安装文档

安装方式

根据实机环境选择安装方式,支持 在线安装离线安装,安装过程可以参考 安装演示视频

环境要求

OS/ArchArchitectureLinux KernelSoft RequirementMinimize Hardware
linux/amd64x86_64>= 4.0wget curl tar gettext iptables python2Core/8GB RAM/60G HDD
linux/arm64aarch64>= 4.0wget curl tar gettext iptables python2Core/8GB RAM/60G HDD
linux/loong64loongarch64== 4.19wget curl tar gettext iptables python2Core/8GB RAM/60G HDD

Debian / UbuntuRedHat / CentOS

  1. apt-get update
  2. apt-get install -y wget curl tar gettext iptables
  1. yum update
  2. yum install -y wget curl tar gettext iptables

JumpServer 需要使用 MySQL 或 MariaDB 存储数据,使用 Redis 缓存数据,如果希望使用自建数据库或云数据库请参考此处的要求
支持 数据库 SSL 连接Redis SSL 连接

NameVersionDefault CharsetDefault collationTLS/SSL
MySQL>= 5.7utf8utf8_general_ci安装部署 - 图1
MariaDB>= 10.2utf8mb3utf8mb3_general_ci安装部署 - 图2
NameVersionSentinelClusterTLS/SSL
Redis>= 5.0安装部署 - 图3安装部署 - 图4安装部署 - 图5

MySQLMariaDB

  1. create database jumpserver default charset 'utf8';
  1. mysql> show create database jumpserver;
  2. +------------+---------------------------------------------------------------------+
  3. | Database | Create Database |
  4. +------------+---------------------------------------------------------------------+
  5. | jumpserver | CREATE DATABASE `jumpserver` /*!40100 DEFAULT CHARACTER SET utf8 */ |
  6. +------------+---------------------------------------------------------------------+
  7. 1 row in set (0.00 sec)
  1. create database jumpserver default charset 'utf8';
  1. MariaDB> show create database jumpserver;
  2. +------------+-----------------------------------------------------------------------+
  3. | Database | Create Database |
  4. +------------+-----------------------------------------------------------------------+
  5. | jumpserver | CREATE DATABASE `jumpserver` /*!40100 DEFAULT CHARACTER SET utf8mb3*/ |
  6. +------------+-----------------------------------------------------------------------+
  7. 1 row in set (0.001 sec)

一键安装

支持主流 Linux 发行版本(基于 Debian / RedHat,包括国产操作系统)。Gentoo / Arch Linux 请通过 源码安装

  1. // root@localhost:/opt#
  2. $ curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.28.7/quick_start.sh | bash
  3. ---> 100%
  4. <span style="color: green;">[Success]</span>: download install script to /opt/jumpserver-installer-v2.28.7
  5. [Info]: Start executing the installation script.
  6. [Info]: In an automated script deployment, note the message prompts on the screen.
  7. ---> 100%
  8. <span style="color: green;">[Success]</span>: The Installation is Complete.
  9. For more commands, you can enter <span style="color: red;">jmsctl --help</span> to view help information.

标准部署

国内可以使用由 华为云 提供的容器镜像服务

区域镜像仓库地址配置文件 /opt/jumpserver/config/config.txtKubernetes values.yamlOS/ARCH
华北-北京一swr.cn-north-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-north-1.myhuaweicloud.comrepository: swr.cn-north-1.myhuaweicloud.comlinux/amd64
华南-广州swr.cn-south-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.comrepository: swr.cn-south-1.myhuaweicloud.comlinux/amd64
华北-北京四swr.cn-north-4.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-north-4.myhuaweicloud.comrepository: swr.cn-north-4.myhuaweicloud.comlinux/arm64
华东-上海一swr.cn-east-3.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.comrepository: swr.cn-east-3.myhuaweicloud.comlinux/arm64
西南-贵阳一swr.cn-southwest-2.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.ap-southeast-1.myhuaweicloud.comrepository: swr.ap-southeast-1.myhuaweicloud.comlinux/loong64

