安装文档

安装方式

根据实机环境选择安装方式,支持 在线安装离线安装,安装过程可以参考 安装演示视频

环境要求

OS/ArchArchitectureLinux KernelSoft Requirement
linux/amd64x86_64>= 4.0wget curl tar gettext iptables python
linux/arm64aarch64>= 4.0wget curl tar gettext iptables python
linux/loong64loongarch64== 4.19wget curl tar gettext iptables python

外置环境要求

  • 推荐使用外置 数据库 和 Redis,方便日后扩展升级
NameVersionDefault CharsetDefault collationTLS/SSL
MySQL>= 5.7utf8utf8_general_ci安装部署 - 图1
MariaDB>= 10.2utf8mb3utf8mb3_general_ci安装部署 - 图2
NameVersionSentinelClusterTLS/SSL
Redis>= 5.0安装部署 - 图3安装部署 - 图4安装部署 - 图5

在线安装

可以使用由 华为云 提供的容器镜像服务 ❤

区域镜像仓库地址配置文件 /opt/jumpserver/config/config.txtKubernetes values.yamlOS/ARCH
华北-北京一swr.cn-north-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-north-1.myhuaweicloud.comrepository: swr.cn-north-1.myhuaweicloud.comlinux/amd64
华南-广州swr.cn-south-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.comrepository: swr.cn-south-1.myhuaweicloud.comlinux/amd64
华北-北京四swr.cn-north-4.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-north-4.myhuaweicloud.comrepository: swr.cn-north-4.myhuaweicloud.comlinux/arm64
华东-上海一swr.cn-east-3.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.comrepository: swr.cn-east-3.myhuaweicloud.comlinux/arm64
西南-贵阳一swr.cn-southwest-2.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.ap-southeast-1.myhuaweicloud.comrepository: swr.ap-southeast-1.myhuaweicloud.comlinux/loong64

