1 安装脚本
#! /bin/sh
docker run --name jms_all -d \
--restart always \
-v /data/jumpserver/data:/opt/jumpserver/data \
-p 9991:80 \
-p 9992:8080 \
-p 9993:8081 \
-p 9994:8070 \
-p 9995:5000 \
-p 2222:2222 \
-e SECRET_KEY=RQjr4c9TmjFhb0GAZaiss0zYBPkLfBKbOTbr6TZyXWJk0aZ1zC \
-e BOOTSTRAP_TOKEN=SAlyB1ZIkxAJRnbf \
-e DB_HOST=180.163.53.44 \ #不能用127.0.0.1,跟内部地址有冲突
-e DB_PORT=3360 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=Jumpserver_12 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=180.163.53.44 \ #不能用127.0.0.1,跟内部地址有冲突
-e REDIS_PORT=6380 \
-e REDIS_PASSWORD=Redis_12 \
--privileged=true \
jumpserver/jms_all:latest
2 nginx 配置
官方用容器安装后,直接暴露80和2222端口,在服务器用nginx转发后,有些服务不能使用,所以把里面的端口都暴露出来直接的转发,参考下面
server {
listen 443 ssl;
server_name jserver.baoflag.com;
client_max_body_size 2200m;
access_log /data/logs/logs-nginx/jserver.baoflag.com_access.log;
error_log /data/logs/logs-nginx/jserver.baoflag.com_error.log;
ssl_certificate /etc/nginx/keys/baoflag.com.pem;
ssl_certificate_key /etc/nginx/keys/baoflag.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#error_page 497 https://$host$uri?$args;
location /koko/ {
proxy_pass http://localhost:9995;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:9993/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:9994;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:9992;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:9992;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# location / {
# rewrite ^/(.*)$ /ui/$1 last;
# }
location / {
proxy_pass http://127.0.0.1:9991/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
}
server {
listen 80;
server_name jserver.baoflag.com;
rewrite ^(.*)$ https://$host$1 permanent;
}