Docke安装及镜像容器的基础管理、镜像制作
本文总结了Docker的安装部署、Dockerfile指令使用、JumpServer堡垒机部署以及Nginx镜像制作等内容。主要包括: Docker安装方法:通过apt包管理工具安装Docker CE,提供详细的分步命令和可选的一键安装脚本。 Dockerfile指令详解:说明FROM、LABEL、RUN、ENV、COPY、ADD、CMD、ENTRYPOINT等核心指令的功能和使用方法。 Jump
·
2. 总结安装和部署docker
包安装docker
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl softwareproperties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key
add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/dockerce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
apt-cache madison docker-ce
# Step 2: 安装指定版本的Docker-CE: (VERSION例如上面的5:17.03.1~ce-0~ubuntu-xenial)
sudo apt-get -y install docker-ce=[VERSION] docker-ce-cli=[VERSION]
#示例:指定版本安装
| apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-bionic cli=5:18.09.9~3-0~ubuntu-bionic |
docker-ce |
#Ubuntu22.04安装指定版本
apt -y install docker-ce=5:24.0.6-1~ubuntu.22.04~jammy docker-ce-cli=5:24.0.6-
1~ubuntu.22.04~jammy
删除docker
[root@ubuntu ~]#apt purge docker-ce
[root@ubuntu ~]#rm -rf /var/lib/docker
一键脚本安装dokcer
#!/bin/bash
#
#********************************************************************
#Author: wangxiaochun
#QQ: 29308620
#Date: 2022-10-14
#FileName: install_docker_offline.sh
#URL: http://www.wangxiaochun.com
#Description: The test script
#Copyright (C): 2022 All rights reserved
#********************************************************************
#支持在线和离线安装
DOCKER_VERSION=26.1.4
#DOCKER_VERSION=26.0.0
#DOCKER_VERSION=24.0.7
#DOCKER_VERSION=24.0.5
#DOCKER_VERSION=23.0.3
#DOCKER_VERSION=20.10.19
URL=https://mirrors.tuna.tsinghua.edu.cn
#URL=https://mirrors.aliyun.com
#URL=https://download.docker.com
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
prepare () {
if [ ! -e docker-${DOCKER_VERSION}.tgz ];then
#wget ${URL}/docker-ce/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
wget ${URL}/docker-ce/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
fi
[ $? -ne 0 ] && { echo "文件下载失败"; exit; }
}
install_docker () {
tar xf docker-${DOCKER_VERSION}.tgz -C /usr/local/
cp /usr/local/docker/* /usr/local/bin/
cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/local/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
}
config_docker () {
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://si7y70hh.mirror.aliyuncs.com"]
}
EOF
#systemctl restart docker
}
start_docker (){
systemctl enable --now docker
docker version && color "Docker 安装成功" 0 || color "Docker 安装失败" 1
}
config_docker_completion () {
wget -P /etc/bash_completion.d http://www.wangxiaochun.com:8888/testdir/docker/docker_completion
#source /etc/bash_completion.d/docker_completion
}
prepare
install_docker
config_docker
start_docker
config_docker_completion
3. 详细总结Dockerfile的指令含义
FROM 就是指定基础镜像,此指令通常必需放在Dockerfile文件第一个非注释行。后续的指令都是运行
于此基准镜像所提供的运行环境
LABEL: 指定镜像元数据
可以指定镜像元数据,如: 镜像作者等
LABEL <key>=<value> <key>=<value> <key>=<value> ...
