.com | 正常 |
https://cr.laoyou.ip-ddns.com | 正常 |
https://docker.amingg.com | 正常 |
https://hub.1panel.dev | 正常 |
https://docker-registry.nmqu.com | 正常 |
https://docker.367231.xyz | 正常 |
- 查看服务状态
[root@Ubuntu ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 55fe8e4b3456 docker.1panel.live/jumpserver/jms_all:v4.10.12 "./entrypoint.sh" 32 minutes ago Up 32 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:2222->2222/tcp, :::2222->2222/tcp, 0.0.0.0:30000-30100->30000-30100/tcp, :::30000-30100->30000-30100/tcp jms_all 0f7761b66734 docker.m.daocloud.io/mariadb:11.7.2 "docker-entrypoint.s…" 39 minutes ago Up 39 minutes 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp jumpserver_mariadb b8727c27659 docker.m.daocloud.io/redis:7.4.2 "docker-entrypoint.s…" 40 minutes ago Up 40 minutes 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp- 登录JumpServer系统
地址:https://192.168.1.19 账户:admin 密码:ChangeMe安全加固
- 修改默认Nginx端口
- 启用HTTPS证书
- 配置防火墙规则
- 设置定期备份策略
常见问题排查
- 容器启动失败:检查日志
docker-compose logs - Web访问异常:验证端口冲突和防火墙
- 性能优化:调整MySQL和Redis参数
进阶功能
- 横向扩展:分离核心组件(Core/Koko/Luna等)
- 高可用部署:数据库集群+负载均衡
- 版本升级路径说明
结语
- 总结Docker化部署的核心价值
- 推荐后续学习方向(Kubernetes集成、二次开发)