一键部署手动部署Helm源码部署Allinone

  1. # 默认会安装到 /opt/jumpserver-installer-v2.26.0 目录
  2. curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.26.0/quick_start.sh | bash
  3. cd /opt/jumpserver-installer-v2.26.0
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd /opt/jumpserver-installer-v2.26.0
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h
  1. cd /opt
  2. wget https://github.com/jumpserver/installer/releases/download/v2.26.0/jumpserver-installer-v2.26.0.tar.gz
  3. tar -xf jumpserver-installer-v2.26.0.tar.gz
  4. cd jumpserver-installer-v2.26.0
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. DOCKER_DIR=/var/lib/docker
  9. SECRET_KEY=
  10. BOOTSTRAP_TOKEN=
  11. LOG_LEVEL=ERROR
  12. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  13. USE_EXTERNAL_MYSQL=0
  14. DB_HOST=mysql
  15. DB_PORT=3306
  16. DB_USER=root
  17. DB_PASSWORD=
  18. DB_NAME=jumpserver
  19. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  20. USE_EXTERNAL_REDIS=0
  21. REDIS_HOST=redis
  22. REDIS_PORT=6379
  23. REDIS_PASSWORD=
  24. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  25. COMPOSE_PROJECT_NAME=jms
  26. COMPOSE_HTTP_TIMEOUT=3600
  27. DOCKER_CLIENT_TIMEOUT=3600
  28. DOCKER_SUBNET=192.168.250.0/24
  29. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  30. USE_IPV6=0
  31. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  32. ## 访问配置
  33. HTTP_PORT=80
  34. SSH_PORT=2222
  35. MAGNUS_MYSQL_PORT=33060
  36. MAGNUS_MARIADB_PORT=33061
  37. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  38. # USE_LB=1
  39. # HTTPS_PORT=443
  40. # SERVER_NAME=your_domain_name
  41. # SSL_CERTIFICATE=your_cert
  42. # SSL_CERTIFICATE_KEY=your_cert_key
  43. ## Nginx 文件上传大小
  44. CLIENT_MAX_BODY_SIZE=4096m
  45. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  46. USE_TASK=1
  47. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  48. USE_XPACK=0
  49. RDP_PORT=3389
  50. MAGNUS_POSTGRE_PORT=54320
  51. TCP_SEND_BUFFER_BYTES=4194304
  52. TCP_RECV_BUFFER_BYTES=6291456
  53. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  54. # SESSION_COOKIE_AGE=86400
  55. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  56. # Koko Lion XRDP 组件配置
  57. CORE_HOST=http://core:8080
  58. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  59. ## 终端使用宿主 HOSTNAME 标识
  60. SERVER_HOSTNAME=${HOSTNAME}
  61. # 额外的配置
  62. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd /opt/jumpserver-installer-v2.26.0
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h
  1. helm repo add jumpserver https://jumpserver.github.io/helm-charts
  2. helm repo list
  3. vi values.yaml
  1. # 模板 https://github.com/jumpserver/helm-charts/blob/main/charts/jumpserver/values.yaml
  2. # Default values for jumpserver.
  3. # This is a YAML-formatted file.
  4. # Declare variables to be passed into your templates.
  5. nameOverride: ""
  6. fullnameOverride: ""
  7. ## @param global.imageRegistry Global Docker image registry
  8. ## @param global.imagePullSecrets Global Docker registry secret names as an array
  9. ## @param global.storageClass Global StorageClass for Persistent Volume(s)
  10. ## @param global.redis.password Global Redis™ password (overrides `auth.password`)
  11. ##
  12. global:
  13. imageRegistry: "docker.io" # 国内可以使用华为云加速
  14. imageTag: v2.26.0 # 版本号
  15. ## E.g.
  16. # imagePullSecrets:
  17. # - name: harborsecret
  18. #
  19. # storageClass: "jumpserver-data"
  20. ##
  21. imagePullSecrets: []
  22. # - name: yourSecretKey
  23. storageClass: "" # (*必填) NFS SC
  24. ## Please configure your MySQL server first
  25. ## Jumpserver will not start the external MySQL server.
  26. ##
  27. externalDatabase: # (*必填) 数据库相关设置
  28. engine: mysql
  29. host: localhost
  30. port: 3306
  31. user: root
  32. password: ""
  33. database: jumpserver
  34. ## Please configure your Redis server first
  35. ## Jumpserver will not start the external Redis server.
  36. ##
  37. externalRedis: # (*必填) Redis 设置
  38. host: localhost
  39. port: 6379
  40. password: ""
  41. serviceAccount:
  42. # Specifies whether a service account should be created
  43. create: false
  44. # The name of the service account to use.
  45. # If not set and create is true, a name is generated using the fullname template
  46. name:
  47. ingress:
  48. enabled: true # 不使用 ingress 可以关闭
  49. annotations:
  50. # kubernetes.io/tls-acme: "true"
  51. compute-full-forwarded-for: "true"
  52. use-forwarded-headers: "true"
  53. kubernetes.io/ingress.class: nginx
  54. nginx.ingress.kubernetes.io/configuration-snippet: |
  55. proxy_set_header Upgrade "websocket";
  56. proxy_set_header Connection "Upgrade";
  57. hosts:
  58. - "test.jumpserver.org" # 对外域名
  59. tls: []
  60. # - secretName: chart-example-tls
  61. # hosts:
  62. # - chart-example.local
  63. core:
  64. enabled: true
  65. labels:
  66. app.jumpserver.org/name: jms-core
  67. config:
  68. # Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
  69. # secretKey: "B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy"
  70. secretKey: "" # (*必填) 加密敏感信息的 secret_key, 长度推荐大于 50 位
  71. # Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
  72. # bootstrapToken: "7Q11Vz6R2J6BLAdO"
  73. bootstrapToken: "" # (*必填) 组件认证使用的 token, 长度推荐大于 24 位
  74. # Enabled it for debug
  75. debug: false
  76. log:
  77. level: ERROR
  78. replicaCount: 1
  79. image:
  80. registry: docker.io
  81. repository: jumpserver/core
  82. tag: v2.26.0
  83. pullPolicy: IfNotPresent
  84. command: []
  85. env:
  86. # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
  87. SESSION_EXPIRE_AT_BROWSER_CLOSE: true
  88. # SESSION_COOKIE_AGE: 86400
  89. # SECURITY_VIEW_AUTH_NEED_MFA: true
  90. livenessProbe:
  91. failureThreshold: 30
  92. httpGet:
  93. path: /api/health/
  94. port: web
  95. readinessProbe:
  96. failureThreshold: 30
  97. httpGet:
  98. path: /api/health/
  99. port: web
  100. podSecurityContext: {}
  101. # fsGroup: 2000
  102. securityContext: {}
  103. # capabilities:
  104. # drop:
  105. # - ALL
  106. # readOnlyRootFilesystem: true
  107. # runAsNonRoot: true
  108. # runAsUser: 1000
  109. service:
  110. type: ClusterIP
  111. web:
  112. port: 8080
  113. ws:
  114. port: 8070
  115. resources: {}
  116. # We usually recommend not to specify default resources and to leave this as a conscious
  117. # choice for the user. This also increases chances charts run on environments with little
  118. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  119. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  120. # limits:
  121. # cpu: 1000m
  122. # memory: 2048Mi
  123. # requests:
  124. # cpu: 500m
  125. # memory: 1024Mi
  126. persistence:
  127. storageClassName: jumpserver-data
  128. accessModes:
  129. - ReadWriteMany
  130. size: 100Gi
  131. # annotations: {}
  132. finalizers:
  133. - kubernetes.io/pvc-protection
  134. # subPath: ""
  135. # existingClaim:
  136. volumeMounts: []
  137. volumes: []
  138. nodeSelector: {}
  139. tolerations: []
  140. affinity: {}
  141. koko:
  142. enabled: true
  143. labels:
  144. app.jumpserver.org/name: jms-koko
  145. config:
  146. log:
  147. level: ERROR
  148. replicaCount: 1
  149. image:
  150. registry: docker.io
  151. repository: jumpserver/koko
  152. tag: v2.26.0
  153. pullPolicy: IfNotPresent
  154. command: []
  155. env: []
  156. # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko
  157. # LANGUAGE_CODE: zh
  158. # REUSE_CONNECTION: true
  159. # ENABLE_LOCAL_PORT_FORWARD: true
  160. # ENABLE_VSCODE_SUPPORT: true
  161. livenessProbe:
  162. failureThreshold: 30
  163. httpGet:
  164. path: /koko/health/
  165. port: web
  166. readinessProbe:
  167. failureThreshold: 30
  168. httpGet:
  169. path: /koko/health/
  170. port: web
  171. podSecurityContext: {}
  172. # fsGroup: 2000
  173. securityContext:
  174. privileged: true
  175. # capabilities:
  176. # drop:
  177. # - ALL
  178. # readOnlyRootFilesystem: true
  179. # runAsNonRoot: true
  180. # runAsUser: 1000
  181. service:
  182. type: ClusterIP
  183. web:
  184. port: 5000
  185. ssh:
  186. port: 2222
  187. resources: {}
  188. # We usually recommend not to specify default resources and to leave this as a conscious
  189. # choice for the user. This also increases chances charts run on environments with little
  190. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  191. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  192. # limits:
  193. # cpu: 100m
  194. # memory: 128Mi
  195. # requests:
  196. # cpu: 100m
  197. # memory: 128Mi
  198. persistence:
  199. storageClassName: jumpserver-data
  200. accessModes:
  201. - ReadWriteMany
  202. size: 10Gi