MAINTAINER: 指定维护者信息
此指令已过时,用LABEL代替
MAINTAINER <name>
RUN 指令用来在构建镜像阶段需要执行 FROM 指定镜像所支持的Shell命令。
通常各种基础镜像一般都支持丰富的shell命令
注意: RUN 可以写多个,每一个RUN指令都会建立一个镜像层,所以尽可能合并成一条指令,比如将多个
shell命令通过 && 连接一起成为在一条指令
每个RUN都是独立运行的,和前一个RUN无关
关于 shell 和 exec 形式
Shell解释:
Shell形式:命令通过Shell解释,这意味着可以使用Shell特性,例如环境变量替换、管道和重
定向。
Exec形式:命令直接执行,不经过Shell。因此,没有Shell特性支持。
可移植性和安全性:
Shell形式:由于依赖Shell解释,可能会受到Shell注入攻击或其他Shell相关的问题。
Exec形式:更安全和可移植,因为命令直接执行,不依赖Shell。
性能:
Shell形式:需要额外启动一个Shell进程,可能略有性能开销。
Exec形式:直接执行命令,通常更高效。
复杂命令:
Shell形式:适合编写复杂的命令或使用Shell特性的场景。
Exec形式:适合简单的命令或不需要Shell功能的场景。
ENV: 设置环境变量
ENV 可以定义环境变量和值,会被后续指令(如:ENV,ADD,COPY,RUN等)通过$KEY或${KEY}进行引用,
并在容器运行时保持
COPY: 复制文本
复制本地宿主机的 到容器中的 。
ADD: 复制和解包文件
CMD: 容器启动命令
ENTRYPOINT: 入口点
VOLUME: 匿名卷
在容器中创建一个可以从本地主机或其他容器挂载的挂载点,一般用来存放数据库和需要保持的数据
等,默认会将宿主机上的目录挂载至VOLUME 指令指定的容器目录。即使容器后期被删除,此宿主机的
目录仍会保留,从而实现容器数据的持久保存。
EXPOSE: 暴露端口
指定服务端的容器需要对外暴露(监听)的端口号,以实现容器与外部通信。
EXPOSE 仅仅是声明容器打算使用什么端口而已,并不会真正暴露端口,即不会自动在宿主进行端口映射
因此,在启动容器时需要通过 -P 或 -p ,Docker 主机才会真正分配一个端口转发到指定暴露的端口才可
使用
注意: 即使 Dockerfile 没有 EXPOSE 端口指令,也可以通过docker run -p 临时暴露容器内程序真正监
听的端口,所以EXPOSE 相当于指定默认的暴露端口,可以通过docker run -P 进行真正暴露
4. 完成jumper server的部署,并且添加一台主机,可以通过jumper进行管理和登录
#apt update && apt list docker.io
[root@ubuntu2004 ~]#apt -y install docker.io
[root@ubuntu2004 ~]#docker version
#安装mysql
create database jumpserver default charset 'utf8';
create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G';
grant all on jumpserver.* to 'jumpserver'@'%';
flush privileges;
####注意:
#基于Jumpserver-v3.8.1 支持MySQL8.0 ,但默认MySQL8.0验证插件是#caching_sha2_password,不符
#合要求,需要修改为mysql_native_password
#JumpServer-v2.28.7之前版本默认不支持MySQL8.0,选择MySQL5.7
###m下载 MySQL 镜像查看默认配置(可选)
#下载MySQL镜像并启动
[root@ubuntu2004 ~]#docker run --rm --name mysql -e MYSQL_ROOT_PASSWORD=123456
-e MYSQL_DATABASE=jumpserver -e MYSQL_USER=jumpserver -e MYSQL_PASSWORD=123456 -d
-p 3306:3306 mysql:5.7.30
#查看默认的MySQL容器配置不符合jumpserver要求
[root@ubuntu2004 ~]#docker exec -it mysql bash
root@f44e1c85f088:/# mysql -uroot -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.30 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show create database jumpserver;
+------------+------------------------------------------------------------------
-----+
| Database | Create Database
|
+------------+------------------------------------------------------------------
-----+
| jumpserver | CREATE DATABASE `jumpserver` /*!40100 DEFAULT CHARACTER SET
latin1 */ |
+------------+------------------------------------------------------------------
-----+
1 row in set (0.01 sec)
mysql> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| jumpserver | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
5 rows in set (0.00 sec)
mysql> exit
Bye
#查看配置文件路径
root@f44e1c85f088:/# cat /etc/mysql/mysql.cnf
......
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
#默认配置文件
root@f44e1c85f088:/# tree /etc/mysql/
/etc/mysql/
|-- conf.d
| |-- docker.cnf
| |-- mysql.cnf
| `-- mysqldump.cnf
|-- my.cnf -> /etc/alternatives/my.cnf
|-- my.cnf.fallback
|-- mysql.cnf
`-- mysql.conf.d
`-- mysqld.cnf
2 directories, 7 files
root@f44e1c85f088:/# ls -R /etc/mysql
/etc/mysql:
conf.d my.cnf my.cnf.fallback mysql.cnf mysql.conf.d
/etc/mysql/conf.d:
docker.cnf mysql.cnf mysqldump.cnf
/etc/mysql/mysql.conf.d:
mysqld.cnf
#默认配置文件
root@f44e1c85f088:/# grep '^[^#]' /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
symbolic-links=0
#默认配置文件
root@f44e1c85f088:/# cat /etc/mysql/conf.d/mysql.cnf
[mysql]
root@f44e1c85f088:/# exit
exit
[root@centos8 ~]#docker stop mysql
#在宿主机准备MySQL配置文件(可选)
#准备相关目录
[root@ubuntu2004 ~]#mkdir -p /etc/mysql/mysql.conf.d/
