1、安装Docker以及相关依赖
配置yum源
sudo yum install -y yum-utilssudo yum-config-manager \--add-repo \http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
2、添加国内镜像
sudo yum install -y yum-utilssudo yum-config-manager \--add-repo \http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3、启动Docker后台服务
systemctl start docker
4、设置开机启动
systemctl enable docker
5、查看Docker版本
docker --version
6、查看Docker compose版本
docker compose version
7、安装mysql5.7
~]#docker pull mysql:5.7~]# mkdir -p /data/mysql/data~]# docker run -d --name mysql --restart=always -e MYSQL_ROOT_PASSWORD=abcd@1234 -p 3306:3306 -v /data/mysql/data:/var/lib/mysql mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES3453d20feed2 mysql:5.7 "docker-entrypoint..." 16 seconds ago Up 15 seconds 0.0.0.0:3306->3306/tcp, 33060/tcp mysql
8、创建jumpserver数据库
~]# docker exec -it mysql /bin/bash/# mysql -uroot -pabcd@1234mysql> create database jumpserver default charset 'utf8mb4';mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'abcd@1234';mysql> flush privileges;mysql> exit/# mysql -ujumpserver -pabcd@1234mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || jumpserver |+--------------------+2 rows in set (0.00 sec)
9、安装redis
~]# mkdir -p /data/redis/data~]# docker run -d -it --name redis -p 6379:6379 -v /data/redis/data:/data --restart=always --sysctl net.core.somaxconn=1024 redis:4.0.10 --requirepass "abcd@1234"~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES71840c9b0f6f redis:4.0.10 "docker-entrypoint..." 6 minutes ago Up 6 minutes 0.0.0.0:6379->6379/tcp redis3453d20feed2 mysql:5.7 "docker-entrypoint..." 5 hours ago Up 5 hours 0.0.0.0:3306->3306/tcp, 33060/tcp mysql
10、生成密钥
~]# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fifiWE7DI5hyVYznyX4XQlzwJm46K9NgHkPcUCIF01NDSudKfJKN4J~]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fico6QU93I0RXj3Cy1
11、安装jumpserver
]#docker pull jumpserver/jms_all:v2.5.0]# mkdir -p /data/jumpserver~]# docker run -d --name jumpserver -h jumpserver --restart=always \-v /data/jumpserver:/opt/jumpserver/data/media \-p 80:80 \-p 2222:2222 \-e SECRET_KEY=$SECRET_KEY \-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \-e DB_HOST=192.168.48.152 \-e DB_PORT=3306 \-e DB_USER=jumpserver \-e DB_PASSWORD="abcd@1234" \-e DB_NAME=jumpserver \-e REDIS_HOST=192.168.48.152 \-e REDIS_PORT=6379 \-e REDIS_PASSWORD="abcd@1234" \jumpserver/jms_all:v2.5.0
12、jumpserver防火墙与改密(给目标机器添加防火墙规则)
防火墙规则是自上而下加载匹配的
### 查看防火墙[root@VM-16-17-centos ~]# iptables -LChain INPUT (policy ACCEPT) ###入口链target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT) ###出口链target prot opt source destination Chain YJ-FIREWALL-INPUT (0 references)target prot opt source destination
给入口链加规则
1.只允许jumpserver机器的IP可以登录,其他机器拒绝[root@VM-16-17-centos ~]# iptables -A INPUT -s 150.158.127.76 -p tcp --dport 22 -j ACCEPT2.其他机器拒绝[root@VM-16-17-centos ~]# iptables -A INPUT -p tcp --dport 22 -j REJECT
13、环境准备,关闭防火墙服务
[root@jumpserver ~]# iptables -F #清空规则[root@jumpserver ~]# systemctl disable firewalld #关闭防火墙开机自启[root@jumpserver ~]# systemctl stop firewalld #停止防火墙[root@jumpserver ~]# getenforce #获取selinux 的状态Disabled #当前是关闭的