InstallerHelmSourceAllinone

  1. cd /opt
  2. wget https://github.com/jumpserver/installer/releases/download/v2.28.7/jumpserver-installer-v2.28.7.tar.gz
  3. tar -xf jumpserver-installer-v2.28.7.tar.gz
  4. cd jumpserver-installer-v2.28.7
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, 如果使用外置数据库, 请输入正确的 MySQL 信息
  12. DB_HOST=mysql
  13. DB_PORT=3306
  14. DB_USER=root
  15. DB_PASSWORD=
  16. DB_NAME=jumpserver
  17. ## Redis 配置, 如果使用外置数据库, 请输入正确的 Redis 信息
  18. REDIS_HOST=redis
  19. REDIS_PORT=6379
  20. REDIS_PASSWORD=
  21. # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改
  22. DOCKER_SUBNET=192.168.250.0/24
  23. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  24. USE_IPV6=0
  25. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  26. ## 访问配置
  27. HTTP_PORT=80
  28. SSH_PORT=2222
  29. RDP_PORT=3389
  30. MAGNUS_PORTS=30000-30100
  31. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  32. # HTTPS_PORT=443
  33. # SERVER_NAME=your_domain_name
  34. # SSL_CERTIFICATE=your_cert
  35. # SSL_CERTIFICATE_KEY=your_cert_key
  36. ## Nginx 文件上传大小
  37. CLIENT_MAX_BODY_SIZE=4096m
  38. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  39. USE_TASK=1
  40. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  41. # SESSION_COOKIE_AGE=86400
  42. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  43. # Koko Lion XRDP 组件配置
  44. CORE_HOST=http://core:8080
  45. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  46. ## 终端使用宿主 HOSTNAME 标识
  47. SERVER_HOSTNAME=${HOSTNAME}
  48. # 额外的配置
  49. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start