[root@ubuntu2004 ~]#mkdir -p /etc/mysql/conf.d/
#生成服务器配置文件,指定字符集
[root@ubuntu2004 ~]#tee /etc/mysql/mysql.conf.d/mysqld.cnf <<EOF
[mysqld]
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
datadir= /var/lib/mysql
symbolic-links=0
character-set-server=utf8 #添加此行,指定字符集
EOF
#生成客户端配置文件,指定字符集
[root@ubuntu2004 ~]#tee /etc/mysql/conf.d/mysql.cnf <<EOF
[mysql]
default-character-set=utf8 #添加此行,指定字符集
EOF
#查看配置文件列表
[root@ubuntu2004 ~]#tree /etc/mysql/
/etc/mysql/
├── conf.d
│ └── mysql.cnf
└── mysql.conf.d
└── mysqld.cnf
2 directories, 2 files
#启动 MySQL 容器 将上面宿主机的设置好的配置文件挂载至MySQL容器
#默认MySQL8.0的验证插件是caching_sha2_password,不符合要求,需要修改
mysql_native_password
[root@ubuntu2204 ~]#cat mysqld.cnf
[mysqld]
default_authentication_plugin=mysql_native_password
#启动命令
docker run -d -p 3306:3306 --name mysql --restart always \
-e MYSQL_ROOT_PASSWORD=123456 \
-e MYSQL_DATABASE=jumpserver \
-e MYSQL_USER=jumpserver \
-e MYSQL_PASSWORD=123456 \
-v /data/mysql:/var/lib/mysql \
mysql:8.4.5
##!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#默认MySQL8.0的验证插件是caching_sha2_password,不符合要求,需要修改
mysql_native_password
[root@ubuntu2204 ~]#cat mysqld.cnf
[mysqld]
default_authentication_plugin=mysql_native_password
#启动MySQL容器
[root@ubuntu2204 ~]#docker run --name mysql -e MYSQL_ROOT_PASSWORD=123456 -e
MYSQL_DATABASE=jumpserver -e MYSQL_USER=jumpserver -e MYSQL_PASSWORD=123456 -d -p
3306:3306 -v ./mysqld.cnf:/etc/mysql/conf.d/mysqld.cnf --restart always
mysql:8.0.29-oracle
#安装 Redis 服务
外置 Redis 要求 Redis 版本大于等于 6.0
注意:不支持redis7.0外置 Redis 要求 Redis 版本大于等于 6.0
注意:不支持redis 7.0
#启动 Redis
docker run -d -p 6379:6379 --name redis --restart always redis:8.0.3 redis-server --requirepass 123456
#验证 Redis连接
[root@ubuntu2004 ~]#yum -y install redis
[root@ubuntu2004 ~]#redis-cli -h 10.0.0.8 -a 123456
10.0.0.8:6379> info
# Server
redis_version:5.0.9
redis_git_sha1:00000000
redis_git_dirty:0
#生成相关key
[root@ubuntu2204 ~]#cat /dev/urandom | tr -dc '[:alnum:]' | head -c50
HuMa1pnvbjrLeiBEJTUoQfBwPMrsZYlL6jpik46Hcib4PHMldx
[root@ubuntu2204 ~]#cat /dev/urandom | tr -dc '[:alnum:]' | head -c30
2wqN3fWeB4KaSLTMoyK5JgSylkS2z9
[root@ubuntu2004 ~]#cat key.sh
#!/bin/bash
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo SECRET_KEY=$SECRET_KEY;
else
echo SECRET_KEY=$SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
else
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
fi
[root@ubuntu2004 ~]#bash key.sh
[root@ubuntu2004 ~]#tail -n2 .bashrc
SECRET_KEY=9RTRBg3AjHjvUUNCUpHUH5LirSFazRozk1UyOQcoKkwMExeUEm
BOOTSTRAP_TOKEN=1OlaSdCoUpSQPjH6
##运行容器
docker run --name jms_all -d \
-p 80:80 \
-p 2222:2222 \
-p 30000-30100:30000-30100 \
-e SECRET_KEY=LqhXo2VKaVEMBAW8oE5UEy8I5MtPNtLqSiiwwhaSBARRckTUOf \
-e BOOTSTRAP_TOKEN=z8lxrBjrpebtb6Oz \
-e LOG_LEVEL=ERROR \
-e DB_HOST=192.168.153.140 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=192.168.153.140 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD=123456 \
--privileged=true \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-v /opt/jumpserver/kael/data:/opt/kael/data \
-v /opt/jumpserver/chen/data:/opt/chen/data \
-v /opt/jumpserver/web/log:/var/log/nginx \
jumpserver/jms_all:latest
#验证是否成功
[root@ubuntu2204 ~]#docker logs -f jms_all
##二、基于自定义网络利用Docker部署 JumpServer-v3.10.3
#安装Docker
[root@ubuntu2204 ~]#apt update && apt -y install docker.io
#创建自定义网络
[root@ubuntu2204 ~]#docker network create jumpserver-net
#MySQL8.0需要修改验证插件
[root@ubuntu2204 ~]#cat mysqld.cnf
[mysqld]
default_authentication_plugin=mysql_native_password
#启动MySQL容器
[root@ubuntu2204 ~]#docker run --name mysql -e MYSQL_ROOT_PASSWORD=123456 -e
