diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 81a28c8..28c65d4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -7,47 +7,6 @@ on:
- v4.*
jobs:
- build:
- runs-on: ubuntu-latest
- strategy:
- matrix:
- component: [core, koko, lion, chen, web]
- steps:
- - uses: actions/checkout@v4
- - uses: docker/setup-qemu-action@v3
- - uses: docker/setup-buildx-action@v3
- - name: Get Version
- run: |
- echo "version=$(basename ${GITHUB_REF})" >> $GITHUB_ENV
-
- - name: Login to Docker Hub
- uses: docker/login-action@v3
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
- - name: Login to GitHub Container Registry
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.repository_owner }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Build and Push Image
- uses: docker/build-push-action@v5
- with:
- context: .
- file: ${{ matrix.component }}/Dockerfile
- platforms: linux/amd64,linux/arm64
- push: true
- tags: |
- ${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }}
- ${{ github.repository_owner }}/jms_${{ matrix.component }}:latest
- ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }}
- ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:latest
- cache-from: type=gha
- cache-to: type=gha,mode=max
-
allinone:
needs: build
runs-on: ubuntu-latest
diff --git a/README.md b/README.md
index 36ddb16..b3238ac 100644
--- a/README.md
+++ b/README.md
@@ -12,227 +12,40 @@
--------------------------
-## 环境要求
-- MariaDB Server >= 10.6
-- Redis Server >= 6.0
-## 快速部署
-```sh
-# 测试环境可以使用,生产环境推荐外置数据
-git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
-cd Dockerfile
-cp config_example.conf .env
-docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up
-docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d
-
-docker rm jms_init_db
-```
-
-## 标准部署
-
-> 请先自行创建 数据库 和 Redis, 版本要求参考上面环境要求说明
-
-```sh
-# 自行部署 MySQL 可以参考 (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#mysql)
-# mysql 创建用户并赋予权限, 请自行替换 nu4x599Wq7u0Bn8EABh3J91G 为自己的密码
-mysql -u root -p
-```
-
-```mysql
-create database jumpserver default charset 'utf8';
-create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G';
-grant all on jumpserver.* to 'jumpserver'@'%';
-flush privileges;
-```
+## all-in-one 快速部署
+测试环境可以使用,生产环境推荐使用 标准部署
```sh
-# 自行部署 Redis 可以参考 (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#redis)
+docker volume create jsdata &> /dev/null
+docker volume create pgdata &> /dev/null
+docker run --name jms_all \
+ -e SECRET_KEY=PleaseChangeMe \
+ -e BOOTSTRAP_TOKEN=PleaseChangeMe \
+ -v jsdata:/opt/data \
+ -v pgdata:/var/lib/postgresql \
+ -p 2222:2222 \
+ -p 80:80 jumpserver/jms_all
```
-```sh
-git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
-cd Dockerfile
-cp config_example.conf .env
-vi .env
+**初始账号**
+```bash
+默认账号: admin
+默认密码: ChangeMe
```
-```vim
-# 版本号可以自己根据项目的版本修改
-VERSION=v4.1.0
-
-# 构建参数, 支持 amd64, arm64, ppc64le, s390x
-TARGETARCH=amd64
-# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay
-COMPOSE_PROJECT_NAME=jms
-# COMPOSE_HTTP_TIMEOUT=3600
-# DOCKER_CLIENT_TIMEOUT=3600
-DOCKER_SUBNET=192.168.250.0/24
-NETWORK_DRIVER=overlay
+更多详见 allinone [README](allinone)
-# 持久化存储
-VOLUME_DIR=/opt/jumpserver
-# 时区
-TZ=Asia/Shanghai
-
-# MySQL
-DB_HOST=mysql
-DB_PORT=3306
-DB_USER=root
-DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
-DB_NAME=jumpserver
-
-# Redis
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
-
-# Core
-SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
-BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
-LOG_LEVEL=ERROR
-DOMAINS=
-
-# 组件通信
-CORE_HOST=http://core:8080
+## 标准部署
-# Lion
-GUACD_LOG_LEVEL=error
-GUA_HOST=guacd
-GUA_PORT=4822
+请使用 jumpserver installer 部署
-# Web
-HTTP_PORT=80
-SSH_PORT=2222
+https://docs.jumpserver.org/zh/v3/quick_start/
-##
-# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
-# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ...
-```
-```sh
-docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up
-docker compose -f docker-compose-network.yml -f docker-compose.yml up -d
-
-docker rm jms_init_db
-```
## 集群部署
-- Docker Swarm 集群环境
-- 自行创建 MySQL 和 Redis, 参考上面环境要求说明
-- 自行创建持久化共享存储目录 ( 例如 NFS, GlusterFS, Ceph 等 )
-
-```sh
-# 在所有 Docker Swarm Worker 节点挂载 NFS 或者其他共享存储, 例如 /data/jumpserver
-# 注意: 需要手动创建所有需要挂载的持久化目录, Docker Swarm 模式不会自动创建所需的目录
-mkdir -p /data/jumpserver/core/data
-mkdir -p /data/jumpserver/chen/data
-mkdir -p /data/jumpserver/lion/data
-mkdir -p /data/jumpserver/koko/data
-mkdir -p /data/jumpserver/lion/data
-mkdir -p /data/jumpserver/web/data/logs
-mkdir -p /data/jumpserver/web/download
-```
-```sh
-git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
-cd Dockerfile
-cp config_example.conf .env
-vi .env
-```
-```vim
-# 版本号可以自己根据项目的版本修改
-VERSION=v4.1.0
-
-# 构建参数, 支持 amd64, arm64, ppc64le, s390x
-TARGETARCH=amd64
-
-# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay
-COMPOSE_PROJECT_NAME=jms
-# COMPOSE_HTTP_TIMEOUT=3600
-# DOCKER_CLIENT_TIMEOUT=3600
-DOCKER_SUBNET=192.168.250.0/24
-NETWORK_DRIVER=overlay
-
-# 持久化存储
-VOLUME_DIR=/opt/jumpserver
-
-# 时区
-TZ=Asia/Shanghai
-
-# MySQL
-DB_HOST=mysql
-DB_PORT=3306
-DB_USER=root
-DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
-DB_NAME=jumpserver
-
-# Redis
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
-
-# Core
-SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
-BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
-LOG_LEVEL=ERROR
-DOMAINS=
-
-# 组件通信
-CORE_HOST=http://core:8080
-
-# Lion
-GUACD_LOG_LEVEL=error
-GUA_HOST=guacd
-GUA_PORT=4822
-
-# Web
-HTTP_PORT=80
-SSH_PORT=2222
-
-##
-# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
-# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ...
-```
-```sh
-# 生成 docker stack 部署所需文件
-docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml
-docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml
-```
-```sh
-# 初始化数据库
-docker stack deploy -c docker-stack-init-db.yml jumpserver
-docker service ls
-docker service ps jumpserver_init_db
-
-# 根据查到的 Worker 节点, 到对应节点查看初始化日志
-```
-```sh
-# 启动 JumpServer 应用
-docker stack deploy -c docker-stack.yml jumpserver
-docker service ls
-```
-```sh
-# 扩容缩容
-docker service update --replicas=2 jumpserver_koko # 扩容 koko 到 2 个副本
-docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副本
-# ...
-```
-
-## Build
-```sh
-# 如果希望手动构建镜像, 可以使用下面的命令
-cd Dockerfile
-cp config_example.conf .env
-vi .env
-```
-```vim
-# 构建参数, 支持 amd64/arm64
-TARGETARCH=amd64
-```
-```bash
-docker compose -f docker-compose-build.yml up
-```
+JumpServer 支持 swarm 方式部署,但目前不太推荐用于生产环境,除非你对此熟悉 .
-## 初始账号
-- 默认账号: `admin`
-- 默认密码: `ChangeMe`
\ No newline at end of file
+详见 swarm [README](swarm)
diff --git a/README_EN.md b/README_EN.md
index bac9b07..e634cef 100644
--- a/README_EN.md
+++ b/README_EN.md
@@ -1,7 +1,8 @@
+
-A better bastion host for multi-cloud environments
+A Better Bastion Host for Multi-Cloud Environments
@@ -12,219 +13,31 @@
--------------------------
-## Environment Requirements
-- MariaDB Server >= 10.6
-- Redis Server >= 6.0
-
-## Quick Deployment
-```sh
-# Suitable for testing environment, for production environment, it is recommended to use external data
-git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
-cd Dockerfile
-cp config_example.conf .env
-docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up
-docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d
-
-docker rm jms_init_db
-```
-
-## Standard Deployment
-
-> Please create the database and Redis yourself first, the version requirements refer to the above environment requirements
+## all-in-one Quick Deployment
+This can be used for testing environments. For production environments, it is recommended to use the standard deployment.
