在 Docker中部署jumpserver环境也可以分为几次情况
环境都在一个docker镜像中,这种环境不建议
环境分为三个docker镜像,jumpserver、mysql、redis各一个镜像
本次我们部署环境为第二种情况
0x01 安装 Docker 配置国内映像源 mkdir /etc/dockerecho "{ \"registry-mirrors\" : [ \"https://registry.docker-cn.com\", \"https://docker.mirrors.ustc.edu.cn\", \"http://hub-mirror.c.163.com\", \"https://cr.console.aliyun.com/\" ] }" >>/etc/docker/daemon.json
安装配置docker yum -y install yum-utils yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum makecache fast yum -y install docker-ce systemctl start docker && systemctl enable docker
生成秘钥 if [ "$SECRET_KEY " = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY " >> ~/.bashrc; echo $SECRET_KEY ; else echo $SECRET_KEY ; fi if [ "$BOOTSTRAP_TOKEN " = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN " >> ~/.bashrc; echo $BOOTSTRAP_TOKEN ; else echo $BOOTSTRAP_TOKEN ; fi
注:生成完 SECRET_KEY 和 BOOTSTRAP_TOKEN 变量后一定要确认一下,如果出现异常将会影响到后面的过程
echo $SECRET_KEY echo $BOOTSTRAP_TOKEN
创建jms容器中的日志及数据挂到宿机的目录
mkdir -p /home/jumpserver/datamkdir -p /home/koko/datamkdir -p /home/nginx/logsmkdir -p /home/mysql/{data,logs,conf}
0x02 映像拉取 mysql 映像拉取 docker run --restart=always \ --name mysql5.7 -id \ -e MYSQL_DATABASE="jumpserver" \ -e MYSQL_USER="jumpserver" \ -e MYSQL_PASSWORD="Ya0ling" \ -e MYSQL_ROOT_PASSWORD="Ya0ling" \ -v /home/mysql/data:/var/lib/mysql \ -v /home/mysql/logs:/var/log/mysql/ \ -v /home/mysql/conf:/etc/mysql/ \ -p 3306:3306 -d mysql:5.7.20
redis 映像拉取 echo never > /sys/kernel/mm/transparent_hugepage/enabledecho "vm.overcommit_memory=1" >>/etc/sysctl.confecho "net.core.somaxconn= 1024" >>/etc/sysctl.confecho "'echo never > /sys/kernel/mm/transparent_hugepage/enabled'" >>/etc/rc.localsysctl -p docker run -p 6379:6379 --name redis -v /home/redis/data:/data -d redis redis-server --requirepass "Ya0ling" --appendonly yes
redis容器中登录方式
docker ps -a docker exec -it redis /bin/bash redis-cli -h localhost -p 6379 auth Ya0ling auth key * exit
#注意映射关系修改配置为支持utf8mb4,或使用客户端登录修改jumpserver数据库编码
$ vim /data/mysql/conf/mysql.cnf [mysql] default-character-set=utf8mb4 root@ubuntu:~ [mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock datadir = /var/lib/mysql symbolic-links=0 character-set-server=utf8mb4
创建数据库并设置为utf8mb4编码
create database jumpserver default charset 'utf8mb4' collate 'utf8mb4_general_ci' ; grant all on jumpserver.* to 'jumpserver' @'%' identified by 'weakPassword' ;
修改数据库的字符集
mysql>use jumpserver mysql>alter database jumpserver character set utf8mb4; show variables like '%char%' ; set character_set_client=utf8mb4;
修改my.conf设置编码
[client] default-character-set=utf8mb4 [mysqld] character-set-server=utf8mb4 collation-server=utf8mb4_general_ci
拉取 jumpserver 映像 docker run --restart=always \ --name jms_all -d \ -p 80:80 -p 2222:2222 \ -e SECRET_KEY=$SECRET_KEY \ -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \ -v /home/jumpserver/data:/opt/jumpserver/data \ -v /home/jumpserver/logs:/opt/jumpserver/logs \ -v /home/koko/data:/jumpserver/koko/data \ -v /home/nginx/logs:/var/log/nginx/ \ -e DB_HOST="mysql5.7" \ -e DB_PORT=3306 \ -e DB_USER=root \ -e DB_PASSWORD=Ya0ling \ -e DB_NAME=jumpserver \ --link mysql5.7:mysql \ -e REDIS_HOST=redis \ -e REDIS_PORT=6379 \ -e REDIS_PASSWORD=Ya0ling \ --link redis:redis \ jumpserver/jms_all:latest
测试(其他机器连接,连接用户是admin,密码是admin)
docker容器设置开机自启动:
–restart具体参数值详细信息
no - 容器退出时,不重启容器
on-failure - 只有在非0状态退出时才从新启动容器
always - 无论退出状态是如何,都重启容器
docker run –restart=on-failure:10 redis
docker update –restart=always 容器ID
如未使用–restart=always选项,在服务器或其他情况导致服务器关机/重启,再次启动容器时需先起MySQL、redis,最后起jms