MYSQL_DATABASE=jumpserver -e MYSQL_USER=jumpserver -e MYSQL_PASSWORD=123456 -d -
v ./mysqld.cnf:/etc/mysql/conf.d/mysqld.cnf --restart always --network
jumpserver-net mysql:8.0.29-oracle
#启动Redis容器
#方法1
[root@ubuntu2204 ~]#docker run -d --name redis --restart always --network
jumpserver-net redis:6.2.14
#配置redis连接密码
[root@ubuntu2204 ~]#docker exec -it redis sh
# redis-cli
127.0.0.1:6379> CONFIG get requirepass
1) "requirepass"
2) ""
127.0.0.1:6379> CONFIG set requirepass 123456
OK
127.0.0.1:6379> exit
#方法2:启动并修改密码
[root@ubuntu2204 ~]#docker run -d --name redis --restart always --network
jumpserver-net redis:6.2.14 redis-server --requirepass 123456
#生成相关key和token
[root@ubuntu2204 ~]#cat /dev/urandom | tr -dc '[:alnum:]' | head -c50
HuMa1pnvbjrLeiBEJTUoQfBwPMrsZYlL6jpik46Hcib4PHMldx
[root@ubuntu2204 ~]#cat /dev/urandom | tr -dc '[:alnum:]' | head -c30
2wqN3fWeB4KaSLTMoyK5JgSylkS2z9
#启动JumpServer容器
#jms_all:v3.10.3
[root@ubuntu2204 ~]#docker run --name jms_all -d \
-p 80:80 \
-p 2222:2222 \
-p 30000-30100:30000-30100 \
-e SECRET_KEY=SYmfImNk3TfMCmKmb7h3SYZjfTR6e2jVAjfLZxHAQqIxOdAWLv \
-e BOOTSTRAP_TOKEN=9Gd3SM0tR6gmbirptLYdkqXN82ZrQh \
-e LOG_LEVEL=ERROR \
-e DB_HOST=mysql \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=redis \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD='123456' \
--privileged=true \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-v /opt/jumpserver/magnus/data:/opt/magnus/data \
-v /opt/jumpserver/kael/data:/opt/kael/data \
-v /opt/jumpserver/chen/data:/opt/chen/data \
-v /opt/jumpserver/web/log:/var/log/nginx \
--network jumpserver-net \
--restart always \
jumpserver/jms_all:v3.10.3
#jms_all:v3.8.1
[root@ubuntu2204 ~]#docker run --name jms_all -d \
-p 80:80 \
-p 2222:2222 \
-p 30000-30100:30000-30100 \
-e SECRET_KEY=HuMa1pnvbjrLeiBEJTUoQfBwPMrsZYlL6jpik46Hcib4PHMldx \
-e BOOTSTRAP_TOKEN=2wqN3fWeB4KaSLTMoyK5JgSylkS2z9 \
-e LOG_LEVEL=ERROR \
-e DB_HOST=mysql \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=redis \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD='' \
--privileged=true \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-v /opt/jumpserver/magnus/data:/opt/magnus/data \
-v /opt/jumpserver/kael/data:/opt/kael/data \
-v /opt/jumpserver/chen/data:/opt/chen/data \
-v /opt/jumpserver/web/log:/var/log/nginx \
--network jumpserver-net \
--restart always \
jumpserver/jms_all:v3.8.1
[root@ubuntu2204 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS
NAMES
987d5e50620d jumpserver/jms_all:v3.8.1 "./entrypoint.sh" 5 seconds
ago Up 4 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:2222-
>2222/tcp, :::2222->2222/tcp, 0.0.0.0:30000-30100->30000-30100/tcp, :::30000-
30100->30000-30100/tcp jms_all
c06e0aa793f4 redis:6.2.14 "docker-entrypoint.s…" 26 seconds
ago Up 25 seconds 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp
redis
d01c1fc24827 mysql:8.0.29-oracle "docker-entrypoint.s…" 31 seconds
ago Up 31 seconds 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp
[root@ubuntu2204 ~]#docker inspect jumpserver-net
[
{
"Name": "jumpserver-net",
"Id":
"cff8700ef04b48c661263b81abe296d8f7dc353146394acd0df6bc7a54ff4de4",
"Created": "2023-11-17T10:17:09.638826506+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"987d5e50620d2a0a2678b3d3e9702314c933b18f11f795abc383efd2c1e2ca7d":
{
"Name": "jms_all",
"EndpointID":
"0d763f8bbc43d48a47a9ecbf64523618916562f003707504645f7d54c23c8963",
"MacAddress": "02:42:ac:12:00:04",
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"c06e0aa793f47e396c717d60cf866dc9dcf00f81802457c9739ac0ab89e9f11c":