```sh
-# For deploying MySQL yourself, you can refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#mysql)
-# Create a MySQL user and grant permissions, please replace nu4x599Wq7u0Bn8EABh3J91G with your own password
-mysql -u root -p
+docker volume create jsdata &> /dev/null
+docker volume create pgdata &> /dev/null
+docker run --name jms_all \
+ -e SECRET_KEY=PleaseChangeMe \
+ -e BOOTSTRAP_TOKEN=PleaseChangeMe \
+ -v jsdata:/opt/data \
+ -v pgdata:/var/lib/postgresql \
+ -p 2222:2222 \
+ -p 80:80 jumpserver/jms_all
```
-```mysql
-create database jumpserver default charset 'utf8';
-create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G';
-grant all on jumpserver.* to 'jumpserver'@'%';
-flush privileges;
-```
-
-```sh
-# For deploying Redis yourself, you can refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#redis).
-```
-
-```sh
-git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
-cd Dockerfile
-cp config_example.conf .env
-vi .env
-```
-```vim
-# You can modify the version number according to the project version
-VERSION=v4.1.0
+For more details, see the all-in-one [README](allinone).
-# Build parameters, support amd64, arm64, ppc64le, s390x
-TARGETARCH=amd64
-
-# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay
-COMPOSE_PROJECT_NAME=jms
-# COMPOSE_HTTP_TIMEOUT=3600
-# DOCKER_CLIENT_TIMEOUT=3600
-DOCKER_SUBNET=192.168.250.0/24
-NETWORK_DRIVER=bridge
-
-# Persistent storage
-VOLUME_DIR=/opt/jumpserver
-
-# Time zone
-TZ=Asia/Shanghai
-
-# MySQL
-DB_HOST=mysql
-DB_PORT=3306
-DB_USER=root
-DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
-DB_NAME=jumpserver
-
-# Redis
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
-
-# Core
-SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
-BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
-LOG_LEVEL=ERROR
-DOMAINS=
-
-CORE_HOST=http://core:8080
-
-# Lion
-GUACD_LOG_LEVEL=error
-GUA_HOST=guacd
-GUA_PORT=4822
+## Standard Deployment
-# Web
-HTTP_PORT=80
-SSH_PORT=2222
+Please use the JumpServer installer for deployment.
-##
-# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted.
-# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ...
-```
-```sh
-docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up
-docker compose -f docker-compose-network.yml -f docker-compose.yml up -d
-
-docker rm jms_init_db
-```
+https://docs.jumpserver.org/zh/v3/quick_start/
## Cluster Deployment
-- Docker Swarm cluster environment
-- Create MySQL and Redis yourself, refer to the above environment requirements
-- Create a persistent shared storage directory yourself (such as NFS, GlusterFS, Ceph, etc.)
-
-```sh
-# Mount NFS or other shared storage on all Docker Swarm Worker nodes, such as /data/jumpserver
-# Note: You need to manually create all the persistent directories that need to be mounted, Docker Swarm mode will not automatically create the required directories
-mkdir -p /data/jumpserver/core/data
-mkdir -p /data/jumpserver/chen/data
-mkdir -p /data/jumpserver/lion/data
-mkdir -p /data/jumpserver/koko/data
-mkdir -p /data/jumpserver/lion/data
-mkdir -p /data/jumpserver/web/data/logs
-mkdir -p /data/jumpserver/web/download
-```
-```sh
-git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
-cd Dockerfile
-cp config_example.conf .env
-vi .env
-```
-```vim
-# The version number can be modified according to the version of the project
-VERSION=v4.1.0
-
-# Build parameters, support amd64, arm64, ppc64le, s390x
-TARGETARCH=amd64
-
-# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay
-COMPOSE_PROJECT_NAME=jms
-# COMPOSE_HTTP_TIMEOUT=3600
-# DOCKER_CLIENT_TIMEOUT=3600
-DOCKER_SUBNET=192.168.250.0/24
-NETWORK_DRIVER=overlay
-
-# Persistent storage
-VOLUME_DIR=/opt/jumpserver
-
-# Time zone
-TZ=Asia/Shanghai
-
-# MySQL
-DB_HOST=mysql
-DB_PORT=3306
-DB_USER=root
-DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
-DB_NAME=jumpserver
-
-# Redis
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
-
-# Core
-SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
-BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
-LOG_LEVEL=ERROR
-DOMAINS=
-
-CORE_HOST=http://core:8080
-
-# Lion
-GUACD_LOG_LEVEL=error
-GUA_HOST=guacd
-GUA_PORT=4822
-
-# Web
-HTTP_PORT=80
-SSH_PORT=2222
-
-##
-# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted.
-# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ...
-```
-```sh
-# Generate files required for docker stack deployment
-docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml
-docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml
-```
-```sh
-# Initialize the database
-docker stack deploy -c docker-stack-init-db.yml jumpserver
-docker service ls
-docker service ps jumpserver_init_db
-
-# According to the found Worker node, check the initialization log on the corresponding node
-```
-```sh
-# Start JumpServer application
-docker stack deploy -c docker-stack.yml jumpserver
-docker service ls
-```
-```sh
-# Scale up and down
-docker service update --replicas=2 jumpserver_koko # Scale up koko to 2 replicas
-docker service update --replicas=4 jumpserver_lion # Scale up lion to 2 replicas
-# ...
-```
-
-## Build
-```vim
-# Build parameters, support amd64/arm64
-TARGETARCH=amd64
-```
-```sh
-docker compose -f docker-compose-build.yml up
-```
+JumpServer supports deployment using Swarm, but it is not highly recommended for production environments unless you are familiar with it.
-## Initial Account
-- Default username: `admin`
-- Default password: `ChangeMe`
\ No newline at end of file
+For more details, see the Swarm [README](swarm).
diff --git a/allinone/Dockerfile b/allinone/Dockerfile
index 3c2389e..4f1c9b1 100644
--- a/allinone/Dockerfile
+++ b/allinone/Dockerfile
@@ -1,150 +1,67 @@
-FROM redis:7.0-bookworm AS redis
-FROM jumpserver/guacd:1.5.5-bookworm AS guacd
-FROM jumpserver/jms_core:v4.1.0
-ARG TARGETARCH
+ARG version=dev-ce
+FROM jumpserver/koko:${version} AS koko
+FROM jumpserver/lion:${version} AS lion
+FROM jumpserver/chen:${version} AS chen
+FROM jumpserver/web:${version} AS web
+
+FROM jumpserver/core:${version} AS core
ARG TOOLS=" \
bash-completion \
curl \
- default-mysql-client \
- nginx \
+ vim \
+ procps \
+ net-tools \
+ sudo \
logrotate \
- openjdk-17-jre-headless \
supervisor \
+ postgresql \
+ openjdk-17-jre-headless \
+ redis \
wget"
-RUN set -ex \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${TOOLS} \
- && mkdir -p /var/cache/nginx \
- && apt-get clean all \
- && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /opt
-
-ARG WISP_VERSION=v0.2.0
-RUN set -ex \
- && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \
- && chown root:root /usr/local/bin/wisp \
- && chmod 755 /usr/local/bin/wisp \
- && rm -f /opt/*.tar.gz
-
-ARG MONGOSH_VERSION=2.2.12
-RUN set -e \
- && \
- case "${TARGETARCH}" in \
- amd64) \
- wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
- && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
- && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \
- && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \
- && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \
- && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \
- ;; \
- arm64|ppc64le|s390x) \
- wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
- && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
- && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \
- && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \
- && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \
- && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \
- ;; \
- *) \
- echo "Unsupported architecture: ${TARGETARCH}" \
- ;; \
- esac
-
-ARG HELM_VERSION=v3.15.2
-ARG KUBECTL_VERSION=v1.30.2
-RUN set -ex \
- && wget -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \
- && wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz \
- && mkdir /opt/kubectl-aliases/ \
- && tar -xf kubectl_aliases.tar.gz -C /opt/kubectl-aliases/ \
- && chown -R root:root /opt/kubectl-aliases/ \
- && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt --strip-components=1 linux-${TARGETARCH}/helm \
- && mv helm /usr/local/bin/rawhelm \
- && chmod 755 /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \
- && chown root:root /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \
- && rm -f /opt/*.tar.gz
-
-ARG PREFIX_DIR=/opt/guacamole
-ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib
-ARG RUNTIME_DEPENDENCIES=" \
- fonts-dejavu \
- fonts-liberation \
- ghostscript \
- xfonts-terminus"
-
-COPY --from=guacd ${PREFIX_DIR} ${PREFIX_DIR}
-
-RUN set -ex \
- && apt-get update \
- && apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) \
- && apt-get clean all \
- && rm -rf /var/lib/apt/lists/*
+ARG APT_MIRROR=http://mirrors.aliyun.com
+RUN sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+ &&apt-get update \
+ && apt-get install -y --no-install-recommends ${TOOLS} \
+ && apt-get clean
+
+COPY --from=koko /opt /opt
+COPY --from=koko /usr /usr
+
+COPY --from=lion /opt /opt
+COPY --from=lion /usr /usr
+COPY --from=lion /lib /lib
+COPY --from=lion /lib32 /lib32
+COPY --from=lion /libx32 /libx32
+
+COPY --from=chen /opt /opt
+COPY --from=chen /usr /usr
+COPY --from=chen /etc/alternatives /etc/alternatives
+
+COPY --from=web /opt /opt
+COPY --from=web /usr /usr
+COPY --from=web /etc/nginx /etc/nginx
+COPY --from=web /docker-entrypoint.d /docker-entrypoint.d
+COPY --from=web /docker-entrypoint.sh /opt/web/entrypoint.sh
+RUN useradd nginx \
+ && mkdir -p /var/log/nginx \
+ && mkdir -p /var/cache/nginx
-COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli
-
-RUN set -ex \
- && mkdir -p /opt/lina \
- && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \
- && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \
- && chown -R root:root /opt/lina \
- && rm -f /opt/*.tar.gz
-
-RUN set -ex \
- && mkdir -p /opt/luna \
- && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \
- && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \
- && chown -R root:root /opt/luna \
- && rm -f /opt/*.tar.gz
-
-RUN set -ex \
- && mkdir -p /opt/koko \
- && wget https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf koko-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/ --strip-components=1 \
- && mv /opt/koko/kubectl /usr/local/bin/ \
- && mv /opt/koko/helm /usr/local/bin/ \
- && chmod 755 /usr/local/bin/helm /usr/local/bin/kubectl /opt/koko/init-kubectl.sh \
- && chown root:root /usr/local/bin/helm /usr/local/bin/kubectl \
- && rm -f /opt/*.tar.gz
-
-RUN set -ex \
- && mkdir -p /opt/lion \
- && wget https://github.com/jumpserver/lion/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \
- && chown -R root:root /opt/lion \
- && rm -f /opt/*.tar.gz
-
-RUN set -ex \
- && mkdir -p /opt/chen \
- && wget https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \
- && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \
- && chown -R root:root /opt/chen \
- && rm -f /opt/*.tar.gz
+COPY supervisord.conf /etc/supervisor/conf.d/
-RUN set -ex \
- && wget https://github.com/jumpserver/docker-web/raw/${VERSION}/prepare.sh \
- && wget https://github.com/jumpserver/docker-web/raw/${VERSION}/versions.txt \
- && chown root:root prepare.sh versions.txt \
- && chmod 755 /opt/prepare.sh
+FROM debian:bullseye-slim
-COPY readme.txt readme.txt
-COPY entrypoint.sh .
