diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..ce4ec9d8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,91 @@ +name: Build + +on: + push: + # Sequence of patterns matched against refs/tags + tags: + - '*' # Push events to matching v*, i.e. v1.0, v20.15.10 + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + component: [core, koko, lion, kael, chen, magnus, web] + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - name: Get Version + run: | + echo "version=$(basename ${GITHUB_REF})" >> $GITHUB_ENV + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push Image + uses: docker/build-push-action@v5 + with: + context: . + file: ${{ matrix.component }}/Dockerfile + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x + push: true + tags: | + ${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }} + ${{ github.repository_owner }}/jms_${{ matrix.component }}:latest + ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }} + ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + allinone: + needs: build + runs-on: ubuntu-latest + strategy: + matrix: + component: [all] + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - name: Get Version + run: | + echo "version=$(basename ${GITHUB_REF})" >> $GITHUB_ENV + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push Image + uses: docker/build-push-action@v5 + with: + context: ./allinone + file: ./allinone/Dockerfile + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x + push: true + tags: | + ${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }} + ${{ github.repository_owner }}/jms_${{ matrix.component }}:latest + ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }} + ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max \ No newline at end of file diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml deleted file mode 100644 index 9c80ab8c..00000000 --- a/.github/workflows/jms-build-test.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: "Run Build Test" -on: - push: - branches: - - dev - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - - - uses: docker/build-push-action@v3 - with: - context: allinone/ - push: false - tags: jumpserver/jms_all:dev - file: allinone/Dockerfile - cache-from: type=gha - cache-to: type=gha,mode=max - - - uses: LouisBrunner/checks-action@v1.5.0 - if: always() - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Check Build - conclusion: ${{ job.status }} \ No newline at end of file diff --git a/README.md b/README.md index 0b3bd021..84ffe015 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ vi .env ``` ```vim # 版本号可以自己根据项目的版本修改 -VERSION=v3.10.1 +VERSION=v3.10.2 # 构建参数, 支持 amd64/arm64/loong64 TARGETARCH=amd64 diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 4fe6e00f..f1c19593 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -1,204 +1,25 @@ -FROM jumpserver/redis:7.0-buster as redis -FROM jumpserver/guacd:1.5.3-buster as guacd -FROM jumpserver/web-static:v1.0.5 as static -FROM jumpserver/openjdk:17-slim-buster as openjdk -FROM jumpserver/python:3.11-slim-buster as get-core +FROM redis:7.0-bookworm as redis +FROM jumpserver/guacd:1.5.3-bookworm as guacd +FROM jumpserver/web-static:v1.0.6-bookworm as static +FROM jumpserver/jms_core:v3.10.2 ARG TARGETARCH -ARG DEPENDENCIES=" \ - ca-certificates \ - git \ - git-lfs \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG VERSION=v3.10.1 -ENV VERSION=$VERSION - -RUN set -ex \ - && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver \ - && sed -i "s@VERSION = .