安装完成后配置文件 /opt/jumpserver/config/config.txt

  1. cd /opt/jumpserver-installer-v2.28.7
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h
  1. helm repo add jumpserver https://jumpserver.github.io/helm-charts
  2. helm repo list
  3. vi values.yaml
  1. # 模板 https://github.com/jumpserver/helm-charts/blob/main/charts/jumpserver/values.yaml
  2. # Default values for jumpserver.
  3. # This is a YAML-formatted file.
  4. # Declare variables to be passed into your templates.
  5. nameOverride: ""
  6. fullnameOverride: ""
  7. ## @param global.imageRegistry Global Docker image registry
  8. ## @param global.imagePullSecrets Global Docker registry secret names as an array
  9. ## @param global.storageClass Global StorageClass for Persistent Volume(s)
  10. ## @param global.redis.password Global Redis&trade; password (overrides `auth.password`)
  11. ##
  12. global:
  13. imageRegistry: "docker.io" # 国内可以使用华为云加速
  14. imageTag: v2.28.7 # 版本号
  15. ## E.g.
  16. # imagePullSecrets:
  17. # - name: harborsecret
  18. #
  19. # storageClass: "jumpserver-data"
  20. ##
  21. imagePullSecrets: []
  22. # - name: yourSecretKey
  23. storageClass: "" # (*必填) NFS SC
  24. ## Please configure your MySQL server first
  25. ## Jumpserver will not start the external MySQL server.
  26. ##
  27. externalDatabase: # (*必填) 数据库相关设置
  28. engine: mysql
  29. host: localhost
  30. port: 3306
  31. user: root
  32. password: ""
  33. database: jumpserver
  34. ## Please configure your Redis server first
  35. ## Jumpserver will not start the external Redis server.
  36. ##
  37. externalRedis: # (*必填) Redis 设置
  38. host: localhost
  39. port: 6379
  40. password: ""
  41. serviceAccount:
  42. # Specifies whether a service account should be created
  43. create: false
  44. # The name of the service account to use.
  45. # If not set and create is true, a name is generated using the fullname template
  46. name:
  47. ingress:
  48. enabled: true # 不使用 ingress 可以关闭
  49. annotations:
  50. # kubernetes.io/tls-acme: "true"
  51. compute-full-forwarded-for: "true"
  52. use-forwarded-headers: "true"
  53. kubernetes.io/ingress.class: nginx
  54. nginx.ingress.kubernetes.io/configuration-snippet: |
  55. proxy_set_header Upgrade "websocket";
  56. proxy_set_header Connection "Upgrade";
  57. hosts:
  58. - "test.jumpserver.org" # 对外域名
  59. tls: []
  60. # - secretName: chart-example-tls
  61. # hosts:
  62. # - chart-example.local
  63. core:
  64. enabled: true
  65. labels:
  66. app.jumpserver.org/name: jms-core
  67. config:
  68. # Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
  69. # secretKey: "B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy"
  70. secretKey: "" # (*必填) 加密敏感信息的 secret_key, 长度推荐大于 50 位
  71. # Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
  72. # bootstrapToken: "7Q11Vz6R2J6BLAdO"
  73. bootstrapToken: "" # (*必填) 组件认证使用的 token, 长度推荐大于 24 位
  74. # Enabled it for debug
  75. debug: false
  76. log:
  77. level: ERROR
  78. replicaCount: 1
  79. image:
  80. registry: docker.io
  81. repository: jumpserver/core
  82. tag: v2.28.7
  83. pullPolicy: IfNotPresent
  84. command: []
  85. env:
  86. # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
  87. SESSION_EXPIRE_AT_BROWSER_CLOSE: true
  88. # SESSION_COOKIE_AGE: 86400
  89. # SECURITY_VIEW_AUTH_NEED_MFA: true
  90. livenessProbe:
  91. failureThreshold: 30
  92. httpGet:
  93. path: /api/health/
  94. port: web
  95. readinessProbe:
  96. failureThreshold: 30
  97. httpGet:
  98. path: /api/health/
  99. port: web
  100. podSecurityContext: {}
  101. # fsGroup: 2000
  102. securityContext: {}
  103. # capabilities:
  104. # drop:
  105. # - ALL
  106. # readOnlyRootFilesystem: true
  107. # runAsNonRoot: true
  108. # runAsUser: 1000
  109. service:
  110. type: ClusterIP
  111. web:
  112. port: 8080
  113. ws:
  114. port: 8070
  115. resources: {}
  116. # We usually recommend not to specify default resources and to leave this as a conscious
  117. # choice for the user. This also increases chances charts run on environments with little
  118. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  119. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  120. # limits:
  121. # cpu: 1000m
  122. # memory: 2048Mi
  123. # requests:
  124. # cpu: 500m
  125. # memory: 1024Mi
  126. persistence:
  127. storageClassName: jumpserver-data
  128. accessModes:
  129. - ReadWriteMany
  130. size: 100Gi
  131. # annotations: {}
  132. finalizers:
  133. - kubernetes.io/pvc-protection
  134. # subPath: ""
  135. # existingClaim:
  136. volumeMounts: []
  137. volumes: []
  138. nodeSelector: {}
  139. tolerations: []
  140. affinity: {}
  141. koko:
  142. enabled: true
  143. labels:
  144. app.jumpserver.org/name: jms-koko
  145. config:
  146. log:
  147. level: ERROR
  148. replicaCount: 1
  149. image:
  150. registry: docker.io
  151. repository: jumpserver/koko
  152. tag: v2.28.7
  153. pullPolicy: IfNotPresent
  154. command: []
  155. env: []