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY supervisord.conf /etc/supervisor/conf.d/
-RUN chmod +x ./entrypoint.sh
+COPY --from=core / /
-VOLUME /opt/jumpserver/data
-VOLUME /opt/koko/data
-VOLUME /opt/lion/data
-VOLUME /opt/chen/data
+VOLUME /opt/data
VOLUME /opt/download
VOLUME /var/log/nginx
EXPOSE 80 2222
+ENV LC_ALL=C.UTF-8
+WORKDIR /opt
+COPY entrypoint.sh .
+COPY service.sh .
ENTRYPOINT ["./entrypoint.sh"]
\ No newline at end of file
diff --git a/allinone/README.md b/allinone/README.md
index f89410d..287cc03 100644
--- a/allinone/README.md
+++ b/allinone/README.md
@@ -11,14 +11,22 @@ JumpServer all-in-one Dockerfile,该项目是 JumpServer all-in-one 部署方
**注意: all-in-one 部署方式不支持 Client 相关功能, 仅支持在 纯 B/S 架构 Web 端使用。**
```sh
-docker compose up -d
+docker volume create jsdata
+docker volume create pgdata
+docker run --name jms_all \
+ -e SECRET_KEY=PleaseChangeMe \
+ -e BOOTSTRAP_TOKEN=PleaseChangeMe \
+ -v jsdata:/opt/data \
+ -v pgdata:/var/lib/postgresql \
+ -p 2222:2222 \
+ -p 80:80 jumpserver/jms_all
```
-### Standard start
+### 外置数据库
使用外置 MySQL 数据库和 Redis:
- - 外置数据库要求 MariaDB 版本大于等于 10.6;
+ - 外置数据库要求 MariaDB 版本大于等于 10.6 或者 PosgresSQL 13;
- 外置 Redis 要求 Redis 版本大于等于 6.2。
```sh
@@ -66,16 +74,14 @@ flush privileges;
**启动 JumpServer**
```bash
+docker volume create jsdata
+
docker run --name jms_all -d \
- -v /opt/jumpserver/core/data:/opt/jumpserver/data \
- -v /opt/jumpserver/koko/data:/opt/koko/data \
- -v /opt/jumpserver/lion/data:/opt/lion/data \
-p 80:80 \
-p 2222:2222 \
- -p 30000-30100:30000-30100 \
-e SECRET_KEY=xxxxxx \
-e BOOTSTRAP_TOKEN=xxxxxx \
- -e LOG_LEVEL=ERROR \
+ -e LOG_LEVEL=INFO \
-e DB_HOST=192.168.x.x \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
@@ -85,12 +91,7 @@ docker run --name jms_all -d \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD=weakPassword \
--privileged=true \
- -v /opt/jumpserver/core/data:/opt/jumpserver/data \
- -v /opt/jumpserver/koko/data:/opt/koko/data \
- -v /opt/jumpserver/lion/data:/opt/lion/data \
- -v /opt/jumpserver/chen/data:/opt/chen/data \
- -v /opt/jumpserver/web/data/logs:/var/log/nginx \
- -v /opt/jumpserver/web/data/download:/opt/download \
+ -v jsdata:/opt/data \
jumpserver/jms_all:v4.1.0
```
@@ -112,30 +113,7 @@ docker pull jumpserver/jms_all:v4.1.0
# 删掉旧版本容器
docker rm jms_all
-# 启动新版本
-docker run --name jms_all -d \
- -p 80:80 \
- -p 2222:2222 \
- -p 30000-30100:30000-30100 \
- -e SECRET_KEY=****** \ # 自行修改成你的旧版本 SECRET_KEY, 丢失此 key 会导致数据无法解密
- -e BOOTSTRAP_TOKEN=****** \ # 自行修改成你的旧版本 BOOTSTRAP_TOKEN
- -e LOG_LEVEL=ERROR \
- -e DB_HOST=192.168.x.x \ # 自行修改成你的旧版本 MySQL 服务器, 设置不对数据丢失
- -e DB_PORT=3306 \
- -e DB_USER=jumpserver \
- -e DB_PASSWORD=****** \
- -e DB_NAME=jumpserver \
- -e REDIS_HOST=192.168.x.x \ # 自行修改成你的旧版本 Redis 服务器
- -e REDIS_PORT=6379 \
- -e REDIS_PASSWORD=****** \
- --privileged=true \
- -v /opt/jumpserver/core/data:/opt/jumpserver/data \
- -v /opt/jumpserver/koko/data:/opt/koko/data \
- -v /opt/jumpserver/lion/data:/opt/lion/data \
- -v /opt/jumpserver/chen/data:/opt/chen/data \
- -v /opt/jumpserver/web/data/logs:/var/log/nginx \
- -v /opt/jumpserver/web/data/download:/opt/download \
- jumpserver/jms_all:v4.1.0
+# 重新启动新版本
```
**初始账号**
diff --git a/allinone/README_EN.md b/allinone/README_EN.md
new file mode 100644
index 0000000..988c59c
--- /dev/null
+++ b/allinone/README_EN.md
@@ -0,0 +1,121 @@
+# Dockerfile
+
+This is the Dockerfile for JumpServer all-in-one deployment, a Docker image generation code for the JumpServer all-in-one deployment method.
+
+## How to start
+
+When migrating or upgrading the environment, please ensure that the SECRET_KEY is consistent with the previous settings and not randomly generated. Otherwise, all encrypted fields in the database cannot be decrypted.
+
+### Quick start
+
+**Note: The all-in-one deployment method does not support Client-related features. It only supports usage on a pure B/S architecture web interface.**
+
+```sh
+docker volume create jsdata &> /dev/null
+docker volume create pgdata &> /dev/null
+docker run --name jms_all \
+ -e SECRET_KEY=PleaseChangeMe \
+ -e BOOTSTRAP_TOKEN=PleaseChangeMe \
+ -v jsdata:/opt/data \
+ -v pgdata:/var/lib/postgresql \
+ -p 2222:2222 \
+ -p 80:80 jumpserver/jms_all
+```
+
+### Standard start
+
+Using an external MySQL database and Redis:
+
+ - The external database requires MariaDB version 10.6 or higher, or PostgresSQL 13;
+ - The external Redis requires Redis version 6.2 or higher.
