JumpServer堡垒机部署与运用之二：安装部署_要求使用镜像 mysql、redis、core、koko、 guacamole 和 nginx 完成

架构图

组件介绍

• JumpServer => 现指 Jumpserver 管理后台，是核心组件（Core）, 使用 Django Class Based View 风格开发，支持 Restful API。
• koko => 实现了 SSH Server 和 Web Terminal Server 的组件，提供 SSH 和 WebSocket 接口, 使用 Paramiko 和 Flask 开发。
• Luna => 现在是 Web Terminal 前端，计划前端页面都由该项目提供，Jumpserver 只提供 API，不再负责后台渲染html等。
• Guacamole => Apache 跳板机项目，Jumpserver 使用其组件实现 RDP 功能，Jumpserver 并没有修改其代码而是添加了额外的插件，支持 Jumpserver 调用。

组件部署

1. 环境要求

硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘（最低）
操作系统: Linux 发行版 x86_64
其他配置: 关闭SELinux 与 防火墙 (生产环境需要谨慎开启)

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

systemctl status firewalld.service
systemctl start firewalld.service
systemctl stop firewalld.service
systemctl disable firewalld.service 
1
2
3
4
5
6
7

2. 系统环境更新

yum -y update
1

3. 环境依赖包

yum -y install wget gcc epel-release git gcc krb5-devel libtiff-devel libjpeg-devel libzip-devel freetype-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mariadb-devel libffi-devel openssh-clients telnet openldap-clients docker
1

4. 安装Python、Mysql、Redis、Nginx组件

yum -y install python3.6 python36-devel mariadb mariadb-server.x86_64 redis nginx
1

5. Redis设置

systemctl enable redis
systemctl start redis
1
2

6. Mysql设置

systemctl enable mariadb
systemctl start mariadb

DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
mysql -uroot -e "create database jumpserver default charset 'utf8' collate 'utf8_bin'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
1
2
3
4
5
6

默认root密码是空，如下是密码修改方法：
mysqladmin -u root -p password ericzhong

7. Python虚拟环境配置

cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
1
2
3

每次操作 jumpserver 都需要先载入 py3 虚拟环境

8. JumpServer部署

• 下载程序与部署

cd /opt && \
wget -O jumpserver.tar.gz https://github.com/jumpserver/jumpserver/archive/2.0.1.tar.gz
tar xf jumpserver.tar.gz
ln -s /opt/jumpserver-2.0.1 /opt/jumpserver
1
2
3
4

• 安装编译环境依赖

yum install -y $(cat rpm_requirements.txt)
pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
1
2
3
4

• 配置修改

cd /opt/jumpserver/
cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
1
2
3
4
5
6
7
8
9
10
11
12
13
14

• 启动程序

cd /opt/jumpserver/
./jms start -d
1
2

日志输出：

(py3) [root@jumpserver01 jumpserver]# ./jms start -d
2020-06-23 14:13:41 Tue Jun 23 14:13:41 2020
2020-06-23 14:13:41 Jumpserver version 2.0.0, more see https://www.jumpserver.org