{
"Name": "redis",
"EndpointID":
"55dcaa2d0062d7d394e7d6cfaf77b5f97920fa382eada2f136509a440456599d",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"d01c1fc24827e68185b63e35ef947a13db3ad86e95f0b978566e1b07334e8a14":
{
"Name": "mysql",
"EndpointID":
"5982dedf0f9a9719c2d5223caf562d139554a35c47f9d7d3b8e0497aee7525c1",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
] #
观察启动过程
[root@ubuntu2204 ~]#docker logs -f jms_all
After migration, update builtin role permissions
- Update builtin roles
2024-01-29 09:50:50 Install builtin applets
Install or update applet: /opt/jumpserver/apps/terminal/applets/dbeaver
Install or update applet: /opt/jumpserver/apps/terminal/applets/chrome
2024-01-29 09:50:50 Mon Jan 29 09:50:50 2024
2024-01-29 09:50:50 JumpServer version v3.10.3, more see
https://www.jumpserver.org
Lion Version v3.10.3, more see https://www.jumpserver.org
2024/01/29 09:51:14 Load config from env
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery
middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in
production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] GET /kael/static/*filepath --> github.com/gin-gonic/gin.
(*RouterGroup).createStaticHandler.func1 (4 handlers)
[GIN-debug] HEAD /kael/static/*filepath --> github.com/gin-gonic/gin.
(*RouterGroup).createStaticHandler.func1 (4 handlers)
[GIN-debug] GET /kael/assets/*filepath --> github.com/gin-gonic/gin.
(*RouterGroup).createStaticHandler.func1 (4 handlers)
[GIN-debug] HEAD /kael/assets/*filepath --> github.com/gin-gonic/gin.
(*RouterGroup).createStaticHandler.func1 (4 handlers)
[GIN-debug] GET /kael/connect -->
github.com/jumpserver/kael/pkg/httpd/router.(*_ConnectApi).ConnectHandler-fm (4
handlers)
[GIN-debug] GET /kael/health/ -->
github.com/jumpserver/kael/pkg/httpd/router.(*_HealthApi).HealthStatusHandler-fm
(4 handlers)
[GIN-debug] GET /kael/chat/ -->
github.com/jumpserver/kael/pkg/httpd/router.(*_ChatApi).ChatHandler-fm (5
handlers)
[GIN-debug] GET /kael/chat/system/ -->
github.com/jumpserver/kael/pkg/httpd/router.(*_SystemChatApi).ChatHandler-fm (6
handlers)
[GIN-debug] POST /kael/jms_state/ -->
github.com/jumpserver/kael/pkg/httpd/router.(*_HandlerApi).JmsStateHandler-fm (7
handlers)
[GIN-debug] POST /kael/interrupt_current_ask/ -->
github.com/jumpserver/kael/pkg/httpd/router.
(*_HandlerApi).InterruptCurrentAskHandler-fm (8 handlers)
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.0.0)
#登录 JumpServer 默认用户: admin 密码: admin
http://10.0.0.200
#三、Docker-Compose 部署
https://github.com/jumpserver/Dockerfile/blob/master/allinone/docker-compose.yml
version: '3.8'
services:
mysql:
image: mariadb:10.6
container_name: jms_mysql
restart: always
environment:
MARIADB_ROOT_PASSWORD: ${DB_PASSWORD:-Np2qgqtiUayA857GpuVI0Wtg} #密码建议修
改
MARIADB_DATABASE: ${DB_NAME:-jumpserver}
healthcheck:
test: "mysql -h127.0.0.1 -uroot -p$$MARIADB_ROOT_PASSWORD -e 'SHOW
DATABASES;'"
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
volumes:
- ${VOLUME_DIR:-./data}/mariadb/data:/var/lib/mysql
networks:
- net
redis:image: redis:6.2
container_name: jms_redis
restart: always
command: redis-server --requirepass ${REDIS_PASSWORD:-
KoJqlTDu1d5HwfXgJ4QTbZQt} #密码建议修改
environment:
REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt} #密
码建议修改
healthcheck:
test: "redis-cli -h 127.0.0.1 -a $$REDIS_PASSWORD info Replication"
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
- ${VOLUME_DIR:-./data}/redis/data:/data
networks:
- net
jumpserver:
image: jumpserver/jms_all:${VERSION:-latest}
build:
context: .