  156. # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko
  157. # LANGUAGE_CODE: zh
  158. # REUSE_CONNECTION: true
  159. # ENABLE_LOCAL_PORT_FORWARD: true
  160. # ENABLE_VSCODE_SUPPORT: true
  161. livenessProbe:
  162. failureThreshold: 30
  163. httpGet:
  164. path: /koko/health/
  165. port: web
  166. readinessProbe:
  167. failureThreshold: 30
  168. httpGet:
  169. path: /koko/health/
  170. port: web
  171. podSecurityContext: {}
  172. # fsGroup: 2000
  173. securityContext:
  174. privileged: true
  175. # capabilities:
  176. # drop:
  177. # - ALL
  178. # readOnlyRootFilesystem: true
  179. # runAsNonRoot: true
  180. # runAsUser: 1000
  181. service:
  182. type: ClusterIP
  183. web:
  184. port: 5000
  185. ssh:
  186. port: 2222
  187. resources: {}
  188. # We usually recommend not to specify default resources and to leave this as a conscious
  189. # choice for the user. This also increases chances charts run on environments with little
  190. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  191. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  192. # limits:
  193. # cpu: 100m
  194. # memory: 128Mi
  195. # requests:
  196. # cpu: 100m
  197. # memory: 128Mi
  198. persistence:
  199. storageClassName: jumpserver-data
  200. accessModes:
  201. - ReadWriteMany
  202. size: 10Gi
  203. # annotations: {}
  204. finalizers:
  205. - kubernetes.io/pvc-protection
  206. volumeMounts: []
  207. volumes: []
  208. nodeSelector: {}
  209. tolerations: []
  210. affinity: {}
  211. lion:
  212. enabled: true
  213. labels:
  214. app.jumpserver.org/name: jms-lion
  215. config:
  216. log:
  217. level: ERROR
  218. replicaCount: 1
  219. image:
  220. registry: docker.io
  221. repository: jumpserver/lion
  222. tag: v2.28.7
  223. pullPolicy: IfNotPresent
  224. command: []
  225. env:
  226. # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion
  227. JUMPSERVER_ENABLE_FONT_SMOOTHING: true
  228. # JUMPSERVER_COLOR_DEPTH: 32
  229. # JUMPSERVER_ENABLE_WALLPAPER: true
  230. # JUMPSERVER_ENABLE_THEMING: true
  231. # JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true
  232. # JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true
  233. # JUMPSERVER_ENABLE_MENU_ANIMATIONS: true
  234. livenessProbe:
  235. failureThreshold: 30
  236. httpGet:
  237. path: /lion/health/
  238. port: web
  239. readinessProbe:
  240. failureThreshold: 30
  241. httpGet:
  242. path: /lion/health/
  243. port: web
  244. podSecurityContext: {}
  245. # fsGroup: 2000
  246. securityContext: {}
  247. # capabilities:
  248. # drop:
  249. # - ALL
  250. # readOnlyRootFilesystem: true
  251. # runAsNonRoot: true
  252. # runAsUser: 1000
  253. service:
  254. type: ClusterIP
  255. web:
  256. port: 8081
  257. resources: {}
  258. # We usually recommend not to specify default resources and to leave this as a conscious
  259. # choice for the user. This also increases chances charts run on environments with little
  260. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  261. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  262. # limits:
  263. # cpu: 100m
  264. # memory: 512Mi
  265. # requests:
  266. # cpu: 100m
  267. # memory: 512Mi
  268. persistence:
  269. storageClassName: jumpserver-data
  270. accessModes:
  271. - ReadWriteMany
  272. size: 50Gi
  273. # annotations: {}
  274. finalizers:
  275. - kubernetes.io/pvc-protection
  276. volumeMounts: []
  277. volumes: []
  278. nodeSelector: {}
  279. tolerations: []
  280. affinity: {}
  281. # v2.27.0 版本 magnus 做了大改,需要开放很多端口,等待后续优化
  282. magnus:
  283. enabled: true
  284. labels:
  285. app.jumpserver.org/name: jms-magnus
  286. config:
  287. log:
  288. level: ERROR
  289. replicaCount: 1
  290. image:
  291. registry: docker.io
  292. repository: jumpserver/magnus
  293. tag: v2.28.7
  294. pullPolicy: IfNotPresent
  295. command: []
  296. env: []
  297. livenessProbe:
  298. failureThreshold: 30
  299. tcpSocket:
  300. port: 9090
  301. readinessProbe:
  302. failureThreshold: 30
  303. tcpSocket:
  304. port: 9090
  305. podSecurityContext: {}
  306. # fsGroup: 2000
  307. securityContext: {}
  308. # capabilities:
  309. # drop:
  310. # - ALL
  311. # readOnlyRootFilesystem: true
  312. # runAsNonRoot: true
  313. # runAsUser: 1000
  314. service:
  315. type: ClusterIP
  316. ports: 30000-30100
  317. resources: {}
  318. # We usually recommend not to specify default resources and to leave this as a conscious
  319. # choice for the user. This also increases chances charts run on environments with little
  320. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  321. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  322. # limits:
  323. # cpu: 100m
  324. # memory: 512Mi
  325. # requests:
  326. # cpu: 100m
  327. # memory: 512Mi
  328. persistence:
  329. storageClassName: jumpserver-data
  330. accessModes:
  331. - ReadWriteMany
  332. size: 10Gi
  333. # annotations: {}
  334. finalizers:
  335. - kubernetes.io/pvc-protection