+
+```sh
+# To deploy MySQL yourself, refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#mysql)
+# Create a MySQL user and grant privileges, please replace nu4x599Wq7u0Bn8EABh3J91G with your own password
+mysql -u root -p
+```
+
+```mysql
+create database jumpserver default charset 'utf8';
+create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G';
+grant all on jumpserver.* to 'jumpserver'@'%';
+flush privileges;
+```
+
+```sh
+# To deploy Redis yourself, refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#redis)
+```
+
+**设置环境变量:**
+
+ - SECRET_KEY = xxxxx # Generate a random string yourself, do not include special characters, length recommended to be at least 50
+ - BOOTSTRAP_TOKEN = xxxxx # Generate a random string yourself, do not include special characters, length recommended to be at least 24
+ - LOG_LEVEL = ERROR # Log level, set to DEBUG for testing environments
+ - DB_ENGINE = mysql # Use MySQL database
+ - DB_HOST = mysql_host # MySQL database IP address
+ - DB_PORT = 3306 # MySQL database port
+ - DB_USER = xxx # MySQL database username
+ - DB_PASSWORD = xxxx # MySQL database password
+ - DB_NAME = jumpserver # Database name used by JumpServer
+ - REDIS_HOST = redis_host # Use Redis for caching
+ - REDIS_PORT = 6379 # Redis server port
+ - REDIS_PASSWORD = xxxx # Redis authentication password
+ - VOLUME /opt/jumpserver/data # Core persistent directory, stores video logs
+ - VOLUME /opt/koko/data # Koko persistent directory
+ - VOLUME /opt/lion/data # Lion persistent directory
+ - VOLUME /opt/chen/data # Chen persistent directory
+ - VOLUME /var/log/nginx # Nginx log persistent directory
+ - VOLUME /opt/download # APPLETS file persistent directory (files required for application publishing)
+
+
+Note: Be sure to record the information you set above, as it will be needed again during upgrades
+
+**启动 JumpServer**
+```bash
+docker volume create jsdata
+
+docker run --name jms_all -d \
+ -p 80:80 \
+ -p 2222:2222 \
+ -e SECRET_KEY=xxxxxx \
+ -e BOOTSTRAP_TOKEN=xxxxxx \
+ -e LOG_LEVEL=INFO \
+ -e DB_HOST=192.168.x.x \
+ -e DB_PORT=3306 \
+ -e DB_USER=jumpserver \
+ -e DB_PASSWORD=weakPassword \
+ -e DB_NAME=jumpserver \
+ -e REDIS_HOST=192.168.x.x \
+ -e REDIS_PORT=6379 \
+ -e REDIS_PASSWORD=weakPassword \
+ --privileged=true \
+ -v jsdata:/opt/data \
+ jumpserver/jms_all:v4.1.0
+```
+
+**Upgrade**
+```bash
+# Check the defined JumpServer configurations
+docker exec -it jms_all env
+
+# Stop JumpServer
+docker stop jms_all
+
+# Backup the database, replace DB-xxx with the values retrieved from the docker exec -it jms_all env command
+mysqldump -h$DB_HOST -p$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /opt/jumpserver-.sql
+# Example: mysqldump -h192.168.100.11 -p3306 -ujumpserver -pnu4x599Wq7u0Bn8EABh3J91G jumpserver > /opt/jumpserver-v2.12.0.sql
+
+# Pull the new version of the image
+docker pull jumpserver/jms_all:v4.1.0
+
+# Remove the old version container
+docker rm jms_all
+
+# Restart with the new version
+```
+
+**Initial Account**
+```bash
+Default username: admin
+Default password: ChangeMe
+```
\ No newline at end of file
diff --git a/allinone/build.sh b/allinone/build.sh
new file mode 100644
index 0000000..022743c
--- /dev/null
+++ b/allinone/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+#
+
+version=dev
+
+docker build --build-arg version=${version}-ce -t jumpserver/jms_all:${version} .
\ No newline at end of file
diff --git a/allinone/demo_run.sh b/allinone/demo_run.sh
new file mode 100755
index 0000000..b485b94
--- /dev/null
+++ b/allinone/demo_run.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+#
+docker volume create jsdata &> /dev/null
+docker volume create pgdata &> /dev/null
+docker run --name jms_all \
+ -v jsdata:/opt/data \
+ -v pgdata:/var/lib/postgresql \
+ -p 8085:80 jumpserver/jms_all:dev
diff --git a/allinone/docker-compose.yml b/allinone/docker-compose.yml
deleted file mode 100644
index 897a35d..0000000
--- a/allinone/docker-compose.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-services:
- mysql:
- image: mariadb:10.6
- container_name: jms_mysql
- restart: always
- environment:
- TZ: ${TZ:-Asia/Shanghai}
- MARIADB_ROOT_PASSWORD: ${DB_PASSWORD:-Np2qgqtiUayA857GpuVI0Wtg}
- MARIADB_DATABASE: ${DB_NAME:-jumpserver}
- healthcheck:
- test: "mysql -h127.0.0.1 -uroot -p$$MARIADB_ROOT_PASSWORD -e 'SHOW DATABASES;'"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 30s
- volumes:
- - ${VOLUME_DIR:-./data}/mariadb/data:/var/lib/mysql
- networks:
- - net
-
- redis:
- image: redis:7.0
- container_name: jms_redis
- restart: always
- command: redis-server --requirepass ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt}
- environment:
- TZ: ${TZ:-Asia/Shanghai}
- REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt}
- healthcheck:
- test: "redis-cli -h 127.0.0.1 -a $$REDIS_PASSWORD info Replication"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 10s
- volumes:
- - ${VOLUME_DIR:-./data}/redis/data:/data
- networks:
- - net
-
- jumpserver:
- image: jumpserver/jms_all:${VERSION:-latest}
- build:
- context: .
- dockerfile: Dockerfile
- container_name: jms_all
- privileged: true
- restart: always
- environment:
- TIME_ZONE: ${TZ:-Asia/Shanghai}
- TZ: ${TZ:-Asia/Shanghai}
- SECRET_KEY: ${SECRET_KEY:-vYneAbsXUhe4BghEeedNL7nfWLwaTTmhnwQMvjYOIG25Ofzghk}
- BOOTSTRAP_TOKEN: ${BOOTSTRAP_TOKEN:-K1ffDfLSIK8SV2PZj6VaxOiv8KuawlJK}
- LOG_LEVEL: ${LOG_LEVEL:-ERROR}
- DB_HOST: ${DB_HOST:-mysql}
- DB_PORT: ${DB_PORT:-3306}
- DB_USER: ${DB_USER:-root}
- DB_PASSWORD: ${DB_PASSWORD:-Np2qgqtiUayA857GpuVI0Wtg}
- DB_NAME: ${DB_NAME:-jumpserver}
- REDIS_HOST: ${REDIS_HOST:-redis}
- REDIS_PORT: ${REDIS_PORT:-6379}
- REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt}
- DOMAINS: ${DOMAINS:-}
- ports:
- - ${HTTP_PORT:-80}:80/tcp
- - ${SSH_PORT:-2222}:2222/tcp
- depends_on:
- mysql:
- condition: service_healthy
- redis:
- condition: service_healthy
- healthcheck:
- test: "curl -fsL http://localhost/api/health/ > /dev/null"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 90s
- volumes:
- - ${VOLUME_DIR:-./data}/core/data:/opt/jumpserver/data
- - ${VOLUME_DIR:-./data}/koko/data:/opt/koko/data
- - ${VOLUME_DIR:-./data}/lion/data:/opt/lion/data
- - ${VOLUME_DIR:-./data}/chen/data:/opt/chen/data
- - ${VOLUME_DIR:-./data}/web/data/logs:/var/log/nginx
- - ${VOLUME_DIR:-./data}/web/data/download:/opt/download
- networks:
- - net
-
-networks:
- net:
diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh
index 156b7e5..db70c9f 100755
--- a/allinone/entrypoint.sh
+++ b/allinone/entrypoint.sh
@@ -1,70 +1,84 @@
#!/bin/bash
#
+
+cwd=$(dirname "$(realpath "$0")")
action="${1}"
if [[ "$action" == "bash" || "$action" == "sh" ]]; then
bash
exit 0
fi
-
echo
-if [ ! "${DB_HOST}" ] || [ ! "${DB_PORT}" ] || [ ! "${REDIS_HOST}" ] || [ ! "${REDIS_PORT}" ]; then
- echo -e "\033[31m Please set database environment \033[0m"
- exit 1
-fi
-
-until check tcp://${DB_HOST}:${DB_PORT}; do
- echo "wait for jms_mysql ${DB_HOST} ready"
- sleep 2s
-done
-
-until check tcp://${REDIS_HOST}:${REDIS_PORT}; do
- echo "wait for jms_redis ${REDIS_HOST} ready"
- sleep 2s
-done
+function prepare_core() {
+ SECRET_KEY=${SECRET_KEY:-PleaseChangeMe}
+ BOOTSTRAP_TOKEN=${BOOTSTRAP_TOKEN:-PleaseChangeMe}
+ CORE_HOST=${CORE_HOST:-"http://localhost:8080"}
+ LOG_LEVEL=${LOG_LEVEL:-INFO}
+
+ export SECRET_KEY BOOTSTRAP_TOKEN CORE_HOST LOG_LEVEL
+ export PATH=/opt/py3/bin/:$PATH
+
+ if [[ -f /opt/jumpserver/config.yml ]];then
+ echo > /opt/jumpserver/config.yml
+ fi
+ rm -f /opt/jumpserver/tmp/*.pid
+}
-if [ ! -f "/opt/jumpserver/config.yml" ]; then
- echo > /opt/jumpserver/config.yml
-fi