*@VERSION = \"${VERSION}\"@g" /opt/jumpserver/apps/jumpserver/const.py \ - && chmod +x /opt/jumpserver/entrypoint.sh \ - && rm -f /opt/jumpserver/Dockerfile-ce \ - && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github - -WORKDIR /opt/jumpserver - -RUN set -ex \ - && wget https://github.com/jumpserver-dev/jumpserver-patch/raw/master/core/Dockerfile-ce \ - && echo > /opt/jumpserver/config.yml \ - && cd utils \ - && bash -ixeu build.sh - -FROM jumpserver/python:3.11-slim-buster as build-core -ARG TARGETARCH - -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - freetds-dev \ - libpq-dev \ - libffi-dev \ - libjpeg-dev \ - libldap2-dev \ - libsasl2-dev \ - libssl-dev \ - libxml2-dev \ - libxmlsec1-dev \ - libxmlsec1-openssl \ - freerdp2-dev \ - libaio-dev" - ARG TOOLS=" \ - ca-certificates \ curl \ - default-libmysqlclient-dev \ default-mysql-client \ - git \ - git-lfs \ - xz-utils \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG RUST_VERSION=1.71.1 -RUN set -ex \ - && \ - if [ "${TARGETARCH}" = "s390x" ] || [ "${TARGETARCH}" = "ppc64le" ] || [ "${TARGETARCH}" = "loong64" ]; then \ - rustUrl="https://static.rust-lang.org/dist"; \ - rustArch="${TARGETARCH}"; \ - mkdir -p /opt/rust-install; \ - if [ "${TARGETARCH}" = "loong64" ]; then \ - rustUrl="download.jumpserver.org/rust/dist"; \ - rustArch="loongarch64"; \ - fi; \ - if [ "${TARGETARCH}" = "ppc64le" ]; then \ - rustArch="powerpc64le"; \ - fi; \ - wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}-unknown-linux-gnu.tar.xz"; \ - tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ - cd /opt/rust-install && ./install.sh; \ - cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ - mkdir -p ${CARGO_HOME:-$HOME/.cargo}; \ - echo -e '[source.crates-io]\nreplace-with = "ustc"\n\n[source.ustc]\nregistry = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"' > ${CARGO_HOME:-$HOME/.cargo}/config; \ - fi - -COPY --from=get-core /opt/jumpserver/poetry.lock /opt/jumpserver/pyproject.toml /opt/jumpserver/ - -WORKDIR /opt/jumpserver - -ARG PYTHONUNBUFFERED=1 \ - PYTHONDONTWRITEBYTECODE=1 - -ENV GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 - -RUN --mount=type=cache,target=/root/.cache \ - set -ex \ - && python3 -m venv /opt/py3 \ - && pip install $(grep cryptography pyproject.toml | sed 's/ = /==/g' | sed 's/"//g') \ - && pip install poetry \ - && poetry config virtualenvs.create false \ - && . /opt/py3/bin/activate \ - && poetry install --only=main - -FROM jumpserver/python:3.11-slim-buster -ARG TARGETARCH -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - freerdp2-dev \ - libjpeg-dev \ - libx11-dev \ - libxmlsec1-openssl" - -ARG TOOLS=" \ - ca-certificates \ - curl \ - default-libmysqlclient-dev \ - default-mysql-client \ - gnupg2 \ - netcat \ + nginx \ logrotate \ - openssh-client \ - p11-kit \ - sshpass \ + openjdk-17-jre-headless \ supervisor \ wget" RUN set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ && apt-get -y install --no-install-recommends ${TOOLS} \ - && mkdir -p /root/.ssh/ \ - && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -RUN set -ex \ - && apt-get update \ - && apt-get -y install --no-install-recommends gnupg2 \ - && dpkgArch="$(dpkg --print-architecture)" \ - && case "$dpkgArch" in \ - amd64|arm64) \ - echo "deb https://nginx.org/packages/debian/ buster nginx" > /etc/apt/sources.list.d/nginx.list \ - && wget -O - https://nginx.org/keys/nginx_signing.key | apt-key add - \ - && apt-get update \ - ;; \ - loongarch64) \ - echo "deb https://download.jumpserver.org/nginx/packages/debian buster nginx" > /etc/apt/sources.list.d/nginx.list \ - && wget -O - https://download.jumpserver.org/nginx/packages/keys/nginx_signing.key | apt-key add - \ - && apt-get update \ - ;; \ - *) \ - echo "Unsupported architecture: ${dpkgArch}" \ - ;; \ - esac \ - && apt-get -y install --no-install-recommends nginx \ && mkdir -p /var/cache/nginx \ && apt-get clean all \ && rm -rf /var/lib/apt/lists/* -ENV JAVA_HOME /usr/local/openjdk-17 -ENV PATH $JAVA_HOME/bin:$PATH - -COPY --from=openjdk $JAVA_HOME $JAVA_HOME -COPY --from=openjdk /etc/ld.so.conf.d/docker-openjdk.conf /etc/ld.so.conf.d/docker-openjdk.conf -COPY --from=openjdk /etc/ca-certificates/update.d/docker-openjdk /etc/ca-certificates/update.d/docker-openjdk - -RUN set -ex \ - && chmod +x /etc/ca-certificates/update.d/docker-openjdk \ - && /etc/ca-certificates/update.d/docker-openjdk \ - && ldconfig - WORKDIR /opt ARG MONGOSH_VERSION=1.10.6 @@ -229,14 +50,7 @@ RUN set -ex \ ARG HELM_VERSION=v3.12.2 ARG KUBECTL_VERSION=v1.27.4 RUN set -ex \ - && \ - if [ "${TARGETARCH}" = "loong64" ]; then \ - wget https://download.jumpserver.org/public/kubectl-linux-${TARGETARCH}.tar.gz; \ - tar -xf kubectl-linux-${TARGETARCH}.tar.gz; \ - mv kubectl /usr/local/bin/rawkubectl; \ - else \ - wget -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl; \ - fi \ + && wget -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \ && wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz \ && mkdir /opt/kubectl-aliases/ \ && tar -xf kubectl_aliases.tar.gz -C /opt/kubectl-aliases/ \ @@ -268,7 +82,6 @@ ARG RUNTIME_DEPENDENCIES=" \ COPY --from=guacd ${PREFIX_DIR} ${PREFIX_DIR} RUN set -ex \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ && apt-get install -y --no-install-recommends $RUNTIME_DEPENDENCIES \ && apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) \ @@ -276,15 +89,7 @@ RUN set -ex \ && rm -rf /var/lib/apt/lists/* COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli -COPY --from=build-core /opt/py3 /opt/py3 -COPY --from=get-core /opt/jumpserver/release/jumpserver /opt/jumpserver -COPY --from=static /opt/download /opt/download - -ARG VERSION=v3.10.1 -ENV VERSION=${VERSION} -ENV PATH=/opt/py3/bin:$PATH - -WORKDIR /opt +COPY --from=static /opt/download/applets /opt/download/applets RUN set -ex \ && mkdir -p /opt/koko \ @@ -303,14 +108,6 @@ RUN set -ex \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz -RUN set -ex \ - && mkdir -p /opt/magnus \ - && wget https://github.com/jumpserver/magnus-release/releases/download/${VERSION}/magnus-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf magnus-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/magnus --strip-components=1 \ - && chmod 755 /opt/magnus/magnus \ - && chown -R root:root /opt/magnus \ - && rm -f /opt/*.tar.gz - RUN set -ex \ && mkdir -p /opt/kael \ && wget https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -353,7 +150,6 @@ RUN chmod +x ./entrypoint.sh VOLUME /opt/jumpserver/data VOLUME /opt/koko/data VOLUME /opt/lion/data -VOLUME /opt/magnus/data VOLUME /opt/kael/data VOLUME /opt/chen/data diff --git a/allinone/README.md b/allinone/README.md index 7d5bd441..1a31cdf3 100644 --- a/allinone/README.md +++ b/allinone/README.md @@ -14,6 +14,9 @@ This project is Docker image build. 仅在测试环境中快速部署验证功能使用, 生产环境请使用 [标准部署](https://github.com/jumpserver/Dockerfile) +**注意: 为了控制镜像的大小, 该部署方式不支持 Client 相关功能, 纯 B/S 架构 Web 端使用** + + ```sh docker-compose up -d ``` @@ -67,7 +70,6 @@ flush privileges; - VOLUME /opt/jumpserver/data # Core 持久化目录, 存储录像日志 - VOLUME /opt/koko/data # Koko 持久化目录 - VOLUME /opt/lion/data # Lion 持久化目录 - - VOLUME /opt/magnus/data # Magnus 持久化目录 - VOLUME /opt/kael/data # Kael 持久化目录 - VOLUME /opt/chen/data # Chen 持久化目录 - VOLUME /var/log/nginx # Nginx 日志持久化目录 @@ -98,11 +100,10 @@ docker run --name jms_all -d \ -v /opt/jumpserver/core/data:/opt/jumpserver/data \ -v /opt/jumpserver/koko/data:/opt/koko/data \ -v /opt/jumpserver/lion/data:/opt/lion/data \ - -v /opt/jumpserver/magnus/data:/opt/magnus/data \ -v /opt/jumpserver/kael/data:/opt/kael/data \ -v /opt/jumpserver/chen/data:/opt/chen/data \ -v /opt/jumpserver/web/log:/var/log/nginx \ - jumpserver/jms_all:v3.10.1 + jumpserver/jms_all:v3.10.2 ``` **升级** @@ -118,7 +119,7 @@ mysqldump -h$DB_HOST -p$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /opt/jumpse # 例: mysqldump -h192.168.100.11 -p3306 -ujumpserver -pnu4x599Wq7u0Bn8EABh3J91G jumpserver > /opt/jumpserver-v2.12.0.sql # 拉取新版本镜像 -docker pull jumpserver/jms_all:v3.10.1 +docker pull jumpserver/jms_all:v3.10.2 # 删掉旧版本容器 docker rm jms_all @@ -143,8 +144,7 @@ docker run --name jms_all -d \ -v /opt/jumpserver/core/data:/opt/jumpserver/data \ -v /opt/jumpserver/koko/data:/opt/koko/data \ -v /opt/jumpserver/lion/data:/opt/lion/data \ - -v /opt/jumpserver/magnus/data:/opt/magnus/data \ -v /opt/jumpserver/kael/data:/opt/kael/data \ -v /opt/jumpserver/chen/data:/opt/chen/data \ -v /opt/jumpserver/web/log:/var/log/nginx \ - jumpserver/jms_all:v3.10.1 \ No newline at end of file + jumpserver/jms_all:v3.10.2 \ No newline at end of file diff --git a/allinone/docker-compose.yml b/allinone/docker-compose.yml index b5aa5eeb..595cb804 100644 --- a/allinone/docker-compose.yml +++ b/allinone/docker-compose.yml @@ -19,7 +19,7 @@ services: - net redis: - image: redis:6.2 + image: redis:7.0 container_name: jms_redis restart: always command: redis-server --requirepass ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt} @@ -57,16 +57,10 @@ services: REDIS_HOST: ${REDIS_HOST:-redis} REDIS_PORT: ${REDIS_PORT:-6379} REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt} - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} DOMAINS: ${DOMAINS:-} ports: - ${HTTP_PORT:-80}:80/tcp - ${SSH_PORT:-2222}:2222/tcp - - ${MAGNUS_MYSQL_PORT:-33061}:33061/tcp - - ${MAGNUS_MARIADB_PORT:-33062}:33062/tcp - - ${MAGNUS_REDIS_PORT:-63790}:63790/tcp depends_on: mysql: condition: service_healthy @@ -82,7 +76,6 @@ services: - ${VOLUME_DIR:-./data}/core/data:/opt/jumpserver/core/data - ${VOLUME_DIR:-./data}/koko/data:/opt/jumpserver/koko/data - ${VOLUME_DIR:-./data}/lion/data:/opt/jumpserver/lion/data - - ${VOLUME_DIR:-./data}/magnus/data:/opt/jumpserver/magnus/data - ${VOLUME_DIR:-./data}/chen/data:/opt/jumpserver/chen/data - ${VOLUME_DIR:-./data}/kael/data:/opt/jumpserver/kael/data - ${VOLUME_DIR:-./data}/nginx/data:/var/log/nginx diff --git a/allinone/nginx.conf b/allinone/nginx.conf index 91f9357c..d6d64db9 100644 --- a/allinone/nginx.conf +++ b/allinone/nginx.conf @@ -39,6 +39,11 @@ http { return 200 "User-agent: *\nDisallow: /\n"; } + location /private-media/ { + internal; + alias /opt/jumpserver/data/media/; + } + location /download/ { alias /opt/download/; } diff --git a/allinone/readme.txt b/allinone/readme.txt index 859fd215..af7bfb14 100644 --- a/allinone/readme.txt +++ b/allinone/readme.txt @@ -11,4 +11,4 @@ The Installation is Complete. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║ ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ - VERSION: v3.10.1 \ No newline at end of file + VERSION: v3.10.2 \ No newline at end of file diff --git a/allinone/supervisord.conf b/allinone/supervisord.conf index b47302ff..18855376 100644 --- a/allinone/supervisord.conf +++ b/allinone/supervisord.conf @@ -44,17 +44,6 @@ stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 autorestart=true -[program:magnus] -priority=100 -environment=WORK_DIR="/opt/magnus", COMPONENT_NAME="magnus", WISP_TRACE_PROCESS=1, EXECUTE_PROGRAM="/opt/magnus/magnus", BIND_PORT=9090, WISP_PORT=9090, LANG=zh_CN.UTF-8 -directory=/opt/magnus/ -command=/usr/local/bin/wisp -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -autorestart=true - [program:kael] priority=100 environment=WORK_DIR="/opt/kael", COMPONENT_NAME="kael", WISP_TRACE_PROCESS=1, EXECUTE_PROGRAM="/opt/kael/kael", BIND_PORT=9091, WISP_PORT=9091, LANG=zh_CN.UTF-8 diff --git a/chen/Dockerfile b/chen/Dockerfile index 3b907020..3119bcdf 100644 --- a/chen/Dockerfile +++ b/chen/Dockerfile @@ -1,24 +1,22 @@ -FROM jumpserver/openjdk:17-slim-bullseye as stage-1 -FROM debian:bullseye-slim as stage-2 +FROM debian:bookworm-slim