  336. volumeMounts: []
  337. volumes: []
  338. nodeSelector: {}
  339. tolerations: []
  340. affinity: {}
  341. xpack:
  342. enabled: false # 企业版本打开此选项
  343. omnidb:
  344. labels:
  345. app.jumpserver.org/name: jms-omnidb
  346. config:
  347. log:
  348. level: ERROR
  349. replicaCount: 1
  350. image:
  351. registry: registry.fit2cloud.com
  352. repository: jumpserver/omnidb
  353. tag: v2.28.7
  354. pullPolicy: IfNotPresent
  355. command: []
  356. env: []
  357. livenessProbe:
  358. failureThreshold: 30
  359. tcpSocket:
  360. port: web
  361. readinessProbe:
  362. failureThreshold: 30
  363. tcpSocket:
  364. port: web
  365. podSecurityContext: {}
  366. # fsGroup: 2000
  367. securityContext: {}
  368. # capabilities:
  369. # drop:
  370. # - ALL
  371. # readOnlyRootFilesystem: true
  372. # runAsNonRoot: true
  373. # runAsUser: 1000
  374. service:
  375. type: ClusterIP
  376. web:
  377. port: 8082
  378. resources: {}
  379. # We usually recommend not to specify default resources and to leave this as a conscious
  380. # choice for the user. This also increases chances charts run on environments with little
  381. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  382. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  383. # limits:
  384. # cpu: 100m
  385. # memory: 128Mi
  386. # requests:
  387. # cpu: 100m
  388. # memory: 128Mi
  389. persistence:
  390. storageClassName: jumpserver-data
  391. accessModes:
  392. - ReadWriteMany
  393. size: 10Gi
  394. # annotations: {}
  395. finalizers:
  396. - kubernetes.io/pvc-protection
  397. volumeMounts: []
  398. volumes: []
  399. nodeSelector: {}
  400. tolerations: []
  401. affinity: {}
  402. razor:
  403. labels:
  404. app.jumpserver.org/name: jms-razor
  405. config:
  406. log:
  407. level: ERROR
  408. replicaCount: 1
  409. image:
  410. registry: registry.fit2cloud.com
  411. repository: jumpserver/razor
  412. tag: v2.28.7
  413. pullPolicy: IfNotPresent
  414. command: []
  415. env: []
  416. livenessProbe:
  417. failureThreshold: 30
  418. tcpSocket:
  419. port: rdp
  420. readinessProbe:
  421. failureThreshold: 30
  422. tcpSocket:
  423. port: rdp
  424. podSecurityContext: {}
  425. # fsGroup: 2000
  426. securityContext: {}
  427. # capabilities:
  428. # drop:
  429. # - ALL
  430. # readOnlyRootFilesystem: true
  431. # runAsNonRoot: true
  432. # runAsUser: 1000
  433. service:
  434. type: ClusterIP
  435. rdp:
  436. port: 3389
  437. resources: {}
  438. # We usually recommend not to specify default resources and to leave this as a conscious
  439. # choice for the user. This also increases chances charts run on environments with little
  440. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  441. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  442. # limits:
  443. # cpu: 100m
  444. # memory: 128Mi
  445. # requests:
  446. # cpu: 100m
  447. # memory: 128Mi
  448. persistence:
  449. storageClassName: jumpserver-data
  450. accessModes:
  451. - ReadWriteMany
  452. size: 50Gi
  453. # annotations: {}
  454. finalizers:
  455. - kubernetes.io/pvc-protection
  456. volumeMounts: []
  457. volumes: []
  458. nodeSelector: {}
  459. tolerations: []
  460. affinity: {}
  461. web:
  462. enabled: true
  463. labels:
  464. app.jumpserver.org/name: jms-web
  465. replicaCount: 1
  466. image:
  467. registry: docker.io
  468. repository: jumpserver/web
  469. tag: v2.28.7
  470. pullPolicy: IfNotPresent
  471. command: []
  472. env: []
  473. # nginx client_max_body_size, default 4G
  474. # CLIENT_MAX_BODY_SIZE: 4096m
  475. livenessProbe:
  476. failureThreshold: 30
  477. httpGet:
  478. path: /api/health/
  479. port: web
  480. readinessProbe:
  481. failureThreshold: 30
  482. httpGet:
  483. path: /api/health/
  484. port: web
  485. podSecurityContext: {}
  486. # fsGroup: 2000
  487. securityContext: {}
  488. # capabilities:
  489. # drop:
  490. # - ALL
  491. # readOnlyRootFilesystem: true
  492. # runAsNonRoot: true
  493. # runAsUser: 1000
  494. service:
  495. type: ClusterIP
  496. web:
  497. port: 80
  498. resources: {}
  499. # We usually recommend not to specify default resources and to leave this as a conscious
  500. # choice for the user. This also increases chances charts run on environments with little
  501. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  502. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  503. # limits:
  504. # cpu: 100m
  505. # memory: 128Mi
  506. # requests:
  507. # cpu: 100m
  508. # memory: 128Mi
  509. persistence:
  510. storageClassName: jumpserver-data
  511. accessModes:
  512. - ReadWriteMany
  513. size: 1Gi
  514. # annotations: {}
  515. finalizers:
  516. - kubernetes.io/pvc-protection
  517. volumeMounts: []
  518. volumes: []
  519. nodeSelector: {}
  520. tolerations: []
  521. affinity: {}
  1. # 安装
  2. helm install jms-k8s jumpserver/jumpserver -n default -f values.yaml
  3. # 卸载
  4. helm uninstall jms-k8s -n default