-if [ ! -d "/opt/jumpserver/data/media/replay" ]; then
- mkdir -p /opt/jumpserver/data/media/replay
- chmod 755 -R /opt/jumpserver/data/media/replay
-fi
+function mv_dir_link(){
+ src=$1
+ dst=$2
+
+ mkdir -p ${dst}
+ if [[ -d ${src} && ! -L ${src} ]];then
+ if [[ ! -z "$(ls -A ${src})" ]];then
+ mv ${src}/* ${dst}/
+ fi
+ rm -rf ${src}
+ fi
+ if [[ ! -d ${src} ]];then
+ ln -s ${dst} ${src}
+ fi
+}
-if [ ! -d "/opt/jumpserver/data/static" ]; then
- mkdir -p /opt/jumpserver/data/static
- chmod 755 -R /opt/jumpserver/data/static
-fi
+function prepare_data_persist() {
+ for app in jumpserver koko lion chen;do
+ mv_dir_link /opt/$app/data /opt/data/${app}
+ done
+
+ mv_dir_link /var/log/nginx /opt/data/nginx
+ mv_dir_link /var/lib/redis /opt/data/redis
+}
-rm -f /opt/jumpserver/tmp/*.pid
+function upgrade_db() {
+ echo ">> Update database structure"
+ cd /opt/jumpserver || exit 1
+ ./jms upgrade_db || {
+ echo -e "\033[31m Failed to change the table structure. \033[0m"
+ exit 1
+ }
+}
-if [ ! "${CORE_HOST}" ]; then
- export CORE_HOST=http://localhost:8080
-fi
+export GIN_MODE=release
-if [ ! "${LOG_LEVEL}" ]; then
- export LOG_LEVEL=ERROR
-fi
-sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml
-sed -i "s@address: static://127.0.0.1:9090@address: static://127.0.0.1:9092@g" /opt/chen/config/application.yml
+prepare_core
+prepare_data_persist
-if [ -f "/etc/init.d/cron" ]; then
- /etc/init.d/cron start
-fi
+# start other service
+source ${cwd}/service.sh
-if [ "$(uname -m)" = "loongarch64" ]; then
- export SECURITY_LOGIN_CAPTCHA_ENABLED=False
-fi
+until check tcp://${DB_HOST}:${DB_PORT}; do
+ echo "wait for database ${DB_HOST} ready"
+ sleep 2s
+done
-export GIN_MODE=release
+until check tcp://${REDIS_HOST}:${REDIS_PORT}; do
+ echo "wait for redis ${REDIS_HOST} ready"
+ sleep 2s
+done
-cd /opt/jumpserver || exit 1
-./jms upgrade_db || {
- echo -e "\033[31m Failed to change the table structure. \033[0m"
- exit 1
-}
+upgrade_db
echo
echo "Time: $(date "+%Y-%m-%d %H:%M:%S")"
@@ -78,5 +92,4 @@ echo
echo "LOG_LEVEL: ${LOG_LEVEL}"
echo "JumpServer Logs:"
-/etc/init.d/nginx start
-/etc/init.d/supervisor start
\ No newline at end of file
+/etc/init.d/supervisor start
diff --git a/allinone/nginx.conf b/allinone/nginx.conf
deleted file mode 100644
index ac57651..0000000
--- a/allinone/nginx.conf
+++ /dev/null
@@ -1,114 +0,0 @@
-user root;
-worker_processes auto;
-
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
- proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=cache:10m max_size=2g;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- gzip on;
- server_tokens off;
-
- server {
- listen 80;
- server_name _;
-
- client_max_body_size 4096m; # 录像及文件上传大小限制
-
- location = /robots.txt {
- default_type text/html;
- add_header Content-Type "text/plain; charset=UTF-8";
- return 200 "User-agent: *\nDisallow: /\n";
- }
-
- location /download/ {
- alias /opt/download/;
- try_files $uri @redirect_oss;
- }
-
- location @redirect_oss {
- rewrite ^/download/(.*)$ https://static.jumpserver.org/download/$1 permanent;
- }
-
- location /private-media/ {
- internal;
- alias /opt/jumpserver/data/media/;
- }
- location /ui/ {
- try_files $uri / /index.html;
- alias /opt/lina/;
- }
- location /luna/ {
- try_files $uri / /index.html;
- alias /opt/luna/;
- }
- location /static/ {
- root /opt/jumpserver/data/;
- }
- location /koko/ {
- proxy_pass http://127.0.0.1:5000;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /lion/ {
- proxy_pass http://127.0.0.1:8081;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /chen/ {
- proxy_pass http://127.0.0.1:8082;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /ws/ {
- proxy_pass http://127.0.0.1:8080;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location ~ ^/(core|api|media)/ {
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://127.0.0.1:8080;
- }
- location / {
- rewrite ^/(.*)$ /ui/$1 last;
- }
- }
-}
diff --git a/allinone/service.sh b/allinone/service.sh
new file mode 100644
index 0000000..ea03201
--- /dev/null
+++ b/allinone/service.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+#
+
+function init_pg() {
+ echo ">> Init database"
+ DB_NAME=${DB_NAME:-jumpserver}
+ DB_PASSWORD=${DB_PASSWORD:-PleaseChangeMe}
+ DB_ENGINE=${DB_ENGINE:-postgresql}
+ DB_HOST=${DB_HOST:-127.0.0.1}
+ DB_PORT=${DB_PORT:-5432}
+ DB_USER=${DB_USER:-postgres}
+
+ export DB_NAME DB_PASSWORD DB_ENGINE DB_HOST DB_PORT DB_USER
+
+ if [[ ${DB_HOST} != "127.0.0.1" ]];then
+ echo "External database skip start, ${DB_HOST}"
+ return
+ fi
+
+ if [[ ! -f /var/lib/postgresql/13/main/inited.txt ]];then
+ sudo -u postgres psql -c "ALTER USER postgres PASSWORD '$DB_PASSWORD';"
+ sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+ touch /var/lib/postgresql/13/main/inited.txt
+ fi
+
+ echo ">> Start database postgre"
+ chown -R postgres:postgres /var/lib/postgresql/13/main
+ pg_ctlcluster 13 main start
+
+}
+
+function init_ng(){
+ echo ">> Init nginx"
+ echo """
+127.0.0.1 core
+127.0.0.1 koko
+127.0.0.1 lion
+127.0.0.1 chen
+ """ >> /etc/hosts
+ mkdir -p /var/log/nginx
+ mkdir -p /var/cache/nginx
+}
+
+function init_redis() {
+ REDIS_HOST=${REDIS_HOST:-127.0.0.1}
+ REDIS_PORT=${REDIS_PORT:-6379}
+ REDIS_PASSWORD=${REDIS_PASSWORD:-PleaseChangeMe}
+ export REDIS_HOST REDIS_PORT REDIS_PASSWORD
+
+ if [[ ${REDIS_HOST} != '127.0.0.1' ]];then
+ echo "External redis server skip start, ${REDIS_HOST}"
+ return
+ fi
+
+ echo ">> Start redis server"
+ /usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD
+}
+
+function init_other() {
+ # chen
+ sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml
+
+ # cron
+ if [ -f "/etc/init.d/cron" ]; then
+ /etc/init.d/cron start
+ fi
+
+}
+
+
+init_pg
+init_ng
+init_redis
+init_other
+
+
diff --git a/allinone/supervisord.conf b/allinone/supervisord.conf
index e4048bb..67b2b3b 100644
--- a/allinone/supervisord.conf
+++ b/allinone/supervisord.conf
@@ -16,7 +16,7 @@ autorestart=true
priority=100
environment=LANG=en_US.UTF-8
directory=/opt/koko/
-command=/opt/koko/koko
+command=/opt/koko/entrypoint.sh ./koko
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
@@ -25,8 +25,8 @@ autorestart=true
[program:guacd]
priority=10
-environment=LANG=en_US.UTF-8
-command=/opt/guacamole/sbin/guacd -b 0.0.0.0 -f -L error -p /var/run/guacd.pid
+environment=LANG=en_US.UTF-8,LD_LIBRARY_PATH=/opt/guacamole/lib
+command=/opt/guacamole/sbin/guacd -b 0.0.0.0 -f -L debug -p /var/run/guacd.pid
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
@@ -37,7 +37,7 @@ autorestart=true
priority=100
environment=LANG=en_US.UTF-8
directory=/opt/lion/
-command=/opt/lion/lion
+command=/opt/lion/entrypoint.sh ./lion
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
@@ -46,9 +46,18 @@ autorestart=true
[program:chen]
priority=100
-environment=WORK_DIR="/opt/chen",COMPONENT_NAME="chen",WISP_TRACE_PROCESS=1,EXECUTE_PROGRAM="java -Dfile.encoding=utf-8 -XX:+ExitOnOutOfMemoryError -jar /opt/chen/chen.jar --mock.enable=false",BIND_PORT=9092,LANG=en_US.UTF-8
directory=/opt/chen/
-command=/usr/local/bin/wisp
+command=/opt/chen/entrypoint.sh wisp
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+
+[program:web]
+priority=1000
+directory=/opt
+command=/opt/web/entrypoint.sh nginx -g "daemon off;"
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
diff --git a/chen/Dockerfile b/chen/Dockerfile
deleted file mode 100644
index a1fdc43..0000000
--- a/chen/Dockerfile
+++ /dev/null
@@ -1,84 +0,0 @@
-FROM debian:bookworm-slim AS stage-1
-ARG TARGETARCH
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- wget"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt
-
-ARG CHECK_VERSION=v1.0.3
-RUN set -e \
- && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
- && chown root:root /usr/local/bin/check \
- && chmod 755 /usr/local/bin/check \
- && rm -f /opt/*.tar.gz
-
-ARG WISP_VERSION=v0.2.0
-RUN set -e \
- && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \
- && chown root:root /usr/local/bin/wisp \
- && chmod 755 /usr/local/bin/wisp \
- && rm -f /opt/*.tar.gz
-
-WORKDIR /opt/chen
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-RUN set -e \
- && cd /opt \
- && wget --quiet https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \
- && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \
- && chown -R root:root /opt/chen \
- && rm -f /opt/*.tar.gz
-
-FROM debian:bookworm-slim
-ENV LANG=en_US.UTF-8
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- openjdk-17-jre-headless"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
- && apt-get update \
- && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash \
- && sed -i "s@# export @export @g" ~/.bashrc \
- && sed -i "s@# alias @alias @g" ~/.bashrc \
- && sed -i "s@jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1@jdk.tls.disabledAlgorithms=SSLv3@" /etc/java-17-openjdk/security/java.security
-
-COPY --from=stage-1 /usr/local/bin /usr/local/bin
-COPY --from=stage-1 /opt/chen /opt/chen
-
-WORKDIR /opt/chen
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-VOLUME /opt/chen/data
-
-COPY chen/entrypoint.sh /opt/entrypoint.sh
-ENTRYPOINT ["/opt/entrypoint.sh"]
-
-EXPOSE 8082
-
-STOPSIGNAL SIGQUIT
-
-CMD [ "wisp" ]
diff --git a/chen/entrypoint.sh b/chen/entrypoint.sh
deleted file mode 100755
index 3965b64..0000000
--- a/chen/entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-#
-
-if [ -n "$CORE_HOST" ]; then
- until check ${CORE_HOST}/api/health/; do
- echo "wait for jms_core ${CORE_HOST} ready"
- sleep 2
- done
-fi
-
-export GIN_MODE=release
-export WORK_DIR=/opt/chen
-export COMPONENT_NAME=chen
-export WISP_TRACE_PROCESS=1
-export EXECUTE_PROGRAM="java -Dfile.encoding=utf-8 -XX:+ExitOnOutOfMemoryError -jar /opt/chen/chen.jar --mock.enable=false"
-
-if [ ! "$LOG_LEVEL" ]; then
- LOG_LEVEL=ERROR
-fi
-
-sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml
-
-exec "$@"
\ No newline at end of file
diff --git a/core/Dockerfile b/core/Dockerfile
deleted file mode 100644
index 5f2bf2c..0000000
--- a/core/Dockerfile
+++ /dev/null
@@ -1,149 +0,0 @@
-FROM python:3.11-slim-bookworm AS stage-1
-ARG TARGETARCH
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- git \
- git-lfs \
- wget"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt
-
-ARG CHECK_VERSION=v1.0.3
-RUN set -e \
- && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
- && chown root:root /usr/local/bin/check \
- && chmod 755 /usr/local/bin/check \
- && rm -f /opt/*.tar.gz
-
-ARG VERSION=v4.1.0
-ENV VERSION=$VERSION
-
-RUN set -e \
- && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver
-
-WORKDIR /opt/jumpserver
-
-RUN set -e \
- && echo > /opt/jumpserver/config.yml \
- && \
- if [ -n "${VERSION}" ]; then \
- sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \
- fi \
- && chmod +x /opt/jumpserver/entrypoint.sh \
- && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github
-
-FROM python:3.11-slim-bookworm AS stage-2
-ARG TARGETARCH
-
-ARG BUILD_DEPENDENCIES=" \
- g++ \
- make \
- pkg-config"
-
-ARG DEPENDENCIES=" \
- default-libmysqlclient-dev \
- freetds-dev \
- gettext \
- libkrb5-dev \
- libldap2-dev \
- libsasl2-dev"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt
-
-ENV PYTHONUNBUFFERED=1 \
- PYTHONDONTWRITEBYTECODE=1 \
- GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1
-
-RUN --mount=type=cache,target=/root/.cache,sharing=locked \
- set -e \
- && pip install poetry \
- && poetry config virtualenvs.create false
-
-WORKDIR /opt/jumpserver
-
-COPY --from=stage-1 /opt/jumpserver/poetry.lock /opt/jumpserver/pyproject.toml /opt/jumpserver/
-
-RUN --mount=type=cache,target=/root/.cache,sharing=locked \
- set -e \
- && python3 -m venv /opt/py3 \
- && . /opt/py3/bin/activate \
- && poetry install --only=main
-
-COPY --from=stage-1 /opt/jumpserver /opt/jumpserver
-
-RUN set -e \
- && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \
- && . /opt/py3/bin/activate \
- && cd apps \
- && python manage.py compilemessages
-
-FROM python:3.11-slim-bookworm
-ENV LANG=en_US.UTF-8 \
- PATH=/opt/py3/bin:$PATH
-
-ARG DEPENDENCIES=" \
- libldap2-dev \
- libx11-dev"
-
-ARG TOOLS=" \
- bubblewrap \
- ca-certificates \
- default-libmysqlclient-dev \
- openssh-client \
- sshpass"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && apt-get -y install --no-install-recommends ${TOOLS} \
- && mkdir -p /root/.ssh/ \
- && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
- && echo "no" | dpkg-reconfigure dash \
- && sed -i "s@# export @export @g" ~/.bashrc \
- && sed -i "s@# alias @alias @g" ~/.bashrc
-
-COPY --from=stage-2 /opt /opt
-COPY --from=stage-1 /usr/local/bin /usr/local/bin
-COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/
-
-WORKDIR /opt/jumpserver
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-VOLUME /opt/jumpserver/data
-
-COPY core/entrypoint.sh /opt/entrypoint.sh
-ENTRYPOINT ["/opt/entrypoint.sh"]
-
-EXPOSE 8080
-
-STOPSIGNAL SIGQUIT
-
-CMD ["start", "all"]
\ No newline at end of file
diff --git a/core/entrypoint.sh b/core/entrypoint.sh
deleted file mode 100755
index a1ed257..0000000
--- a/core/entrypoint.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-#
-
-until check tcp://${DB_HOST}:${DB_PORT}; do
- echo "wait for jms_mysql ${DB_HOST} ready"
- sleep 2s
-done
-
-until check tcp://${REDIS_HOST}:${REDIS_PORT}; do
- echo "wait for jms_redis ${REDIS_HOST} ready"
- sleep 2s
-done
-
-rm -f /opt/jumpserver/tmp/*.pid
-
-case "$1" in
- start|init_db|upgrade_db)
- set -- /opt/jumpserver/jms "$@"
- ;;
- *)
- exec "$@"
- ;;
-esac
-
-exec "$@"
\ No newline at end of file
diff --git a/docker-compose-build.yml b/docker-compose-build.yml
deleted file mode 100644
index 9c2746e..0000000
--- a/docker-compose-build.yml
+++ /dev/null
@@ -1,161 +0,0 @@
-services:
- core:
- build:
- context: .
- dockerfile: core/Dockerfile
- args:
- VERSION: ${VERSION}
- TARGETARCH: ${TARGETARCH}
- image: jumpserver/jms_core:${VERSION}
- container_name: jms_core
- restart: always
- command: start web
- env_file: .env
- healthcheck:
- test: "check http://localhost:8080/api/health/"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 60s
- volumes:
- - ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- networks:
- - net
-
- celery:
- image: jumpserver/jms_core:${VERSION}
- container_name: jms_celery
- restart: always
- command: start task
- env_file: .env
- depends_on:
- core:
- condition: service_healthy
- healthcheck:
- test: "bash /opt/jumpserver/utils/check_celery.sh"
- interval: 10s
- timeout: 10s
- retries: 3
- start_period: 30s
- volumes:
- - ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- networks:
- - net
-
- koko:
- build:
- context: .
- dockerfile: koko/Dockerfile
- args:
- VERSION: ${VERSION}
- TARGETARCH: ${TARGETARCH}
- image: jumpserver/jms_koko:${VERSION}
- container_name: jms_koko
- restart: always
- privileged: true
- env_file: .env
- depends_on:
- core:
- condition: service_healthy
- healthcheck:
- test: "check http://localhost:5000/koko/health/"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 10s
- volumes:
- - ${VOLUME_DIR}/koko/data:/opt/koko/data
- ports:
- - ${SSH_PORT:-2222}:2222
- networks:
- - net
-
- guacd:
- image: jumpserver/guacd:1.5.5-bookworm
- container_name: jms_guacd
- user: root
- restart: always
- env_file: .env
- volumes:
- - ${VOLUME_DIR}/lion/data:/opt/lion/data
- networks:
- - net
-
- lion:
- build:
- context: .