dockerfile: Dockerfile
container_name: jms_all
privileged: true
restart: always
environment:
SECRET_KEY: ${SECRET_KEY:-
vYneAbsXUhe4BghEeedNL7nfWLwaTTmhnwQMvjYOIG25Ofzghk}
BOOTSTRAP_TOKEN: ${BOOTSTRAP_TOKEN:-K1ffDfLSIK8SV2PZj6VaxOiv8KuawlJK}
DEBUG: ${DEBUG:-FALSE}
LOG_LEVEL: ${LOG_LEVEL:-ERROR}
DB_HOST: ${DB_HOST:-mysql}
DB_PORT: ${DB_PORT:-3306}
DB_USER: ${DB_USER:-root}
DB_PASSWORD: ${DB_PASSWORD:-Np2qgqtiUayA857GpuVI0Wtg}
DB_NAME: ${DB_NAME:-jumpserver}
REDIS_HOST: ${REDIS_HOST:-redis}
REDIS_PORT: ${REDIS_PORT:-6379}
REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt}
MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061}
MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062}
MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790}
DOMAINS: ${DOMAINS:-}
ports:
- ${HTTP_PORT:-80}:80/tcp
- ${SSH_PORT:-2222}:2222/tcp
- ${MAGNUS_MYSQL_PORT:-33061}:33061/tcp
- ${MAGNUS_MARIADB_PORT:-33062}:33062/tcp
- ${MAGNUS_REDIS_PORT:-63790}:63790/tcp
depends_on:
mysql:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: "curl -fsL http://localhost/api/health/ > /dev/null"范例:基于Jumpserver-v3.10.10 修改官方的docker-compose.yaml
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
volumes:
- ${VOLUME_DIR:-./data}/core/data:/opt/jumpserver/core/data
- ${VOLUME_DIR:-./data}/koko/data:/opt/jumpserver/koko/data
- ${VOLUME_DIR:-./data}/lion/data:/opt/jumpserver/lion/data
- ${VOLUME_DIR:-./data}/magnus/data:/opt/jumpserver/magnus/data
- ${VOLUME_DIR:-./data}/chen/data:/opt/jumpserver/chen/data
- ${VOLUME_DIR:-./data}/kael/data:/opt/jumpserver/kael/data
- ${VOLUME_DIR:-./data}/nginx/data:/var/log/nginx
networks:
- net
networks:
net:
部署成功后再web界面添加相关功能
添加相关主机资产
添加相关账号即可登录
登录到rocky成功
5. 总结基于ubuntu和基于centos制作nginx镜像的步骤,并且完成镜像的运行
centos制作nginx镜像
在Dockerfile目录下准备编译安装的相关文件
[root@ubuntu1804 ~]#mkdir /data/dockerfile/web/nginx/1.16
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx/1.16
[root@ubuntu1804 1.16]#wget http://nginx.org/download/nginx-1.16.1.tar.gz
[root@ubuntu1804 1.16]#mkdir app/
[root@ubuntu1804 1.16]#echo "Test Page in app" > app/index.html
[root@ubuntu1804 1.16]#tar zcf app.tar.gz app
[root@ubuntu1804 1.16]#ls
app app.tar.gz nginx-1.16.1.tar.gz
#centos安装
[root@centos7 ~]#yum -y install vim-enhanced tcpdump lrzsz tree telnet bashcompletion net-tools wget bzip2 lsof tmux man-pages zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel
[root@centos7 ~]#wget -P /usr/local/src http://nginx.org/download/nginx-
1.16.1.tar.gz
[root@centos7 ~]#cd /usr/local/src/
[root@centos7 src]#tar xvf nginx-1.16.1.tar.gz
[root@centos7 src]#cd nginx-1.16.1/
[root@centos7 nginx-1.16.1]#./configure --prefix=/apps/nginx && make && make install
#将配置文件复制到nginx镜像的服务器相应目录下
[root@centos7 ~]#scp /apps/nginx/conf/nginx.conf
10.0.0.100:/data/dockerfile/web/nginx/1.16
#准备配置文件
[root@ubuntu1804 1.16]#vim /data/dockerfile/web/nginx/1.16/nginx.conf
worker_processes 1;
user nginx;
daemon off; #增加此行,前台运行nginx
##编写Dockerfile文件
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx
[root@ubuntu1804 nginx]#vim Dockerfile
[root@ubuntu1804 nginx]#cat Dockerfile
FROM centos7-base:v1
LABEL maintainer="wangxiaochun <root@wangxiaochun.com>"
ADD nginx-1.16.1.tar.gz /usr/local/src
RUN cd /usr/local/src/nginx-1.16.1 && \
&& ./configure --prefix=/apps/nginx \
&& make && make install \
&& rm -f /usr/local/src/nginx* \
&& useradd -r nginx
COPY nginx.conf /apps/nginx/conf/
ADD app.tar.gz /apps/nginx/html/
EXPOSE 80 443
CMD ["/apps/nginx/sbin/nginx"]
[root@ubuntu1804 nginx]#
#生成nginx镜像
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx/1.16
[root@ubuntu1804 1.16]#ls
app app.tar.gz build.sh Dockerfile nginx-1.16.1.tar.gz nginx.conf
[root@ubuntu1804 1.16]#vim build.sh
[root@ubuntu1804 1.16]#cat build.sh
#!/bin/bash
#docker build -t nginx-centos7:1.6.1 .
