How to Deploy and Manage JumpServer for Secure Remote Access
This guide walks you through installing JumpServer—a bastion host solution that adds permission control, session monitoring, and audit logging to remote server access—by setting up MariaDB and Redis, configuring Docker, generating secret keys, running the JumpServer container, and configuring users, groups, assets, and permissions.
1. Introduction
OpenVPN enables remote access to internal servers but cannot record user actions and poses security risks. JumpServer offers similar connectivity while providing permission management, user management, and session monitoring, and is usually deployed inside the internal network.
2. JumpServer Architecture Diagram
3. JumpServer Server Installation
Environment description
Node01 – JumpServer website – 192.168.0.41
Node02 – MySQL / Redis – 192.168.0.42
1. Deploy MariaDB on node02
Configure the MariaDB yum repository, install the server, disable name resolution, start the service, and create a database and user for JumpServer.
[root@node02 ~]# cat /etc/yum.repos.d/mariadb.repo
[mariadb]
name=mariadb repo
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.1.46/yum/centos/7/x86_64/
gpgcheck=0
[root@node02 ~]# yum install -y MariaDB-server
[root@node02 ~]# systemctl start mariadb
[root@node02 ~]# mysql -e "create database jumpserver default charset 'utf8' collate 'utf8_bin';"
[root@node02 ~]# mysql -e "grant all on jumpserver.* to 'jumpserver'@'%' identified by 'admin123.com';"
[root@node02 ~]# mysql -e "flush privileges;"Verify the database by connecting with JumpServer credentials:
[root@node02 ~]# mysql -ujumpserver -padmin123.com -h192.168.0.42
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| test |
+--------------------+2. Deploy Redis on node02
Install Redis, bind it to all interfaces, set a password, start the service and verify.
[root@node02 ~]# yum -y install redis
[root@node02 ~]# grep -Ei "^(bind|requirepass)" /etc/redis.conf
bind 0.0.0.0
requirepass admin123.com
[root@node02 ~]# systemctl start redis
[root@node02 ~]# redis-cli -h 192.168.0.42
192.168.0.42:6379> AUTH admin123.com
OK
192.168.0.42:6379> KEYS *
(empty list or set)3. Deploy JumpServer web container on node01
Configure the Docker‑CE yum repository, install Docker, start it, and set registry mirrors.
[root@node01 ~]# cat /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
... (other repos omitted) ...
[root@node01 ~]# yum install -y docker-ce
[root@node01 ~]# systemctl start docker
[root@node01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com","https://cyr1uljt.mirror.aliyuncs.com"]
}
[root@node01 ~]# systemctl restart dockerCreate a script to generate SECRET_KEY and BOOTSTRAP_TOKEN if they do not exist.
#!/bin/bash
if [ -z "$SECRET_KEY" ]; then
SECRET_KEY=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50)
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
fi
if [ -z "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16)
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
fiCreate a data directory and run the JumpServer container with all required environment variables.
[root@node01 ~]# mkdir -pv /data/jumpserver/
[root@node01 ~]# docker run --name jms_all -d \
-v /data/jumpserver/:/opt/jumpserver/data \
-p 80:80 -p 2222:2222 \
-e SECRET_KEY=$(cat ~/.bashrc | grep SECRET_KEY | cut -d'=' -f2) \
-e BOOTSTRAP_TOKEN=$(cat ~/.bashrc | grep BOOTSTRAP_TOKEN | cut -d'=' -f2) \
-e DB_HOST=192.168.0.42 -e DB_PORT=3306 -e DB_USER=jumpserver -e DB_PASSWORD=admin123.com -e DB_NAME=jumpserver \
-e REDIS_HOST=192.168.0.42 -e REDIS_PORT=6379 -e REDIS_PASSWORD=admin123.com \
--privileged=true jumpserver/jms_all:v2.4.0Check the container logs to confirm it is running and then access JumpServer via http://<i>node01_ip</i> on ports 80 or 2222.
4. JumpServer Usage
Basic Settings : configure the JumpServer URL and email subject prefix.
Email Server : fill in SMTP server address, username, and password, then test the connection.
User Management : create users, assign them to groups, and set initial passwords via email links.
Asset Management : add managed hosts (assets), create system users for each host, and authorize assets to users or groups.
Verification : log in as a test user, confirm access to the created assets, view session history, and inspect command execution logs.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java High-Performance Architecture
Sharing Java development articles and resources, including SSM architecture and the Spring ecosystem (Spring Boot, Spring Cloud, MyBatis, Dubbo, Docker), Zookeeper, Redis, architecture design, microservices, message queues, Git, etc.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.