离线部署

离线包解压需要 tar 命令, 参考 环境要求 手动安装

OS/ArchArchitectureLinux KernelOffline Name
linux/amd64x86_64>= 4.0jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz
linux/arm64aarch64>= 4.0jumpserver-offline-installer-v2.28.7-arm64-2.tar.gz
linux/loong64loongarch64== 4.19jumpserver-offline-installer-v2.28.7-loong64-2.tar.gz

linux/amd64linux/arm64linux/loong64

从飞致云社区 下载最新的 linux/amd64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. tar -xf jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz
  3. cd jumpserver-offline-installer-v2.28.7-amd64-2
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, 如果使用外置数据库, 请输入正确的 MySQL 信息
  12. DB_HOST=mysql
  13. DB_PORT=3306
  14. DB_USER=root
  15. DB_PASSWORD=
  16. DB_NAME=jumpserver
  17. ## Redis 配置, 如果使用外置数据库, 请输入正确的 Redis 信息
  18. REDIS_HOST=redis
  19. REDIS_PORT=6379
  20. REDIS_PASSWORD=
  21. # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改
  22. DOCKER_SUBNET=192.168.250.0/24
  23. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  24. USE_IPV6=0
  25. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  26. ## 访问配置
  27. HTTP_PORT=80
  28. SSH_PORT=2222
  29. RDP_PORT=3389
  30. MAGNUS_PORTS=30000-30100
  31. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  32. # HTTPS_PORT=443
  33. # SERVER_NAME=your_domain_name
  34. # SSL_CERTIFICATE=your_cert
  35. # SSL_CERTIFICATE_KEY=your_cert_key
  36. ## Nginx 文件上传大小
  37. CLIENT_MAX_BODY_SIZE=4096m
  38. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  39. USE_TASK=1
  40. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  41. # SESSION_COOKIE_AGE=86400
  42. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  43. # Koko Lion XRDP 组件配置
  44. CORE_HOST=http://core:8080
  45. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  46. ## 终端使用宿主 HOSTNAME 标识
  47. SERVER_HOSTNAME=${HOSTNAME}
  48. # 额外的配置
  49. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start