  203. # annotations: {}
  204. finalizers:
  205. - kubernetes.io/pvc-protection
  206. volumeMounts: []
  207. volumes: []
  208. nodeSelector: {}
  209. tolerations: []
  210. affinity: {}
  211. lion:
  212. enabled: true
  213. labels:
  214. app.jumpserver.org/name: jms-lion
  215. config:
  216. log:
  217. level: ERROR
  218. replicaCount: 1
  219. image:
  220. registry: docker.io
  221. repository: jumpserver/lion
  222. tag: v2.26.0
  223. pullPolicy: IfNotPresent
  224. command: []
  225. env:
  226. # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion
  227. JUMPSERVER_ENABLE_FONT_SMOOTHING: true
  228. # JUMPSERVER_COLOR_DEPTH: 32
  229. # JUMPSERVER_ENABLE_WALLPAPER: true
  230. # JUMPSERVER_ENABLE_THEMING: true
  231. # JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true
  232. # JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true
  233. # JUMPSERVER_ENABLE_MENU_ANIMATIONS: true
  234. livenessProbe:
  235. failureThreshold: 30
  236. httpGet:
  237. path: /lion/health/
  238. port: web
  239. readinessProbe:
  240. failureThreshold: 30
  241. httpGet:
  242. path: /lion/health/
  243. port: web
  244. podSecurityContext: {}
  245. # fsGroup: 2000
  246. securityContext: {}
  247. # capabilities:
  248. # drop:
  249. # - ALL
  250. # readOnlyRootFilesystem: true
  251. # runAsNonRoot: true
  252. # runAsUser: 1000
  253. service:
  254. type: ClusterIP
  255. web:
  256. port: 8081
  257. resources: {}
  258. # We usually recommend not to specify default resources and to leave this as a conscious
  259. # choice for the user. This also increases chances charts run on environments with little
  260. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  261. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  262. # limits:
  263. # cpu: 100m
  264. # memory: 512Mi
  265. # requests:
  266. # cpu: 100m
  267. # memory: 512Mi
  268. persistence:
  269. storageClassName: jumpserver-data
  270. accessModes:
  271. - ReadWriteMany
  272. size: 50Gi
  273. # annotations: {}
  274. finalizers:
  275. - kubernetes.io/pvc-protection
  276. volumeMounts: []
  277. volumes: []
  278. nodeSelector: {}
  279. tolerations: []
  280. affinity: {}
  281. magnus:
  282. enabled: true
  283. labels:
  284. app.jumpserver.org/name: jms-magnus
  285. config:
  286. log:
  287. level: ERROR
  288. replicaCount: 1
  289. image:
  290. registry: docker.io
  291. repository: jumpserver/magnus
  292. tag: v2.21.0
  293. pullPolicy: IfNotPresent
  294. command: []
  295. env: []
  296. livenessProbe:
  297. failureThreshold: 30
  298. tcpSocket:
  299. port: mysql
  300. readinessProbe:
  301. failureThreshold: 30
  302. tcpSocket:
  303. port: mysql
  304. podSecurityContext: {}
  305. # fsGroup: 2000
  306. securityContext: {}
  307. # capabilities:
  308. # drop:
  309. # - ALL
  310. # readOnlyRootFilesystem: true
  311. # runAsNonRoot: true
  312. # runAsUser: 1000
  313. service:
  314. type: ClusterIP
  315. mysql:
  316. port: 33060
  317. mariadb:
  318. port: 33061
  319. postgre:
  320. port: 54320
  321. resources: {}
  322. # We usually recommend not to specify default resources and to leave this as a conscious
  323. # choice for the user. This also increases chances charts run on environments with little
  324. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  325. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  326. # limits:
  327. # cpu: 100m
  328. # memory: 512Mi
  329. # requests:
  330. # cpu: 100m
  331. # memory: 512Mi
  332. persistence:
  333. storageClassName: jumpserver-data
  334. accessModes:
  335. - ReadWriteMany
  336. size: 10Gi
  337. # annotations: {}
  338. finalizers:
  339. - kubernetes.io/pvc-protection
  340. volumeMounts: []
  341. volumes: []
  342. nodeSelector: {}
  343. tolerations: []
  344. affinity: {}
  345. xpack:
  346. enabled: false # 企业版本打开此选项
  347. omnidb:
  348. labels:
  349. app.jumpserver.org/name: jms-omnidb
  350. config:
  351. log:
  352. level: ERROR
  353. replicaCount: 1
  354. image:
  355. registry: registry.fit2cloud.com
  356. repository: jumpserver/omnidb
  357. tag: v2.26.0
  358. pullPolicy: IfNotPresent
  359. command: []
  360. env: []
  361. livenessProbe:
  362. failureThreshold: 30
  363. tcpSocket:
  364. port: web
  365. readinessProbe:
  366. failureThreshold: 30
  367. tcpSocket:
  368. port: web
