Step‑by‑Step Deployment of JumpServer with MariaDB, Redis, and Docker

JumpServer is a bastion‑host solution that lets users securely access internal servers from the Internet while providing audit, permission, and session‑recording features, addressing the security shortcomings of plain OpenVPN.

Architecture : The document shows a diagram (image omitted) illustrating JumpServer, a MariaDB instance, and a Redis cache deployed on separate nodes.

1. Install MariaDB on node02 :

[root@node02 ~]# cat /etc/yum.repos.d/mariadb.repo
[mariadb]
name=mariadb repo
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.1.46/yum/centos/7/x86_64/
gpgcheck=0

[root@node02 ~]# yum install -y MariaDB-server

[root@node02 ~]# systemctl start mariadb

[root@node02 ~]# mysql -ujumpserver -padmin123.com -h192.168.0.42
MariaDB [(none)]> create database jumpserver default charset 'utf8' collate 'utf8_bin';
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'admin123.com';
MariaDB [(none)]> flush privileges;

2. Install Redis on node02 :

[root@node02 ~]# yum -y install redis
[root@node02 ~]# grep -Ei "^(bind|requirepass)" /etc/redis.conf
bind 0.0.0.0
requirepass admin123.com
[root@node02 ~]# redis-cli -h 192.168.0.42
192.168.0.42:6379> AUTH admin123.com
OK

3. Install Docker CE on node01 and configure a registry mirror:

[root@node01 ~]# cat /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[root@node01 ~]# yum install -y docker-ce
[root@node01 ~]# systemctl start docker
[root@node01 ~]# cat /etc/docker/daemon.json
{
    "registry-mirrors": ["https://registry.docker-cn.com","https://cyr1uljt.mirror.aliyuncs.com"]
}
[root@node01 ~]# systemctl restart docker

4. Deploy JumpServer container on node01:

[root@node01 ~]# docker pull jumpserver/jms_all:v2.4.0
[root@node01 ~]# mkdir -p /data/jumpserver/
[root@node01 ~]# cat key_gen.sh
#!/bin/bash
if [ ! "$SECRET_KEY" ]; then
  SECRET_KEY=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50)
  echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
  echo $SECRET_KEY
else
  echo $SECRET_KEY
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
  BOOTSTRAP_TOKEN=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16)
  echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
  echo $BOOTSTRAP_TOKEN
else
  echo $BOOTSTRAP_TOKEN
fi
[root@node01 ~]# bash key_gen.sh
wIUaeZtCbtTNUDL9igEIImALjjaMo9ygPwfMWmPZcyWD0c3K9Q
Lx15DW9xDxqOkiCq

[root@node01 ~]# docker run --name jms_all -d \
  -v /data/jumpserver/:/opt/jumpserver/data \
  -p 80:80 -p 2222:2222 \
  -e SECRET_KEY=wIUaeZtCbtTNUDL9igEIImALjjaMo9ygPwfMWmPZcyWD0c3K9Q \
  -e BOOTSTRAP_TOKEN=Lx15DW9xDxqOkiCq \
  -e DB_HOST=192.168.0.42 -e DB_PORT=3306 -e DB_USER=jumpserver -e DB_PASSWORD=admin123.com -e DB_NAME=jumpserver \
  -e REDIS_HOST=192.168.0.42 -e REDIS_PORT=6379 -e REDIS_PASSWORD=admin123.com \
  --privileged=true jumpserver/jms_all:v2.4.0

After the container starts, access JumpServer via http:// (default admin/admin). The first login forces a password reset.

5. Basic configuration inside the web UI includes setting the JumpServer URL, email server details, creating users, groups, assets, and assigning permissions so that test users can connect to the managed hosts.

Verification steps such as viewing session logs, checking asset visibility, and confirming SSH connections through the JumpServer interface are demonstrated with screenshots (omitted).

Overall, the guide provides a complete end‑to‑end workflow for deploying a secure bastion host platform, suitable for operations teams needing centralized server access and audit capabilities.