[root@ubuntu1804 1.16]#chmod +x build.sh
[root@ubuntu1804 1.16]#./build.sh
[root@ubuntu1804 1.16]##docker images
REPOSITORY TAG IMAGE ID CREATED
SIZE
nginx-centos7 1.6.1 73e4b4b95bca 10 minutes ago
412MB
centos7-base v1 1ba1317e06dc About an hour ago
402MB
centos centos7.7.1908 08d05d1d5859 2 months ago
#生成的容器测试镜像
[root@ubuntu1804 ~]#docker run -d -p 80:80 nginx-centos7:1.6.1
e8e733c6dc96bfb212a15dec04cfcfcac72daf400f5d2423c707aeb778a1859d
[root@ubuntu1804 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
e8e733c6dc96 centos7-nginx:1.6.1 "/apps/nginx/sbin/ng…" 4 seconds ago
Up 2 seconds 0.0.0.0:80->80/tcp, 443/tcp cool_germain
[root@ubuntu1804 ~]#docker exec -it e8e733c6dc96 bash
[root@e8e733c6dc96 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.2 0.2 20572 2468 ? Ss 03:36 0:00 nginx: master
process /apps/nginx/sbin/nginx
nginx 12 0.0 0.2 21024 2344 ? S 03:36 0:00 nginx: worker
process
root 13 4.0 0.3 12364 3536 pts/0 Ss 03:37 0:00 bash
root 32 0.0 0.3 51764 3460 pts/0 R+ 03:37 0:00 ps aux
[root@e8e733c6dc96 /]# exit
exit
[root@ubuntu1804 ~]#curl 127.0.0.1/app/
Test Page in app
#@纯ubuntu制作nginx镜像
[root@ubuntu1804 ~]#mkdir /data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 1.16.1]#vim nginx.conf
user nginx;
worker_processes 1;
#daemon off;
[root@ubuntu1804 1.16.1]#wget http://nginx.org/download/nginx-1.16.1.tar.gz
#编写Dockerfile文件
[root@ubuntu1804 1.16.1]#pwd
/data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 1.16.1]#vim Dockerfile
[root@ubuntu1804 1.16.1]#cat Dockerfile
#Nginx Dockerfile
FROM centos:centos7.7.1908
MAINTAINER wangxiaochun <root@wangxiaochun.com>
RUN yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl
openssl-devel \
&& useradd -r -s /sbin/nologin nginx \
&& yum clean all
ADD nginx-1.16.1.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.16.1 \
&& ./configure --prefix=/apps/nginx \
&& make \
&& make install \
&& rm -rf /usr/local/src/nginx*
ADD nginx.conf /apps/nginx/conf/nginx.conf
COPY index.html /apps/nginx/html/
RUN ln -s /apps/nginx/sbin/nginx /usr/sbin/nginx
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]
# 生成nginx镜像
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 1.16.1]#vim build.sh
[root@ubuntu1804 1.16.1]#cat build.sh
#!/bin/bash
#
docker build -t nginx-centos7:1.6.1-v2 .