  369. podSecurityContext: {}
  370. # fsGroup: 2000
  371. securityContext: {}
  372. # capabilities:
  373. # drop:
  374. # - ALL
  375. # readOnlyRootFilesystem: true
  376. # runAsNonRoot: true
  377. # runAsUser: 1000
  378. service:
  379. type: ClusterIP
  380. web:
  381. port: 8082
  382. resources: {}
  383. # We usually recommend not to specify default resources and to leave this as a conscious
  384. # choice for the user. This also increases chances charts run on environments with little
  385. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  386. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  387. # limits:
  388. # cpu: 100m
  389. # memory: 128Mi
  390. # requests:
  391. # cpu: 100m
  392. # memory: 128Mi
  393. persistence:
  394. storageClassName: jumpserver-data
  395. accessModes:
  396. - ReadWriteMany
  397. size: 10Gi
  398. # annotations: {}
  399. finalizers:
  400. - kubernetes.io/pvc-protection
  401. volumeMounts: []
  402. volumes: []
  403. nodeSelector: {}
  404. tolerations: []
  405. affinity: {}
  406. razor:
  407. labels:
  408. app.jumpserver.org/name: jms-razor
  409. config:
  410. log:
  411. level: ERROR
  412. replicaCount: 1
  413. image:
  414. registry: registry.fit2cloud.com
  415. repository: jumpserver/razor
  416. tag: v2.26.0
  417. pullPolicy: IfNotPresent
  418. command: []
  419. env: []
  420. livenessProbe:
  421. failureThreshold: 30
  422. tcpSocket:
  423. port: rdp
  424. readinessProbe:
  425. failureThreshold: 30
  426. tcpSocket:
  427. port: rdp
  428. podSecurityContext: {}
  429. # fsGroup: 2000
  430. securityContext: {}
  431. # capabilities:
  432. # drop:
  433. # - ALL
  434. # readOnlyRootFilesystem: true
  435. # runAsNonRoot: true
  436. # runAsUser: 1000
  437. service:
  438. type: ClusterIP
  439. rdp:
  440. port: 3389
  441. resources: {}
  442. # We usually recommend not to specify default resources and to leave this as a conscious
  443. # choice for the user. This also increases chances charts run on environments with little
  444. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  445. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  446. # limits:
  447. # cpu: 100m
  448. # memory: 128Mi
  449. # requests:
  450. # cpu: 100m
  451. # memory: 128Mi
  452. persistence:
  453. storageClassName: jumpserver-data
  454. accessModes:
  455. - ReadWriteMany
  456. size: 50Gi
  457. # annotations: {}
  458. finalizers:
  459. - kubernetes.io/pvc-protection
  460. volumeMounts: []
  461. volumes: []
  462. nodeSelector: {}
  463. tolerations: []
  464. affinity: {}
  465. web:
  466. enabled: true
  467. labels:
  468. app.jumpserver.org/name: jms-web
  469. replicaCount: 1
  470. image:
  471. registry: docker.io
  472. repository: jumpserver/web
  473. tag: v2.26.0
  474. pullPolicy: IfNotPresent
  475. command: []
  476. env: []
  477. # nginx client_max_body_size, default 4G
  478. # CLIENT_MAX_BODY_SIZE: 4096m
  479. livenessProbe:
  480. failureThreshold: 30
  481. httpGet:
  482. path: /api/health/
  483. port: web
  484. readinessProbe:
  485. failureThreshold: 30
  486. httpGet:
  487. path: /api/health/
  488. port: web
  489. podSecurityContext: {}
  490. # fsGroup: 2000
  491. securityContext: {}
  492. # capabilities:
  493. # drop:
  494. # - ALL
  495. # readOnlyRootFilesystem: true
  496. # runAsNonRoot: true
  497. # runAsUser: 1000
  498. service:
  499. type: ClusterIP
  500. web:
  501. port: 80
  502. resources: {}
  503. # We usually recommend not to specify default resources and to leave this as a conscious
  504. # choice for the user. This also increases chances charts run on environments with little
  505. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  506. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  507. # limits:
  508. # cpu: 100m
  509. # memory: 128Mi
  510. # requests:
  511. # cpu: 100m
  512. # memory: 128Mi
  513. persistence:
  514. storageClassName: jumpserver-data
  515. accessModes:
  516. - ReadWriteMany
  517. size: 1Gi
  518. # annotations: {}
  519. finalizers:
  520. - kubernetes.io/pvc-protection
  521. volumeMounts: []
  522. volumes: []
  523. nodeSelector: {}
  524. tolerations: []
  525. affinity: {}
  1. # 安装
  2. helm install jms-k8s jumpserver/jumpserver -n default -f values.yaml
  3. # 卸载
  4. helm uninstall jms-k8s -n default

