centos7通过docker部署jumpserver堡垒机

博观而约取，厚积而薄发。这篇文章主要讲述centos7通过docker部署jumpserver堡垒机相关的知识，希望能为你提供帮助。
一、简介
Jumpserver 是全球首款完全开源、符合 4A 规范（包含认证Authentication 、授权 Authorization、账号 Accounting 和审计 Auditing）的运维安全审计系统，Jumpserver 通过软件订阅服务或者软硬件一体机的方式，向企业级用户交付多云环境下更好用的堡垒机。
与传统堡垒机相比， Jumpserver 采用了分布式架构设计，支持多云环境并可灵活扩展。资产管理方面， Jumpserver 无并发和资产数量限制，支持水平扩容。 Jumpserver 采用了业界领先的容器化部署方式，并且提供体验极佳的 Web Terminal 。 Jumpserver 还可实现基于 Web 的文件传输，并且支持用户将运维审计录像保存在云端（例如 AWS S3 、阿里云 OS 、 ElasticSearch 等）。
二、安装部署

cd /opt
wget https://github.com/jumpserver/installer/releases/download/v2.9.0/jumpserver-installer-v2.9.0.tar.gz
tar -xf jumpserver-installer-v2.9.0.tar.gz
cd jumpserver-installer-v2.9.0
cat config-example.txt

[root@iZgw8ibZ jumpserver-installer-v2.9.0]# ./jmsctl.sh install

██╗██╗██╗███╗███╗██████╗ ███████╗███████╗██████╗ ██╗██╗███████╗██████╗
██║██║██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║██║██╔════╝██╔══██╗
██║██║██║██╔████╔██║██████╔╝███████╗█████╗██████╔╝██║██║█████╗██████╔╝
████║██║██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝██╔══██╗╚██╗ ██╔╝██╔══╝██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║███████║███████╗██║██║ ╚████╔╝ ███████╗██║██║
╚════╝╚═════╝ ╚═╝╚═╝╚═╝╚══════╝╚══════╝╚═╝╚═╝╚═══╝╚══════╝╚═╝╚═╝

Version:v2.9.0

语言 Language(cn/en)(default cn): en

> > > Install and Configure Docker
1. Install Docker
Starting to download Docker engine ...
complete
Starting to download Docker Compose binary ...
complete

2. Configure Docker
Do you need custom docker root dir, will use the default directory /var/lib/docker? (y/n)(default n): y

Modify the default storage directory of Docker image, you can select your largest disk and create a directory in it, such as /opt/docker
FilesystemSizeUsed Avail Use% Mounted on
/dev/vda140G2.9G35G8% /

Docker image storage directory (default /var/lib/docker):
complete

3. Start Docker
not running
Docker version has changed or Docker configuration file has been changed, do you want to restart? (y/n)(default y): y
complete

> > > Loading Docker Image
[jumpserver/redis:6-alpine]
6-alpine: Pulling from jumpserver/redis
05e7bc50f07f: Pull complete
14c9d57a1c7f: Pull complete
ccd033d7ec06: Pull complete
6ff79b059f99: Pull complete
d91237314b77: Pull complete
c47d41ba6aa8: Pull complete
Digest: sha256:4920debee18fad71841ce101a7867743ff8fe7d47e6191b750c3edcfffc1cb18
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/redis:6-alpine
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/redis:6-alpine
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/redis@sha256:4920debee18fad71841ce101a7867743ff8fe7d47e6191b750c3edcfffc1cb18

[jumpserver/mysql:5]
5: Pulling from jumpserver/mysql
6ec7b7d162b2: Pull complete
fedd960d3481: Pull complete
7ab947313861: Pull complete
64f92f19e638: Pull complete
3e80b17bff96: Pull complete
014e976799f9: Pull complete
59ae84fee1b3: Pull complete
7d1da2a18e2e: Pull complete
301a28b700b9: Pull complete
979b389fc71f: Pull complete
403f729b1bad: Pull complete
Digest: sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql:5
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql:5
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/mysql@sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd

