使用docker部署JumpServer堡垒机

一、安装Docker

1.安装需要的软件包， yum-util 提供yum-config-manager功能，另两个是devicemapper驱动依赖

yum install -y yum-utils device-mapper-persistent-data lvm2 

2.设置yum源

yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo（中央仓库） yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo（阿里仓库） 

3.选择docker版本并安装

yum list docker-ce --showduplicates | sort -r yum install docker-ce-版本号 

4、启动 Docker 并设置开机自启

systemctl start docker systemctl enable docker 

二、部署mysql说明

1.下载mysql dockerfile

docker pull mysql:5.7 

2、部署mysql:5.7

docker run -it -d --name mysql \ --restart=always \ -p 3306:3306 \ -v /opt/jumpserver/mysql/conf:/etc/mysql/conf.d \ #持久化存储mysql配置 -v /opt/jumpserver/mysql/logs:/var/log/mysql \ #持久化存储mysql日志 -v /opt/jumpserver/mysql/data:/var/lib/mysql \ #持久化存储mysql数据 -e MYSQL_ROOT_PASSWORD="xxxxxx" \ #生成mysql root密码 mysql:5.7 

3、初始化jumpserver的docker镜像数据库

docker exec -ti mysql mysql -uroot -pxxxxxx -e " create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'root'@'%'; flush privileges; quit" 

三、部署redis说明,

1.下载redis dockerfile

docker pull redis 

2、部署redis，密码为xxxxxx

docker run -it -d --name redis --restart=always \ -p 6379:6379 redis \ --requirepass "xxxxxx" 

四、部署jumpserver
1、下载jumpServer镜像

docker pull jumpserver/jms_all:latest 

2、生成随机加密秘钥和初始化token

#/bin/sh if [ ! "$SECRET_KEY" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi if [ ! "$BOOTSTRAP_TOKEN" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi EOBhaGJrj2PKorzVmlzyOsbtqqn4UwQdpqCDneOghAS2fFQj2w kkUVjid3aZVFWp01 

3、部署jumpserver

docker run --name jumpserver -d --restart=always \ -v /opt/jumpserver/data:/opt/jumpserver/data \ -v /opt/jumpserver/koko:/opt/koko/data \ -v /opt/jumpserver/lion:/opt/lion/data \ -p 80:80 \ -p 2222:2222 \ -e SECRET_KEY=EOBhaGJrj2PKorzVmlzyOsbtqqn4UwQdpqCDneOghAS2fFQj2w \ #SECRET_KEY -e BOOTSTRAP_TOKEN=kkUVjid3aZVFWp01 \ #BOOTSTRAP_TOKEN -e DB_HOST=172.17.0.1 \ #docker0 ip或者其它主机IP -e DB_PORT=3306 \ -e DB_USER=root \ -e DB_PASSWORD=xxxxxx \ -e DB_NAME=jumpserver \ -e REDIS_HOST=172.17.0.1 \ #docker0 ip或者其它主机IP -e REDIS_PORT=6379 \ -e REDIS_PASSWORD=xxxxxx \ jumpserver/jms_all 

五、配置防火墙
为了堡垒机安全，应该禁止mysql和redis的外部访问链接，脚本如下：

#!/bin/sh iptables -F INPUT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i docker0 -j ACCEPT #允许22、80、443 iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT #deny all iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited 

六、部署完毕,查看日志！

docker logs -f jumpserver 

原文链接：https://blog.csdn.net/lic95/article/details/124456001?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522171836884016800178595162%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=171836884016800178595162&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-5-124456001-null-null.nonecase&utm_term=docker%E9%83%A8%E7%BD%B2