离线安装

OS/ArchArchitectureLinux KernelOffline Name
linux/amd64x86_64>= 4.0jumpserver-offline-installer-v2.26.0-amd64-87.tar.gz
linux/arm64aarch64>= 4.0jumpserver-offline-installer-v2.26.0-arm64-87.tar.gz
linux/loong64loongarch64== 4.19jumpserver-offline-installer-v2.26.0-loong64-87.tar.gz

linux/amd64linux/arm64linux/loong64

从飞致云社区 下载最新的 linux/amd64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. tar -xf jumpserver-offline-installer-v2.26.0-amd64-87.tar.gz
  3. cd jumpserver-offline-installer-v2.26.0-amd64-87
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. DOCKER_DIR=/var/lib/docker
  9. SECRET_KEY=
  10. BOOTSTRAP_TOKEN=
  11. LOG_LEVEL=ERROR
  12. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  13. USE_EXTERNAL_MYSQL=0
  14. DB_HOST=mysql
  15. DB_PORT=3306
  16. DB_USER=root
  17. DB_PASSWORD=
  18. DB_NAME=jumpserver
  19. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  20. USE_EXTERNAL_REDIS=0
  21. REDIS_HOST=redis
  22. REDIS_PORT=6379
  23. REDIS_PASSWORD=
  24. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  25. COMPOSE_PROJECT_NAME=jms
  26. COMPOSE_HTTP_TIMEOUT=3600
  27. DOCKER_CLIENT_TIMEOUT=3600
  28. DOCKER_SUBNET=192.168.250.0/24
  29. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  30. USE_IPV6=0
  31. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  32. ## 访问配置
  33. HTTP_PORT=80
  34. SSH_PORT=2222
  35. MAGNUS_MYSQL_PORT=33060
  36. MAGNUS_MARIADB_PORT=33061
  37. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  38. # USE_LB=1
  39. # HTTPS_PORT=443
  40. # SERVER_NAME=your_domain_name
  41. # SSL_CERTIFICATE=your_cert
  42. # SSL_CERTIFICATE_KEY=your_cert_key
  43. ## Nginx 文件上传大小
  44. CLIENT_MAX_BODY_SIZE=4096m
  45. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  46. USE_TASK=1
  47. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  48. USE_XPACK=0
  49. RDP_PORT=3389
  50. MAGNUS_POSTGRE_PORT=54320
  51. TCP_SEND_BUFFER_BYTES=4194304
  52. TCP_RECV_BUFFER_BYTES=6291456
  53. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  54. # SESSION_COOKIE_AGE=86400
  55. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  56. # Koko Lion XRDP 组件配置
  57. CORE_HOST=http://core:8080
  58. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  59. ## 终端使用宿主 HOSTNAME 标识
  60. SERVER_HOSTNAME=${HOSTNAME}
  61. # 额外的配置
  62. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd jumpserver-offline-release-v2.26.0-amd64-87
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