- Start Gunicorn WSGI HTTP Server
2020-06-23 14:13:41 Check database connection ...
users
 [ ] 0001_initial
 [ ] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
 [ ] 0020_auto_20190612_1825
 [ ] 0021_auto_20190625_1104
 [ ] 0022_auto_20190625_1105
 [ ] 0023_auto_20190724_1525
 [ ] 0024_auto_20191118_1612
 [ ] 0025_auto_20200206_1216
 [ ] 0026_auto_20200508_2105
 [ ] 0027_auto_20200616_1503
2020-06-23 14:13:48 Database connect success
2020-06-23 14:13:48 Check database structure change ...
2020-06-23 14:13:48 Migrate model change to database ...
Operations to perform:
  Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
  Applying contenttypes.0001_initial... OK
  Applying contenttypes.0002_remove_content_type_name... OK
  Applying auth.0001_initial... OK
  Applying auth.0002_alter_permission_name_max_length... OK
  Applying auth.0003_alter_user_email_max_length... OK
  Applying auth.0004_alter_user_username_opts... OK
  Applying auth.0005_alter_user_last_login_null... OK
  Applying auth.0006_require_contenttypes_0002... OK
  Applying auth.0007_alter_validators_add_error_messages... OK
  Applying auth.0008_alter_user_username_max_length... OK
  Applying users.0001_initial... OK
  Applying admin.0001_initial... OK
  Applying admin.0002_logentry_remove_auto_add... OK
  Applying admin.0003_logentry_add_action_flag_choices... OK
  Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
  Applying assets.0001_initial... OK
  Applying perms.0001_initial... OK
  Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
  Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
  Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
  Applying perms.0003_action... OK
  Applying perms.0004_assetpermission_actions... OK
  Applying assets.0020_auto_20180816_1652... OK
  Applying assets.0021_auto_20180903_1132... OK
  Applying assets.0022_auto_20181012_1717... OK
  Applying assets.0023_auto_20181016_1650... OK
  Applying assets.0024_auto_20181219_1614... OK
  Applying assets.0025_auto_20190221_1902... OK
  Applying assets.0026_auto_20190325_2035... OK
  Applying applications.0001_initial... OK
  Applying perms.0005_auto_20190521_1619... OK
  Applying perms.0006_auto_20190628_1921... OK
  Applying perms.0007_remove_assetpermission_actions... OK
  Applying perms.0008_auto_20190911_1907... OK
  Applying assets.0027_auto_20190521_1703... OK
  Applying assets.0028_protocol... OK
  Applying assets.0029_auto_20190522_1114... OK
  Applying assets.0030_auto_20190619_1135... OK
  Applying assets.0031_auto_20190621_1332... OK
  Applying assets.0032_auto_20190624_2108... OK
  Applying assets.0033_auto_20190624_2108... OK
  Applying assets.0034_auto_20190705_1348... OK
  Applying assets.0035_auto_20190711_2018... OK
  Applying assets.0036_auto_20190716_1535... OK
  Applying assets.0037_auto_20190724_2002... OK
  Applying assets.0038_auto_20190911_1634... OK
  Applying perms.0009_remoteapppermission_system_users... OK
  Applying applications.0002_remove_remoteapp_system_user... OK
  Applying applications.0003_auto_20191210_1659... OK
  Applying applications.0004_auto_20191218_1705... OK
  Applying assets.0039_authbook_is_active... OK
  Applying assets.0040_auto_20190917_2056... OK
  Applying assets.0041_gathereduser... OK
  Applying assets.0042_favoriteasset... OK
  Applying assets.0043_auto_20191114_1111... OK
  Applying assets.0044_platform... OK
  Applying assets.0045_auto_20191206_1607... OK
  Applying assets.0046_auto_20191218_1705... OK
  Applying assets.0047_assetuser... OK
  Applying assets.0048_auto_20191230_1512... OK
  Applying assets.0049_systemuser_sftp_root... OK
  Applying audits.0001_initial... OK
  Applying audits.0002_ftplog_org_id... OK
  Applying audits.0003_auto_20180816_1652... OK
  Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
  Applying audits.0005_auto_20190228_1715... OK
  Applying audits.0006_auto_20190726_1753... OK
  Applying audits.0007_auto_20191202_1010... OK
  Applying audits.0008_auto_20200508_2105... OK
  Applying auth.0009_alter_user_last_name_max_length... OK
  Applying auth.0010_alter_group_name_max_length... OK
  Applying auth.0011_update_proxy_permissions... OK
  Applying authentication.0001_initial... OK
  Applying authentication.0002_auto_20190729_1423... OK
  Applying authentication.0003_loginconfirmsetting... OK
  Applying captcha.0001_initial... OK
  Applying common.0001_initial... OK
  Applying common.0002_auto_20180111_1407... OK
  Applying common.0003_setting_category... OK
  Applying common.0004_setting_encrypted... OK
  Applying common.0005_auto_20190221_1902... OK
  Applying common.0006_auto_20190304_1515... OK
  Applying django_cas_ng.0001_initial... OK
  Applying django_celery_beat.0001_initial... OK
  Applying django_celery_beat.0002_auto_20161118_0346... OK
  Applying django_celery_beat.0003_auto_20161209_0049... OK
  Applying django_celery_beat.0004_auto_20170221_0000... OK
  Applying django_celery_beat.0005_add_solarschedule_events_choices_squashed_0009_merge_20181012_1416... OK
  Applying django_celery_beat.0006_periodictask_priority... OK
  Applying jms_oidc_rp.0001_initial... OK
  Applying ops.0001_initial... OK
  Applying ops.0002_celerytask... OK
  Applying ops.0003_auto_20181207_1744... OK
  Applying ops.0004_adhoc_run_as... OK
  Applying ops.0005_auto_20181219_1807... OK
  Applying ops.0006_auto_20190318_1023... OK
  Applying ops.0007_auto_20190724_2002... OK
  Applying ops.0008_auto_20190919_2100... OK
  Applying ops.0009_auto_20191217_1713... OK
  Applying ops.0010_auto_20191217_1758... OK
  Applying ops.0011_auto_20200106_1534... OK
  Applying ops.0012_auto_20200108_1659... OK
  Applying ops.0013_auto_20200108_1706... OK
  Applying ops.0014_auto_20200108_1749... OK
  Applying ops.0015_auto_20200108_1809... OK
  Applying ops.0016_commandexecution_org_id... OK
  Applying ops.0017_auto_20200306_1747... OK
  Applying ops.0018_auto_20200509_1434... OK
  Applying orgs.0001_initial... OK
  Applying orgs.0002_auto_20180903_1132... OK
  Applying orgs.0003_auto_20190916_1057... OK
  Applying users.0020_auto_20190612_1825... OK
  Applying users.0021_auto_20190625_1104... OK
  Applying users.0022_auto_20190625_1105... OK
  Applying users.0023_auto_20190724_1525... OK
  Applying users.0024_auto_20191118_1612... OK
  Applying perms.0010_auto_20191218_1705... OK
  Applying sessions.0001_initial... OK
  Applying settings.0001_initial... OK
  Applying terminal.0001_initial... OK
  Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
  Applying terminal.0010_auto_20180423_1140... OK
  Applying terminal.0011_auto_20180807_1116... OK
  Applying terminal.0012_auto_20180816_1652... OK
  Applying terminal.0013_auto_20181123_1113... OK
  Applying terminal.0014_auto_20181226_1441... OK
  Applying terminal.0015_auto_20190923_1529... OK
  Applying terminal.0016_commandstorage_replaystorage... OK
  Applying terminal.0017_auto_20191125_0931... OK
  Applying terminal.0018_auto_20191202_1010... OK
  Applying terminal.0019_auto_20191206_1000... OK
  Applying terminal.0020_auto_20191218_1721... OK
  Applying terminal.0021_auto_20200213_1316... OK
  Applying terminal.0022_session_is_success... OK
  Applying terminal.0023_command_risk_level... OK
  Applying tickets.0001_initial... OK
  Applying users.0025_auto_20200206_1216... OK
  Applying users.0026_auto_20200508_2105... OK
  Applying users.0027_auto_20200616_1503... OK
2020-06-23 14:14:12 Collect static files
2020-06-23 14:14:18 Collect static files done