[jumpserver/nginx:alpine2]
alpine2: Pulling from jumpserver/nginx
c87736221ed0: Pull complete
6ff0ab02fe54: Pull complete
e5b318df7728: Pull complete
b7a5a4fe8726: Pull complete
Digest: sha256:d25ed0a8c1b4957f918555c0dbda9d71695d7b336d24f7017a87b2081baf1112
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx:alpine2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx:alpine2
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/nginx@sha256:d25ed0a8c1b4957f918555c0dbda9d71695d7b336d24f7017a87b2081baf1112

[jumpserver/luna:v2.9.0]
v2.9.0: Pulling from jumpserver/luna
801bfaa63ef2: Pull complete
b1242e25d284: Pull complete
7453d3e6b909: Pull complete
07ce7418c4f8: Pull complete
e295e0624aa3: Pull complete
61f06d398dc9: Pull complete
21d01bc2ab11: Pull complete
Digest: sha256:8dfa6def18a68ee08812e9af514e27e69a58bed3e93e2ef1ea19710914fe5de1
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/luna:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/luna:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/luna@sha256:8dfa6def18a68ee08812e9af514e27e69a58bed3e93e2ef1ea19710914fe5de1

[jumpserver/core:v2.9.0]
v2.9.0: Pulling from jumpserver/core
6ec7b7d162b2: Already exists
80ff6536d04b: Pull complete
2d04da85e485: Pull complete
998aa32a5c8a: Pull complete
7733ef26f344: Pull complete
6f9eb29af603: Pull complete
8e80a1abdaca: Pull complete
28abade382b5: Pull complete
ec2e65bfe647: Pull complete
e9117b79eacf: Pull complete
e2a17903d3bf: Pull complete
994fb4be8885: Pull complete
4dbfcb8d4c56: Pull complete
Digest: sha256:7bc5ad81b1a0c501fd67e4132dc8e100eeef344e81c1c0f60abbdfb0bfdb2d02
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/core:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/core:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/core@sha256:7bc5ad81b1a0c501fd67e4132dc8e100eeef344e81c1c0f60abbdfb0bfdb2d02

[jumpserver/koko:v2.9.0]
v2.9.0: Pulling from jumpserver/koko
6d28e14ab8c8: Pull complete
be8971200ce7: Pull complete
8c1f3cdab36a: Pull complete
d40897aedcd0: Pull complete
32a361642146: Pull complete
57128932518c: Pull complete
7e3b6096de3f: Pull complete
4a5244403cc3: Pull complete
c2affed12f9e: Pull complete
3b5a336e57a0: Pull complete
71a7c3917902: Pull complete
c56c34f964bb: Pull complete
03e5e4224aee: Pull complete
eb4184251cb3: Pull complete
cb375e5d71a1: Pull complete
Digest: sha256:01e790b8c1ef140331c7d0356a83191072c21ff14cc77762ae7085bead7afb45
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/koko:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/koko:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/koko@sha256:01e790b8c1ef140331c7d0356a83191072c21ff14cc77762ae7085bead7afb45

[jumpserver/guacamole:v2.9.0]
v2.9.0: Pulling from jumpserver/guacamole
6c33745f49b4: Pulling fs layer
ef072fc32a84: Pull complete
c0afb8e68e0b: Pull complete
d599c07d28e6: Pull complete
e8a829023b97: Pull complete
2709df21cc5c: Pull complete
3bfb431a8cf5: Pull complete
bb9822eef866: Pull complete
5842bda2007b: Pull complete
453a23f25fcb: Pull complete
d03d7bdcf26a: Pull complete
a0beadb6aad4: Pull complete
36c40d62827b: Pull complete
b169d13f74f8: Pull complete
263ff53f827b: Pull complete
69996ab59e71: Pull complete
fbaa61a2ee34: Pull complete
1432d980f317: Pull complete
92ba65a57dff: Pull complete
fbb6addd9fc7: Pull complete
fad6f98b9eb6: Pull complete
61276e49e312: Pull complete
9375782eca42: Pull complete
19c4830df5cc: Pull complete
Digest: sha256:fd6118d0c99ca470735139e90ce8284af35f4003fa6513c686aebd8514031b42
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/guacamole@sha256:fd6118d0c99ca470735139e90ce8284af35f4003fa6513c686aebd8514031b42