[root@ubuntu1804 1.16.1]#chmod +x build.sh
[root@ubuntu1804 1.16.1]#ls
build.sh Dockerfile index.html nginx-1.16.1.tar.gz nginx.conf
[root@ubuntu1804 1.16.1]#./build.sh
[root@ubuntu1804 1.16.1]#docker images
REPOSITORY TAG IMAGE ID CREATED
SIZE
nginx-centos7 1.6.1-v2 1918d29d5f45 17 minutes ago
328MB
nginx-centos7 1.6.1 8c16774437a5 13 hours ago
412MB
centos7-base v1 1ba1317e06dc 15 hours ago
402MB
centos centos7.7.1908 08d05d1d5859 2 months ago
204MB
# 生成容器测试镜像
[root@ubuntu1804 ~]#docker run -d -p 80:80 nginx-centos7:1.6.1-v2
21c954ad4fb902076832cc9a52dd1502aca43d9bcd2b46a2f164382e4ac7b3f6
[root@ubuntu1804 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
21c954ad4fb9 centos7-nginx:1.6.1-v2 "nginx -g 'daemon of…" 6 seconds
ago Up 4 seconds 0.0.0.0:80->80/tcp, 443/tcp inspiring_goldwasser
[root@ubuntu1804 ~]#curl 127.0.0.1
Test Page v2 in Docker
[root@ubuntu1804 ~]#docker exec -it 21c954ad4fb9 bash
[root@21c954ad4fb9 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.5 0.2 20572 2372 ? Ss 03:30 0:00 nginx: master
process nginx -g daemon off;
nginx 6 0.0 0.2 21024 2316 ? S 03:30 0:00 nginx: worker
process
root 7 11.5 0.2 11840 2880 pts/0 Ss 03:31 0:00 bash
root 20 0.0 0.3 51764 3376 pts/0 R+ 03:31 0:00 ps aux
[root@21c954ad4fb9 /]# exit
exit
[root@ubuntu1804 ~]#ubuntu制作镜像
#@纯ubuntu制作nginx镜像
[root@ubuntu1804 ~]#mkdir /data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 1.16.1]#vim nginx.conf
user nginx;
worker_processes 1;
#daemon off;
[root@ubuntu1804 1.16.1]#wget http://nginx.org/download/nginx-1.16.1.tar.gz
#编写Dockerfile文件
[root@ubuntu1804 1.16.1]#pwd
/data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 1.16.1]#vim Dockerfile
[root@ubuntu1804 1.16.1]#cat Dockerfile
#Nginx Dockerfile
FROM centos:centos7.7.1908
MAINTAINER wangxiaochun <root@wangxiaochun.com>
RUN yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl
openssl-devel \
&& useradd -r -s /sbin/nologin nginx \
&& yum clean all
ADD nginx-1.16.1.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.16.1 \
&& ./configure --prefix=/apps/nginx \
&& make \
&& make install \
&& rm -rf /usr/local/src/nginx*
ADD nginx.conf /apps/nginx/conf/nginx.conf
COPY index.html /apps/nginx/html/
RUN ln -s /apps/nginx/sbin/nginx /usr/sbin/nginx
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]
# 生成nginx镜像
[root@ubuntu1804 ~]#cd /data/dockerfile/web/nginx/1.16.1
[root@ubuntu1804 1.16.1]#vim build.sh
[root@ubuntu1804 1.16.1]#cat build.sh
#!/bin/bash
#
docker build -t nginx-centos7:1.6.1-v2 .
[root@ubuntu1804 1.16.1]#chmod +x build.sh
[root@ubuntu1804 1.16.1]#ls
build.sh Dockerfile index.html nginx-1.16.1.tar.gz nginx.conf
[root@ubuntu1804 1.16.1]#./build.sh
[root@ubuntu1804 1.16.1]#docker images
REPOSITORY TAG IMAGE ID CREATED
SIZE
nginx-centos7 1.6.1-v2 1918d29d5f45 17 minutes ago
328MB
nginx-centos7 1.6.1 8c16774437a5 13 hours ago
412MB
centos7-base v1 1ba1317e06dc 15 hours ago
402MB
centos centos7.7.1908 08d05d1d5859 2 months ago
204MB
# 生成容器测试镜像
[root@ubuntu1804 ~]#docker run -d -p 80:80 nginx-centos7:1.6.1-v2
21c954ad4fb902076832cc9a52dd1502aca43d9bcd2b46a2f164382e4ac7b3f6
[root@ubuntu1804 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
21c954ad4fb9 centos7-nginx:1.6.1-v2 "nginx -g 'daemon of…" 6 seconds
ago Up 4 seconds 0.0.0.0:80->80/tcp, 443/tcp inspiring_goldwasser
[root@ubuntu1804 ~]#curl 127.0.0.1
Test Page v2 in Docker
[root@ubuntu1804 ~]#docker exec -it 21c954ad4fb9 bash
[root@21c954ad4fb9 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.5 0.2 20572 2372 ? Ss 03:30 0:00 nginx: master
process nginx -g daemon off;
nginx 6 0.0 0.2 21024 2316 ? S 03:30 0:00 nginx: worker
process
root 7 11.5 0.2 11840 2880 pts/0 Ss 03:31 0:00 bash
root 20 0.0 0.3 51764 3376 pts/0 R+ 03:31 0:00 ps aux
[root@21c954ad4fb9 /]# exit
exit
[root@ubuntu1804 ~]#
魔乐社区(Modelers.cn) 是一个中立、公益的人工智能社区,提供人工智能工具、模型、数据的托管、展示与应用协同服务,为人工智能开发及爱好者搭建开放的学习交流平台。社区通过理事会方式运作,由全产业链共同建设、共同运营、共同享有,推动国产AI生态繁荣发展。
更多推荐
21
0- 0
已为社区贡献1条内容
所有评论(0)