- Start Celery as Distributed Task Queue: Ansible

- Start Celery as Distributed Task Queue: Celery

- Start Beat as Periodic Task Scheduler

- Start Flower as Task Monitor

- Start Daphne ASGI WS Server
gunicorn is running: 3881
celery_ansible is running: 3892
celery_default is running: 3896
beat is running: 3900
flower is running: 3904
daphne is running: 3908
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

• Jumpserver自动启动设置

echo 'source /opt/py3/bin/activate && /opt/jumpserver/jms start -d' >> /etc/rc.local \
  && chmod +x /etc/rc.d/rc.local
1
2

9. Docker部署KOKO组件

systemctl enable docker
systemctl daemon-reload
systemctl restart docker.service
cd /opt
Server_IP=`ip addr | grep 'state UP' -A2 | grep inet \
  | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" \
  | head -n 1 | cut -d / -f1` \
  && echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m" \
  && echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
docker run --name jms_koko -d \
  -p 2222:2222 -p 127.0.0.1:5000:5000 \
  -e CORE_HOST=http://$Server_IP:8080 \
  -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
  -e LOG_LEVEL=ERROR \
  --restart=always \
  jumpserver/jms_koko:2.0.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

10. Docker部署Guacamole组件

cd /opt
docker run --name jms_guacamole -d \
  -p 127.0.0.1:8081:8080 \
  -e JUMPSERVER_SERVER=http://$Server_IP \
  -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
  -e GUACAMOLE_LOG_LEVEL=ERROR \
  jumpserver/jms_guacamole:2.0.1
1
2
3
4
5
6
7

