1 安装脚本

#! /bin/sh
docker run --name jms_all -d \
  --restart always \
  -v /data/jumpserver/data:/opt/jumpserver/data \
  -p 9991:80 \
  -p 9992:8080 \
  -p 9993:8081 \
  -p 9994:8070 \
  -p 9995:5000 \
  -p 2222:2222 \
  -e SECRET_KEY=RQjr4c9TmjFhb0GAZaiss0zYBPkLfBKbOTbr6TZyXWJk0aZ1zC \
  -e BOOTSTRAP_TOKEN=SAlyB1ZIkxAJRnbf \
  -e DB_HOST=180.163.53.44 \  #不能用127.0.0.1，跟内部地址有冲突
  -e DB_PORT=3360 \
  -e DB_USER=jumpserver \
  -e DB_PASSWORD=Jumpserver_12 \
  -e DB_NAME=jumpserver \
  -e REDIS_HOST=180.163.53.44 \ #不能用127.0.0.1，跟内部地址有冲突
  -e REDIS_PORT=6380 \
  -e REDIS_PASSWORD=Redis_12 \
  --privileged=true \
  jumpserver/jms_all:latest

2 nginx 配置

官方用容器安装后，直接暴露80和2222端口，在服务器用nginx转发后，有些服务不能使用，所以把里面的端口都暴露出来直接的转发，参考下面

server {
    listen 443 ssl;
    server_name jserver.baoflag.com;
    client_max_body_size 2200m;
    access_log /data/logs/logs-nginx/jserver.baoflag.com_access.log;
    error_log /data/logs/logs-nginx/jserver.baoflag.com_error.log;
    ssl_certificate   /etc/nginx/keys/baoflag.com.pem;
    ssl_certificate_key  /etc/nginx/keys/baoflag.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    #error_page 497  https://$host$uri?$args; 
    location /koko/ {
        proxy_pass       http://localhost:9995;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }
    location /guacamole/ {
        proxy_pass       http://localhost:9993/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }
    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:9994;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    location /api/ {
        proxy_pass http://localhost:9992;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    location /core/ {
        proxy_pass http://localhost:9992;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  #  location / {
  #      rewrite ^/(.*)$ /ui/$1 last;
  #  }
    location / {
      proxy_pass http://127.0.0.1:9991/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
      proxy_request_buffering off;
    }
 }
server {
    listen 80;
    server_name jserver.baoflag.com;
    rewrite ^(.*)$ https://$host$1 permanent;
}

官方网站
https://docs.jumpserver.org/zh/master/