安装完成后配置文件 /opt/jumpserver/config/config.txt

  1. cd jumpserver-offline-release-v2.28.7-amd64-2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

从飞致云社区 下载最新的 linux/arm64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. tar -xf jumpserver-offline-installer-v2.28.7-arm64-2.tar.gz
  3. cd jumpserver-offline-installer-v2.28.7-arm64-2
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, 如果使用外置数据库, 请输入正确的 MySQL 信息
  12. DB_HOST=mysql
  13. DB_PORT=3306
  14. DB_USER=root
  15. DB_PASSWORD=
  16. DB_NAME=jumpserver
  17. ## Redis 配置, 如果使用外置数据库, 请输入正确的 Redis 信息
  18. REDIS_HOST=redis
  19. REDIS_PORT=6379
  20. REDIS_PASSWORD=
  21. # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改
  22. DOCKER_SUBNET=192.168.250.0/24
  23. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  24. USE_IPV6=0
  25. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  26. ## 访问配置
  27. HTTP_PORT=80
  28. SSH_PORT=2222
  29. RDP_PORT=3389
  30. MAGNUS_PORTS=30000-30100
  31. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  32. # HTTPS_PORT=443
  33. # SERVER_NAME=your_domain_name
  34. # SSL_CERTIFICATE=your_cert
  35. # SSL_CERTIFICATE_KEY=your_cert_key
  36. ## Nginx 文件上传大小
  37. CLIENT_MAX_BODY_SIZE=4096m
  38. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  39. USE_TASK=1
  40. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  41. # SESSION_COOKIE_AGE=86400
  42. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  43. # Koko Lion XRDP 组件配置
  44. CORE_HOST=http://core:8080
  45. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  46. ## 终端使用宿主 HOSTNAME 标识
  47. SERVER_HOSTNAME=${HOSTNAME}
  48. # 额外的配置
  49. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start

安装完成后配置文件 /opt/jumpserver/config/config.txt

  1. cd jumpserver-offline-release-v2.28.7-arm64-2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

从飞致云社区 下载最新的 linux/loong64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. tar -xf jumpserver-offline-installer-v2.28.7-loong64-2.tar.gz
  3. cd jumpserver-offline-installer-v2.28.7-loong64-2
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, 如果使用外置数据库, 请输入正确的 MySQL 信息
  12. DB_HOST=mysql
  13. DB_PORT=3306
  14. DB_USER=root
  15. DB_PASSWORD=
  16. DB_NAME=jumpserver
  17. ## Redis 配置, 如果使用外置数据库, 请输入正确的 Redis 信息
  18. REDIS_HOST=redis
  19. REDIS_PORT=6379
  20. REDIS_PASSWORD=
  21. # JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改
  22. DOCKER_SUBNET=192.168.250.0/24
  23. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  24. USE_IPV6=0
  25. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  26. ## 访问配置
  27. HTTP_PORT=80
  28. SSH_PORT=2222
  29. RDP_PORT=3389
  30. MAGNUS_PORTS=30000-30100
  31. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  32. # HTTPS_PORT=443
  33. # SERVER_NAME=your_domain_name
  34. # SSL_CERTIFICATE=your_cert
  35. # SSL_CERTIFICATE_KEY=your_cert_key
  36. ## Nginx 文件上传大小
  37. CLIENT_MAX_BODY_SIZE=4096m
  38. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  39. USE_TASK=1
  40. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  41. # SESSION_COOKIE_AGE=86400
  42. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  43. # Koko Lion XRDP 组件配置
  44. CORE_HOST=http://core:8080
  45. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  46. ## 终端使用宿主 HOSTNAME 标识
  47. SERVER_HOSTNAME=${HOSTNAME}
  48. # 额外的配置
  49. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start

安装完成后配置文件 /opt/jumpserver/config/config.txt

  1. cd jumpserver-offline-release-v2.28.7-loong64-2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

更多内容参考 安全建议 快速入门