Step‑by‑Step Guide to Deploy JumpServer with Docker, MariaDB & Redis

Introduction

Previously we discussed OpenVPN deployment, which can tunnel from the Internet to an internal server but lacks user activity logging. JumpServer offers similar remote‑access capabilities with added permission management, user management, and session replay, making it a better fit for operations, development, and testing teams.

JumpServer Architecture

Server Installation

Environment

node01 – JumpServer web (IP 192.168.0.41)

node02 – MariaDB/Redis (IP 192.168.0.42)

1. Install MariaDB on node02

Create a MariaDB repo file:

[root@node02 ~]# cat /etc/yum.repos.d/mariadb.repo
[mariadb]
name=mariadb repo
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.1.46/yum/centos/7/x86_64/
gpgcheck=0

Install the server and start it:

[root@node02 ~]# yum install -y MariaDB-server
[root@node02 ~]# systemctl start mariadb

Create the JumpServer database and user:

[root@node02 ~]# mysql
MariaDB [(none)]> create database jumpserver default charset 'utf8' collate 'utf8_bin';
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'admin123.com';
MariaDB [(none)]> flush privileges;

Verify the connection:

[root@node02 ~]# mysql -ujumpserver -padmin123.com -h192.168.0.42
MariaDB [(none)]> show databases;

2. Install Redis on node02

[root@node02 ~]# yum -y install redis
[root@node02 ~]# grep -Ei "^(bind|requirepass)" /etc/redis.conf
bind 0.0.0.0
requirepass admin123.com
[root@node02 ~]# systemctl start redis

Test the password:

[root@node02 ~]# redis-cli -h 192.168.0.42
> KEYS *
(error) NOAUTH Authentication required.
> AUTH admin123.com
OK
> KEYS *

3. Install Docker on node01

Configure the Docker CE yum repo (simplified):

[root@node01 ~]# cat /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

Install and start Docker:

[root@node01 ~]# yum install -y docker-ce
[root@node01 ~]# systemctl start docker
[root@node01 ~]# docker info

Configure a registry mirror (optional):

{
  "registry-mirrors": ["https://registry.docker-cn.com","https://cyr1uljt.mirror.aliyuncs.com"]
}

Restart Docker to apply:

[root@node01 ~]# systemctl restart docker

4. Pull and Run JumpServer Container

[root@node01 ~]# docker pull jumpserver/jms_all:v2.4.0
[root@node01 ~]# docker run --name jms_all -d \
    -v /data/jumpserver/:/opt/jumpserver/data \
    -p 80:80 -p 2222:2222 \
    -e SECRET_KEY=wIUaeZtCbtTNUDL9igEIImALjjaMo9ygPwfMWmPZcyWD0c3K9Q \
    -e BOOTSTRAP_TOKEN=Lx15DW9xDxqOkiCq \
    -e DB_HOST=192.168.0.42 -e DB_PORT=3306 -e DB_USER=jumpserver \
    -e DB_PASSWORD=admin123.com -e DB_NAME=jumpserver \
    -e REDIS_HOST=192.168.0.42 -e REDIS_PORT=6379 -e REDIS_PASSWORD=admin123.com \
    --privileged=true jumpserver/jms_all:v2.4.0

Check that the container is running:

[root@node01 ~]# docker ps

Using JumpServer

Basic Settings

Set the JumpServer URL and email subject prefix in the system settings.

Email Configuration

Enter SMTP server address, username and password, then test the connection.

User Management

Create users, assign them to groups, and send the auto‑generated password‑reset email.

Asset Management

Add management users (with root or sudo NOPASSWD rights) for each target host, then create system users that will be used for actual logins.

Create assets by specifying host IP, management user, and associate them with system users.

Authorization

Grant users or groups access to specific assets or whole nodes via the permission management UI.

Session Replay

View historical sessions and replay user actions from the session management page.

After completing these steps, JumpServer is fully operational and can be accessed via http://<host‑ip>/ using the default admin credentials (admin/admin) which must be changed on first login.