- dockerfile: lion/Dockerfile
- args:
- VERSION: ${VERSION}
- TARGETARCH: ${TARGETARCH}
- image: jumpserver/jms_lion:${VERSION}
- container_name: jms_lion
- restart: always
- env_file: .env
- depends_on:
- core:
- condition: service_healthy
- healthcheck:
- test: "check http://localhost:8081/lion/health/"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 10s
- volumes:
- - ${VOLUME_DIR}/lion/data:/opt/lion/data
- networks:
- - net
-
- chen:
- build:
- context: .
- dockerfile: chen/Dockerfile
- args:
- VERSION: ${VERSION}
- TARGETARCH: ${TARGETARCH}
- image: jumpserver/jms_chen:${VERSION}
- container_name: jms_chen
- restart: always
- env_file: .env
- volumes:
- - ${VOLUME_DIR}/chen/data:/opt/chen/data
- depends_on:
- core:
- condition: service_healthy
- healthcheck:
- test: "check http://localhost:8082/chen/"
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 60s
- networks:
- - net
-
- web:
- build:
- context: .
- dockerfile: web/Dockerfile
- args:
- VERSION: ${VERSION}
- TARGETARCH: ${TARGETARCH}
- image: jumpserver/jms_web:${VERSION}
- container_name: jms_web
- restart: always
- env_file: .env
- depends_on:
- core:
- condition: service_healthy
- healthcheck:
- test: "check http://localhost/api/health/ "
- interval: 10s
- timeout: 5s
- retries: 3
- start_period: 10s
- volumes:
- - ${VOLUME_DIR}/core/data:/opt/jumpserver/data
- - ${VOLUME_DIR}/web/data/logs:/var/log/nginx
- - ${VOLUME_DIR}/web/data/download:/opt/download
- ports:
- - ${HTTP_PORT:-80}:80
- networks:
- - net
\ No newline at end of file
diff --git a/koko/Dockerfile b/koko/Dockerfile
deleted file mode 100644
index b6aee48..0000000
--- a/koko/Dockerfile
+++ /dev/null
@@ -1,139 +0,0 @@
-FROM redis:7.0-bookworm AS stage-1
-FROM debian:bookworm-slim AS stage-2
-ARG TARGETARCH
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- wget"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt
-
-ARG CHECK_VERSION=v1.0.3
-RUN set -e \
- && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
- && chown root:root /usr/local/bin/check \
- && chmod 755 /usr/local/bin/check \
- && rm -f /opt/*.tar.gz
-
-ARG WISP_VERSION=v0.2.0
-RUN set -e \
- && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \
- && chown root:root /usr/local/bin/wisp \
- && chmod 755 /usr/local/bin/wisp \
- && rm -f /opt/*.tar.gz
-
-ARG USQL_VERSION=v0.0.1
-RUN set -e \
- && wget --quiet https://github.com/jumpserver-dev/usql/releases/download/${USQL_VERSION}/usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \
- && chown root:root /usr/local/bin/usql \
- && chmod 755 /usr/local/bin/usql \
- && rm -f /opt/*.tar.gz
-
-ARG MONGOSH_VERSION=2.2.12
-RUN set -e \
- && \
- case "${TARGETARCH}" in \
- amd64) \
- wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
- && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
- && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \
- && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \
- && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \
- && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \
- ;; \
- arm64|ppc64le|s390x) \
- wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
- && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
- && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \
- && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \
- && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \
- && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \
- ;; \
- *) \
- echo "Unsupported architecture: ${TARGETARCH}" \
- ;; \
- esac
-
-ARG HELM_VERSION=v3.15.2
-ARG KUBECTL_VERSION=v1.30.2
-RUN set -e \
- && wget --quiet -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \
- && tar -xf kubectl.tar.gz --strip-components=3 -C /opt kubernetes/client/bin/kubectl \
- && mv kubectl /usr/local/bin/rawkubectl \
- && mkdir /opt/kubectl-aliases/ \
- && wget --quiet https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \
- && mv .kubectl_aliases /opt/kubectl-aliases/ \
- && chown -R root:root /opt/kubectl-aliases/ \
- && wget --quiet https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 linux-${TARGETARCH}/helm \
- && mv helm /usr/local/bin/rawhelm \
- && chmod 755 /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \
- && chown root:root /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \
- && rm -f /opt/*.tar.gz
-
-WORKDIR /opt/koko
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-RUN set -e \
- && cd /opt \
- && wget --quiet https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf koko-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/ --strip-components=1 \
- && mv /opt/koko/kubectl /usr/local/bin/ \
- && mv /opt/koko/helm /usr/local/bin/ \
- && chmod 755 /usr/local/bin/helm /usr/local/bin/kubectl /opt/koko/init-kubectl.sh \
- && chown root:root /usr/local/bin/helm /usr/local/bin/kubectl \
- && rm -f /opt/*.tar.gz
-
-FROM debian:bookworm-slim
-ENV LANG=en_US.UTF-8
-
-ARG DEPENDENCIES=" \
- ca-certificates"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
- && apt-get update \
- && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash \
- && sed -i "s@# export @export @g" ~/.bashrc \
- && sed -i "s@# alias @alias @g" ~/.bashrc
-
-COPY --from=stage-1 /usr/local/bin/redis-cli /usr/local/bin/redis-cli
-COPY --from=stage-2 /usr/local/bin /usr/local/bin
-COPY --from=stage-2 /usr/local/lib /usr/local/lib
-COPY --from=stage-2 /opt/koko /opt/koko
-COPY --from=stage-2 /opt/kubectl-aliases /opt/kubectl-aliases
-
-WORKDIR /opt/koko
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-VOLUME /opt/koko/data
-
-COPY koko/entrypoint.sh /opt/entrypoint.sh
-ENTRYPOINT ["/opt/entrypoint.sh"]
-
-EXPOSE 2222 5000
-
-STOPSIGNAL SIGQUIT
-
-CMD [ "wisp" ]
diff --git a/koko/entrypoint.sh b/koko/entrypoint.sh
deleted file mode 100755
index 2f0654c..0000000
--- a/koko/entrypoint.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-#
-
-if [ -n "$CORE_HOST" ]; then
- until check ${CORE_HOST}/api/health/; do
- echo "wait for jms_core ${CORE_HOST} ready"
- sleep 2
- done
-fi
-
-export WORK_DIR=/opt/koko
-export COMPONENT_NAME=koko
-export WISP_TRACE_PROCESS=1
-export EXECUTE_PROGRAM=/opt/koko/koko
-
-if [ ! "$LOG_LEVEL" ]; then
- export LOG_LEVEL=ERROR
-fi
-
-exec "$@"
\ No newline at end of file
diff --git a/lion/Dockerfile b/lion/Dockerfile
deleted file mode 100644
index d76b840..0000000
--- a/lion/Dockerfile
+++ /dev/null
@@ -1,84 +0,0 @@
-FROM debian:bookworm-slim AS stage-1
-ARG TARGETARCH
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- wget"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt
-
-ARG CHECK_VERSION=v1.0.3
-RUN set -e \
- && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
- && chown root:root /usr/local/bin/check \
- && chmod 755 /usr/local/bin/check \
- && rm -f /opt/*.tar.gz
-
-ARG WISP_VERSION=v0.2.0
-RUN set -e \
- && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \
- && chown root:root /usr/local/bin/wisp \
- && chmod 755 /usr/local/bin/wisp \
- && rm -f /opt/*.tar.gz
-
-WORKDIR /opt/lion
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-RUN set -e \
- && cd /opt \
- && wget --quiet https://github.com/jumpserver/lion/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \
- && chown -R root:root /opt/lion \
- && rm -f /opt/*.tar.gz
-
-FROM debian:bookworm-slim
-ENV LANG=en_US.UTF-8
-
-ARG DEPENDENCIES=" \
- ca-certificates"
-
-USER root
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
- && apt-get update \
- && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash \
- && sed -i "s@# export @export @g" ~/.bashrc \
- && sed -i "s@# alias @alias @g" ~/.bashrc
-
-COPY --from=stage-1 /usr/local/bin /usr/local/bin
-COPY --from=stage-1 /opt/lion /opt/lion
-
-WORKDIR /opt/lion
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-VOLUME /opt/lion/data
-
-COPY lion/entrypoint.sh /opt/entrypoint.sh
-ENTRYPOINT ["/opt/entrypoint.sh"]
-
-EXPOSE 8081
-
-STOPSIGNAL SIGQUIT
-
-CMD ["wisp"]
diff --git a/lion/entrypoint.sh b/lion/entrypoint.sh
deleted file mode 100755
index 4631935..0000000
--- a/lion/entrypoint.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-#
-
-if [ -n "$CORE_HOST" ]; then
- until check ${CORE_HOST}/api/health/; do
- echo "wait for jms_core ${CORE_HOST} ready"
- sleep 2
- done
-fi
-
-export WORK_DIR=/opt/lion
-export COMPONENT_NAME=lion
-export WISP_TRACE_PROCESS=1
-export EXECUTE_PROGRAM=/opt/lion/lion
-
-if [ ! "$LOG_LEVEL" ]; then
- export LOG_LEVEL=ERROR
-fi
-
-exec "$@"
\ No newline at end of file
diff --git a/swarm/README.md b/swarm/README.md
new file mode 100644
index 0000000..5c6d1f6
--- /dev/null
+++ b/swarm/README.md
@@ -0,0 +1,106 @@
+## 集群部署
+
+- Docker Swarm 集群环境
+- 自行创建 MySQL 和 Redis, 参考上面环境要求说明
+- 自行创建持久化共享存储目录 ( 例如 NFS, GlusterFS, Ceph 等 )
+
+```sh
+# 在所有 Docker Swarm Worker 节点挂载 NFS 或者其他共享存储, 例如 /data/jumpserver
+# 注意: 需要手动创建所有需要挂载的持久化目录, Docker Swarm 模式不会自动创建所需的目录
+mkdir -p /data/jumpserver/core/data
+mkdir -p /data/jumpserver/chen/data
+mkdir -p /data/jumpserver/lion/data
+mkdir -p /data/jumpserver/koko/data
+mkdir -p /data/jumpserver/lion/data
+mkdir -p /data/jumpserver/web/data/logs
+mkdir -p /data/jumpserver/web/download
+```
+```sh
+git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
+cd Dockerfile/swarm
+cp config_example.conf .env
+vi .env
+```
+
+```vim
+# 版本号可以自己根据项目的版本修改
+VERSION=v4.1.0
+
+TARGETARCH=amd64
+
+# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay
+COMPOSE_PROJECT_NAME=jms
+# COMPOSE_HTTP_TIMEOUT=3600
+# DOCKER_CLIENT_TIMEOUT=3600
+DOCKER_SUBNET=192.168.250.0/24
+NETWORK_DRIVER=overlay
+
+# 持久化存储
+VOLUME_DIR=/opt/jumpserver
+
+# 时区
+TZ=Asia/Shanghai
+
+# MySQL
+DB_HOST=mysql
+DB_PORT=3306
+DB_USER=root
+DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
+DB_NAME=jumpserver
+
+# Redis
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
+
+# Core
+SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
+BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
+LOG_LEVEL=ERROR
+DOMAINS=
+
+# 组件通信
+CORE_HOST=http://core:8080
+
+# Lion
+GUACD_LOG_LEVEL=error
+GUA_HOST=guacd
+GUA_PORT=4822
+
+# Web
+HTTP_PORT=80
+SSH_PORT=2222
+
+##
+# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
+# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ...