[jumpserver/lina:v2.9.0]
v2.9.0: Pulling from jumpserver/lina
801bfaa63ef2: Already exists
b1242e25d284: Already exists
7453d3e6b909: Already exists
07ce7418c4f8: Already exists
e295e0624aa3: Already exists
f13dd9da20ad: Pull complete
7d538aec784c: Pull complete
Digest: sha256:beef343ccfe19ca26dbc2abff2aef3ded0905ad65a4456041d3c2bb4e3b0b39b
Status: Downloaded newer image for swr.cn-south-1.myhuaweicloud.com/jumpserver/lina:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/lina:v2.9.0
Untagged: swr.cn-south-1.myhuaweicloud.com/jumpserver/lina@sha256:beef343ccfe19ca26dbc2abff2aef3ded0905ad65a4456041d3c2bb4e3b0b39b

> > > Install and Configure JumpServer
1. Check Configuration File
Path to Configuration file: /opt/jumpserver/config
/opt/jumpserver/config/config.txt[ √ ]
/opt/jumpserver/config/nginx/lb_http_server.conf[ √ ]
/opt/jumpserver/config/nginx/lb_sh_server.conf[ √ ]
/opt/jumpserver/config/core/config.yml[ √ ]
/opt/jumpserver/config/koko/config.yml[ √ ]
/opt/jumpserver/config/mysql/my.cnf[ √ ]
/opt/jumpserver/config/redis/redis.conf[ √ ]
complete

2. Configure Nginx
configuration file: /opt/jumpserver/config/nginx/cert
/opt/jumpserver/config/nginx/cert/server.crt[ √ ]
/opt/jumpserver/config/nginx/cert/server.key[ √ ]
complete

3. Backup Configuration File
Back up to /opt/jumpserver/config/backup/config.txt.2021-04-18_22-02-08
complete

4. Configure Network
Do you want to support IPv6? (y/n)(default n):
complete

5. Configure Private Key
SECRETE_KEY:CmxvOiBmbGFncz03MzxVUCxMT09QQkFDSyxSVU5OSU5HPiAgb
BOOTSTRAP_TOKEN: CmxvOiBmbGFncz03
complete

6. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /opt/jumpserver? (y/n)(default n):
complete

7. Configure MySQL
Do you want to use external MySQL? (y/n)(default n):
complete

8. Configure Redis
Do you want to use external Redis? (y/n)(default n):
complete

> > > The Installation is Complete
1. You can use the following command to start, and then visit
./jmsctl.sh start

2. Other management commands
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
For more commands, you can enter ./jmsctl.sh --help to understand

3. Web acces
http://172.24.109.66:8080
https://172.24.109.66:8443
Default username: adminDefault pasword: admin

4. SH/SFTP acces
sh admin@172.24.109.66 -p2222
sftp -P2222 admin@172.24.109.66

5. More information
Offical Website: https://www.jumpserver.org/
Documentation: https://docs.jumpserver.org/

三、访问jumpserver
1、修改nginx配置文件

#将域名改成自己的
vim/opt/jumpserver/config/nginx

server
listen 80;
server_name bastion.test.com; # 自行修改成你自己的域名
return 301 https://$server_name$request_uri;

server
listen 443 sl http2;
server_name bastion.test.com; # 自行修改成你自己的域名
server_tokens off;
sl_certificate cert/server.crt; # 修改成你自己的证书
sl_certificate_key cert/server.key; # 修改成你自己的证书

2、修改config配置文件，调整docker暴露端口

vim /opt/jumpserver/config/config.txt

## Nginx 配置，这个 Nginx 是用来分发路径到不同的服务
HTTP_PORT=80
HTTPS_PORT=443

## LB 配置, 这个 Nginx 是 HA 时可以启动负载均衡到不同的主机
USE_LB=0
LB_HTTP_PORT=80
LB_HTTPS_PORT=443

3、重启jumpserver