• 检查Docker状态

docker ps -a
CONTAINER ID        IMAGE                            COMMAND             CREATED              STATUS              PORTS                                              NAMES
36a58481a02e        jumpserver/jms_guacamole:2.0.1   "./entrypoint.sh"   About a minute ago   Up About a minute   127.0.0.1:8081->8080/tcp                           jms_guacamole
7a77d4c2aea4        jumpserver/jms_koko:2.0.1        "./entrypoint.sh"   9 minutes ago        Up 9 minutes        0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp   jms_koko


docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
docker.io/jumpserver/jms_koko        2.0.1               141f4ce1e18c        4 hours ago         356 MB
docker.io/jumpserver/jms_guacamole   2.0.1               b1eecc36e7a2        4 hours ago         659 MB
1
2
3
4
5
6
7
8
9
10

11. Lina组件部署

cd /opt
wget http://demo.jumpserver.org/download/lina/2.0.1/lina.tar.gz
tar -xf lina.tar.gz
chown -R nginx:nginx lina
1
2
3
4

12. Luna组件部署

cd /opt
wget http://demo.jumpserver.org/download/luna/2.0.1/luna.tar.gz
tar -xf luna.tar.gz
chown -R nginx:nginx luna
1
2
3
4

13. Nginx 整合各组件配置

# nginx默认配置
cat > /usr/local/nginx/nginx.conf << EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
 
include /usr/share/nginx/modules/*.conf;
 
events {
    worker_connections 1024;
}
 
http {
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';
 
    access_log  /var/log/nginx/access.log  main;
 
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
 
    include             /usr/local/nginx/mime.types;
    default_type        application/octet-stream;
 
    include /usr/local/nginx/conf.d/*.conf;
}
 
EOF

# 清空默认虚拟主机配置
echo > /etc/nginx/conf.d/default.conf

# jumpserver虚拟主机配置
vi /etc/nginx/conf.d/jumpserver.conf

server {
    listen 80;

    client_max_body_size 500m;  # 录像及文件上传大小限制

    location /ui/ {
        try_files $uri / /index.html;
        alias /opt/lina/;
    }

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
        proxy_pass       http://localhost:5000;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /core/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        rewrite ^/(.*)$ /ui/$1 last;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

• 服务启动

systemctl enable nginx
systemctl start nginx
systemctl status nginx
nginx -t
nginx -s reload
1
2
3
4
5

14. Jumpserver登录验证

默认账号与密码：admin

安全建议

1. JumpServer前端放置防火墙禁止不必要的端口访问，外部访问只需要开放80和2222端口，如果配置SSL需要额外开放443端口。
2. JumpServer 所在服务器操作系统应该升级到最新。
3. JumpServer 依赖的软件禁止弱密码、默认密码，定期更新软件到最新版本。
4. 推荐开启 MFA 功能，避免因密码泄露导致的安全问题

其他补充

1. Docker 解决"net/http: TLS handshake timeout"
   此问题是由于一些不可描述的网络问题引起，可以通过如下方法解决。

vi /etc/docker/daemon.json
{ "registry-mirrors": ["https://registry.docker-cn.com","https://pee6w651.mirror.aliyuncs.com"] }

service docker restart
1
2
3
4

2. IPv6功能服务禁用

# 内核参数禁用
echo "net.ipv4.ip_forward=1" >> /etc/sysconfig/network
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysconfig/network
echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network
sysctl -p

# 启动参数禁用
vi /etc/default/grub
GRUB_CMDLINE_LINUX="ipv6.disable=1 ..."
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
1
2
3
4
5
6
7
8
9
10
11

3. koko组件出现异常无法正常运用

• koko组件日志查询：

docker logs -f jms_koko
1

• koko组件重建方法
  鉴于koko组件是采用Docker方式部署，那么没有重建解决不了的事情。如果有那么就是Nginx配置不正确的，请检查Nginx配置。

cd /opt
docker stop jms_koko
docker rm jms_koko
Server_IP=`ip addr | grep 'state UP' -A2 | grep inet \
  | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" \
  | head -n 1 | cut -d / -f1` \
  && echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m" \
  && echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
docker run --name jms_koko -d \
  -p 2222:2222 -p 127.0.0.1:5000:5000 \
  -e CORE_HOST=http://$Server_IP:8080 \
  -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
  -e LOG_LEVEL=ERROR \
  --restart=always \
  jumpserver/jms_koko:2.0.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15