+```
+```sh
+# 生成 docker stack 部署所需文件
+docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml
+docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml
+```
+```sh
+# 初始化数据库
+docker stack deploy -c docker-stack-init-db.yml jumpserver
+docker service ls
+docker service ps jumpserver_init_db
+
+# 根据查到的 Worker 节点, 到对应节点查看初始化日志
+```
+```sh
+# 启动 JumpServer 应用
+docker stack deploy -c docker-stack.yml jumpserver
+docker service ls
+```
+```sh
+# 扩容缩容
+docker service update --replicas=2 jumpserver_koko # 扩容 koko 到 2 个副本
+docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副本
+# ...
+```
+
+
+## 初始账号
+- 默认账号: `admin`
+- 默认密码: `ChangeMe`
\ No newline at end of file
diff --git a/config_example.conf b/swarm/config_example.conf
similarity index 100%
rename from config_example.conf
rename to swarm/config_example.conf
diff --git a/docker-compose-init-db.yml b/swarm/docker-compose-init-db.yml
similarity index 100%
rename from docker-compose-init-db.yml
rename to swarm/docker-compose-init-db.yml
diff --git a/docker-compose-mariadb.yml b/swarm/docker-compose-mariadb.yml
similarity index 100%
rename from docker-compose-mariadb.yml
rename to swarm/docker-compose-mariadb.yml
diff --git a/docker-compose-network.yml b/swarm/docker-compose-network.yml
similarity index 100%
rename from docker-compose-network.yml
rename to swarm/docker-compose-network.yml
diff --git a/docker-compose-redis.yml b/swarm/docker-compose-redis.yml
similarity index 100%
rename from docker-compose-redis.yml
rename to swarm/docker-compose-redis.yml
diff --git a/docker-compose.yml b/swarm/docker-compose.yml
similarity index 100%
rename from docker-compose.yml
rename to swarm/docker-compose.yml
diff --git a/web/Dockerfile b/web/Dockerfile
deleted file mode 100644
index 3456a92..0000000
--- a/web/Dockerfile
+++ /dev/null
@@ -1,79 +0,0 @@
-FROM debian:bookworm-slim AS stage-1
-ARG TARGETARCH
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- curl \
- wget"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && apt-get update \
- && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt
-
-ARG CHECK_VERSION=v1.0.3
-RUN set -e \
- && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
- && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
- && chown root:root /usr/local/bin/check \
- && chmod 755 /usr/local/bin/check \
- && rm -f /opt/*.tar.gz
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-RUN set -e \
- && mkdir -p /opt/lina /opt/luna \
- && wget --quiet https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \
- && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \
- && wget --quiet https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \
- && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \
- && rm -f /opt/*.tar.gz
-
-RUN set -e \
- && wget --quiet https://github.com/jumpserver/docker-web/raw/${VERSION}/prepare.sh \
- && wget --quiet https://github.com/jumpserver/docker-web/raw/${VERSION}/versions.txt \
- && chown root:root prepare.sh versions.txt \
- && chmod 755 /opt/prepare.sh
-
-COPY web/entrypoint.sh .
-RUN chmod 755 ./entrypoint.sh
-
-FROM nginx:1.25-bookworm
-ENV LANG=en_US.UTF-8
-
-ARG DEPENDENCIES=" \
- ca-certificates \
- logrotate"
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
- --mount=type=cache,target=/var/lib/apt,sharing=locked \
- set -e \
- && rm -f /etc/apt/apt.conf.d/docker-clean \
- && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
- && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
- && apt-get update \
- && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
- && echo "no" | dpkg-reconfigure dash \
- && sed -i "s@# export @export @g" ~/.bashrc \
- && sed -i "s@# alias @alias @g" ~/.bashrc
-
-COPY --from=stage-1 /usr/local/bin /usr/local/bin
-COPY --from=stage-1 /opt /opt
-COPY web/nginx.conf /etc/nginx/
-
-WORKDIR /opt
-
-ARG VERSION=v4.1.0
-ENV VERSION=${VERSION}
-
-VOLUME /opt/download
-VOLUME /var/log/nginx
-
-COPY web/entrypoint.sh /docker-entrypoint.d/99-check-core-ready.sh
\ No newline at end of file
diff --git a/web/entrypoint.sh b/web/entrypoint.sh
deleted file mode 100755
index 826af77..0000000
--- a/web/entrypoint.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-#
-
-if [ -n "$CORE_HOST" ]; then
- until check ${CORE_HOST}/api/health/; do
- echo "wait for jms_core ${CORE_HOST} ready"
- sleep 2
- done
-fi
-
-if [ -f "/etc/init.d/cron" ]; then
- /etc/init.d/cron start
-fi
\ No newline at end of file
diff --git a/web/nginx.conf b/web/nginx.conf
deleted file mode 100644
index da808d2..0000000
--- a/web/nginx.conf
+++ /dev/null
@@ -1,121 +0,0 @@
-user nginx;
-worker_processes auto;
-
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
- proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=cache:10m max_size=2g;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- gzip on;
- server_tokens off;
-
- server {
- listen 80;
- server_name _;
-
- proxy_cache cache;
- proxy_cache_key $host$request_uri;
- proxy_cache_methods GET HEAD;
- proxy_cache_valid 200 302 720m;
- proxy_cache_valid 404 1m;
- proxy_cache_use_stale http_502;
-
- client_max_body_size 4096m; # 录像及文件上传大小限制
-
- location = /robots.txt {
- default_type text/html;
- add_header Content-Type "text/plain; charset=UTF-8";
- return 200 "User-agent: *\nDisallow: /\n";
- }
-
- location /download/ {
- alias /opt/download/;
- try_files $uri @redirect_oss;
- }
-
- location @redirect_oss {
- rewrite ^/download/(.*)$ https://static.jumpserver.org/download/$1 permanent;
- }
-
- location /private-media/ {
- internal;
- alias /opt/jumpserver/data/media/;
- }
- location /ui/ {
- try_files $uri / /index.html;
- alias /opt/lina/;
- }
- location /luna/ {
- try_files $uri / /index.html;
- alias /opt/luna/;
- }
- location /static/ {
- root /opt/jumpserver/data/;
- }
- location /koko/ {
- proxy_pass http://koko:5000;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /lion/ {
- proxy_pass http://lion:8081;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /chen/ {
- proxy_pass http://chen:8082;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /ws/ {
- proxy_pass http://core:8080;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location ~ ^/(core|api|media)/ {
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://core:8080;
- }
- location / {
- rewrite ^/(.*)$ /ui/$1 last;
- }
- }
-}