从飞致云社区 下载最新的 linux/arm64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. tar -xf jumpserver-offline-installer-v2.26.0-arm64-87.tar.gz
  3. cd jumpserver-offline-installer-v2.26.0-arm64-87
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. DOCKER_DIR=/var/lib/docker
  9. SECRET_KEY=
  10. BOOTSTRAP_TOKEN=
  11. LOG_LEVEL=ERROR
  12. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  13. USE_EXTERNAL_MYSQL=0
  14. DB_HOST=mysql
  15. DB_PORT=3306
  16. DB_USER=root
  17. DB_PASSWORD=
  18. DB_NAME=jumpserver
  19. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  20. USE_EXTERNAL_REDIS=0
  21. REDIS_HOST=redis
  22. REDIS_PORT=6379
  23. REDIS_PASSWORD=
  24. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  25. COMPOSE_PROJECT_NAME=jms
  26. COMPOSE_HTTP_TIMEOUT=3600
  27. DOCKER_CLIENT_TIMEOUT=3600
  28. DOCKER_SUBNET=192.168.250.0/24
  29. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  30. USE_IPV6=0
  31. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  32. ## 访问配置
  33. HTTP_PORT=80
  34. SSH_PORT=2222
  35. MAGNUS_MYSQL_PORT=33060
  36. MAGNUS_MARIADB_PORT=33061
  37. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  38. # USE_LB=1
  39. # HTTPS_PORT=443
  40. # SERVER_NAME=your_domain_name
  41. # SSL_CERTIFICATE=your_cert
  42. # SSL_CERTIFICATE_KEY=your_cert_key
  43. ## Nginx 文件上传大小
  44. CLIENT_MAX_BODY_SIZE=4096m
  45. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  46. USE_TASK=1
  47. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  48. USE_XPACK=0
  49. RDP_PORT=3389
  50. MAGNUS_POSTGRE_PORT=54320
  51. TCP_SEND_BUFFER_BYTES=4194304
  52. TCP_RECV_BUFFER_BYTES=6291456
  53. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  54. # SESSION_COOKIE_AGE=86400
  55. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  56. # Koko Lion XRDP 组件配置
  57. CORE_HOST=http://core:8080
  58. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  59. ## 终端使用宿主 HOSTNAME 标识
  60. SERVER_HOSTNAME=${HOSTNAME}
  61. # 额外的配置
  62. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd jumpserver-offline-release-v2.26.0-arm64-87
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

从飞致云社区 下载最新的 linux/loong64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. tar -xf jumpserver-offline-installer-v2.26.0-loong64-87.tar.gz
  3. cd jumpserver-offline-installer-v2.26.0-loong64-87
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## Docker 镜像配置
  5. # DOCKER_IMAGE_MIRROR=1
  6. ## 安装配置
  7. VOLUME_DIR=/opt/jumpserver
  8. DOCKER_DIR=/var/lib/docker
  9. SECRET_KEY=
  10. BOOTSTRAP_TOKEN=
  11. LOG_LEVEL=ERROR
  12. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  13. USE_EXTERNAL_MYSQL=0
  14. DB_HOST=mysql
  15. DB_PORT=3306
  16. DB_USER=root
  17. DB_PASSWORD=
  18. DB_NAME=jumpserver
  19. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  20. USE_EXTERNAL_REDIS=0
  21. REDIS_HOST=redis
  22. REDIS_PORT=6379
  23. REDIS_PASSWORD=
  24. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  25. COMPOSE_PROJECT_NAME=jms
  26. COMPOSE_HTTP_TIMEOUT=3600
  27. DOCKER_CLIENT_TIMEOUT=3600
  28. DOCKER_SUBNET=192.168.250.0/24
  29. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  30. USE_IPV6=0
  31. DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
  32. ## 访问配置
  33. HTTP_PORT=80
  34. SSH_PORT=2222
  35. MAGNUS_MYSQL_PORT=33060
  36. MAGNUS_MARIADB_PORT=33061
  37. ## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
  38. # USE_LB=1
  39. # HTTPS_PORT=443
  40. # SERVER_NAME=your_domain_name
  41. # SSL_CERTIFICATE=your_cert
  42. # SSL_CERTIFICATE_KEY=your_cert_key
  43. ## Nginx 文件上传大小
  44. CLIENT_MAX_BODY_SIZE=4096m
  45. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  46. USE_TASK=1
  47. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  48. USE_XPACK=0
  49. RDP_PORT=3389
  50. MAGNUS_POSTGRE_PORT=54320
  51. TCP_SEND_BUFFER_BYTES=4194304
  52. TCP_RECV_BUFFER_BYTES=6291456
  53. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=True 表示关闭浏览器即 session 过期
  54. # SESSION_COOKIE_AGE=86400
  55. SESSION_EXPIRE_AT_BROWSER_CLOSE=True
  56. # Koko Lion XRDP 组件配置
  57. CORE_HOST=http://core:8080
  58. JUMPSERVER_ENABLE_FONT_SMOOTHING=True
  59. ## 终端使用宿主 HOSTNAME 标识
  60. SERVER_HOSTNAME=${HOSTNAME}
  61. # 额外的配置
  62. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd jumpserver-offline-release-v2.26.0-loong64-87
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

更多内容参考 安全建议 快速入门