jum
客户端配置邮箱配置文件
[root@super ~]# yum -y install mailx
编辑文件
[root@super ~]# vim /etc/mail.rc set bsdcompat set from=wode_9798@163.com #邮箱账号 set smtp=smtp.163.com set smtp-auth-user=wode_9798 set smtp-auth-password=yisheng99 smtp-auth=login #授权码
测试邮箱
[root@super ~]# echo 内容|mail -s '标题' 979826593@qq.com
下载docker
[root@super ~]# yum install docker -y
更改docker工作目录
[root@super ~]# cat /etc/docker/daemon.json
{
"graph": "/data/docker"
}
创建工作目录
[root@super ~]# mkdir -vp /data/docker mkdir: created directory ‘/data’ mkdir: created directory ‘/data/docker’
启动docker
[root@super ~]# systemctl start docker.service
查看docker里jumpserver开源镜像
[root@super ~]# docker search jumpserver
选择官方版本下载
[root@super ~]# docker pull docker.io/jiaxiangkong/jumpserver_ docker:0.3.2
查看镜像
[root@super ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/jiaxiangkong/jumpserver_docker 0.3.2 56df2bf535b2 24 months ago 179 MB
创建jumpserver的工作目录
[root@super ~]# mkdir -pv /data/Dockerfile/jumpserver mkdir: created directory ‘/data/Dockerfile’ mkdir: created directory ‘/data/Dockerfile/jumpserver’
进入jumpserver目录
[root@super ~]# cd /data/Dockerfile/jumpserver/
创建配置文件
[root@super /data/Dockerfile/jumpserver]# cat Dockerfile FROM docker.io/jiaxiangkong/jumpserver_docker:0.3.2 ADD run.sh /run.sh ADD config_tmpl.conf /jumpserver/install/docker/config_tmpl.conf [root@super /data/Dockerfile/jumpserver]# cat config_tmpl.conf [base] url = http://jumpserver-sg.super.com key = 941enj9neshd1wes ip = 0.0.0.0 port = 80 log = info [db] engine = __MYSQL_ENGINE__ host = __MYSQL_HOST__ port = __MYSQL_PORT__ user = __MYSQL_USER__ password = __MYSQL_PASS__ database = __MYSQL_NAME__ [mail] mail_enable = true email_host = smtp.163.com email_port = 25 email_host_user = wode_9798@163.com email_host_password = yisheng99 email_use_tls = false email_use_ssl = false
1.12 启动文件
[root@super /data/Dockerfile/jumpserver]# cat run.sh #!/bin/sh cp -r /jumpserver/install/docker/config_tmpl.conf /jumpserver/jumpserver.conf if [ ! -f "/etc/ssh/sshd_config" ]; then cp -r /jumpserver/install/docker/sshd_config /etc/ssh/sshd_config fi if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' fi if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N '' fi if [ ! -f "/etc/ssh/ssh_host_ecdsa_key" ]; then ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N '' fi if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then ssh-keygen -t ed25519 -b 1024 -f /etc/ssh/ssh_host_ed25519_key -N '' fi /usr/sbin/sshd -E /data/logs/jumpserver.log python /jumpserver/manage.py syncdb --noinput if [ ! -f "/home/init.locked" ]; then python /jumpserver/manage.py loaddata install/initial_data.yaml date > /home/init.locked fi echo "http://mirrors.aliyun.com/alpine/v3.4/main/" > /etc/apk/repositories &&\ apk update &&\ python /jumpserver/manage.py crontab add >> /data/logs/jumpserver.log & chmod -R 777 /data/logs/jumpserver.log python /jumpserver/run_server.py >> /data/logs/jumpserver.log
增加执行权限
[root@super /data/Dockerfile/jumpserver]# chmod +x run.sh
构建一个镜像
[root@super /data/Dockerfile/jumpserver]# docker build . -t jumserver_0.3.2:201811101753 #时间戳 Sending build context to Docker daemon 5.12 kB Step 1/3 : FROM docker.io/jiaxiangkong/jumpserver_docker:0.3.2 ---> 56df2bf535b2 Step 2/3 : ADD run.sh /run.sh ---> 053fb46a2598 Removing intermediate container 7837489fbeee Step 3/3 : ADD config_tmpl.conf /jumpserver/install/docker/config_tmpl.conf ---> 03e381931edc Removing intermediate container 510f8575220c Successfully built 03e381931edc
检查
映射数据卷
创建数据库,进入模块
|
1
2
|
[root@super ~]# mkdir –p /data/volume_docker/jumpserver/data [root@super ~]# cd /data/volume_docker/jumpserver |
创建jumpserver的嵌入式关系型数据库,要求挂载出来
|
1
2
|
[root@super /data/volume_docker/jumpserver]# touch db.sqlite3[root@super /data/volume_docker/jumpserver]# chmod 666 db.sqlite3 |
进入/data/volume_docker/jumpserver/data,创建四个目录
|
1
2
3
4
5
6
7
|
[root@super /data/volume_docker/jumpserver]# cd /data/volume_docker/jumpserver/data[root@super /data/volume_docker/jumpserver/data]# mkdir home ssh keys logs[root@super /data/volume_docker/jumpserver/data]# mkdir logs/tty[root@super /data/volume_docker/jumpserver/data]# cat /etc/shadow > shadow[root@super /data/volume_docker/jumpserver/data]# cat /etc/passwd > passwd[root@super /data/volume_docker/jumpserver/data]# chmod 666 passwd[root@super /data/volume_docker/jumpserver/data]# chmod 666 shadow |
给tty777权限
|
1
2
|
[root@super /data/volume_docker/jumpserver/data]# cd /data/volume_docker/jumpserver/data/logs/[root@super /data/volume_docker/jumpserver/data/logs]# chmod 777 tty/ |
1.17 编辑jumpserver启动脚本,启动容器,映射端口,挂载数据卷
|
1
2
3
4
5
6
7
|
[root@super ~]# cat start_jumpserver.sh #!/bin/shdocker run -d \ -p 22222:22 -p 7001:80 \ ##映射端口,把22端口映射22222 20映射7001 -v /data/volume_docker/jumpserver/db.sqlite3:/jumpserver/db.sqlite3 \ -v /data/volume_docker/jumpserver/data:/data \ jumserver_0.3.2:201811101753 |
|
1
|
<img src="/wp-content/uploads/2018/11/20181111161408_72904.png" alt=""> |
增加执行权限
|
1
|
[root@super ~]# chmod +x start_jumpserver.sh |
启动
|
1
2
|
[root@super ~]# sh start_jumpserver.sh 3fee5f2c2901270c6b4936bce810aa75d18cfb83d72dda2253f6ef1b8433ff27 |
下载nginx
|
1
|
[root@super ~]# yum install -y nginx |
更改nginx配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@super ~]# cd /etc/nginx/conf.d/[root@super /etc/nginx/conf.d]# cat jumpserver-sg.super.com.conf server { listen 80; listen [::]:80; server_name jumpserver-sg.super.com; access_log /var/log/nginx/jumpserver.log main; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:7001; } |
检查
|
1
2
|
[root@super /etc/nginx/conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is ok |
启动nginx
|
1
|
systemctl restart nginx.service |
解析IP
网页登录jumpserver-sg.super.com
改密码
增加资产
授权
系统用户设置
推送
授权规则
设置用户组
设置用户
收到邮件
下载秘钥
XShell配置
更改秘钥密码
登录设置
服务器端设置允许登录
[root@super /data/volume_docker/jumpserver/data]#
tail -1 shadow
zhangsan::17845:0:99999:7:::
登录服务器
浙公网安备 33010602011771号