as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ @@ -35,7 +33,7 @@ RUN set -ex \ WORKDIR /opt/chen -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} RUN set -ex \ @@ -48,12 +46,12 @@ RUN set -ex \ COPY chen/entrypoint.sh . RUN chmod 755 ./entrypoint.sh -FROM debian:bullseye-slim +FROM debian:bookworm-slim ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - p11-kit" + openjdk-17-jre-headless" RUN set -ex \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ @@ -62,31 +60,16 @@ RUN set -ex \ && echo "no" | dpkg-reconfigure dash \ && sed -i "s@# export @export @g" ~/.bashrc \ && sed -i "s@# alias @alias @g" ~/.bashrc \ + && sed -i "s@jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1@jdk.tls.disabledAlgorithms=SSLv3@" /etc/java-17-openjdk/security/java.security \ && apt-get clean all \ && rm -rf /var/lib/apt/lists/* -ENV JAVA_HOME /usr/local/openjdk-17 -ENV PATH $JAVA_HOME/bin:$PATH - -COPY --from=stage-1 $JAVA_HOME $JAVA_HOME -COPY --from=stage-1 /etc/ld.so.conf.d/docker-openjdk.conf /etc/ld.so.conf.d/docker-openjdk.conf -COPY --from=stage-1 /etc/ca-certificates/update.d/docker-openjdk /etc/ca-certificates/update.d/docker-openjdk - -RUN set -ex \ - && chmod +x /etc/ca-certificates/update.d/docker-openjdk \ - && /etc/ca-certificates/update.d/docker-openjdk \ - && ldconfig \ - && java -Xshare:dump \ - && rm -rf ~/.java \ - && javac --version \ - && java --version - -COPY --from=stage-2 /usr/local/bin /usr/local/bin -COPY --from=stage-2 /opt/chen /opt/chen +COPY --from=stage-1 /usr/local/bin /usr/local/bin +COPY --from=stage-1 /opt/chen /opt/chen WORKDIR /opt/chen -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /opt/chen/data diff --git a/config_example.conf b/config_example.conf index 7fefa430..e5f2946c 100644 --- a/config_example.conf +++ b/config_example.conf @@ -1,7 +1,7 @@ # 版本号可以自己根据项目的版本修改 -VERSION=v3.10.1 +VERSION=v3.10.2 -# 构建参数, 支持 amd64/arm64/loong64 +# 构建参数, 支持 amd64/arm64/ppc64le/s390x TARGETARCH=amd64 # Compose @@ -39,11 +39,6 @@ MAGNUS_MYSQL_PORT=33061 MAGNUS_MARIADB_PORT=33062 MAGNUS_REDIS_PORT=63790 -# Xpack -RDP_PORT=3389 -MAGNUS_POSTGRESQL_PORT=54320 -MAGNUS_ORACLE_PORTS=30000-30010 - ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 # BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole diff --git a/core/Dockerfile b/core/Dockerfile index c493326b..d19d2b52 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.11-slim-bullseye as stage-1 +FROM python:3.11-slim-bookworm as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ @@ -7,26 +7,25 @@ ARG DEPENDENCIES=" \ git-lfs \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=$VERSION RUN set -ex \ @@ -39,12 +38,11 @@ RUN set -ex \ WORKDIR /opt/jumpserver RUN set -ex \ - && wget https://github.com/jumpserver-dev/jumpserver-patch/raw/master/core/Dockerfile-ce \ && echo > /opt/jumpserver/config.yml \ && cd utils \ && bash -ixeu build.sh -FROM python:3.11-slim-bullseye as stage-2 +FROM python:3.11-slim-bookworm as stage-2 ARG TARGETARCH ARG BUILD_DEPENDENCIES=" \ @@ -77,36 +75,44 @@ ARG TOOLS=" \ xz-utils \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} + && apt-get -y install --no-install-recommends ${TOOLS} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt ARG RUST_VERSION=1.71.1 RUN set -ex \ + && mkdir -p /opt/rust-install \ + && rustUrl="https://static.rust-lang.org/dist" \ && \ - if [ "${TARGETARCH}" = "s390x" ] || [ "${TARGETARCH}" = "ppc64le" ] || [ "${TARGETARCH}" = "loong64" ]; then \ - rustUrl="https://static.rust-lang.org/dist"; \ - rustArch="${TARGETARCH}"; \ - mkdir -p /opt/rust-install; \ - if [ "${TARGETARCH}" = "loong64" ]; then \ - rustUrl="download.jumpserver.org/rust/dist"; \ - rustArch="loongarch64"; \ - fi; \ - if [ "${TARGETARCH}" = "ppc64le" ]; then \ - rustArch="powerpc64le"; \ - fi; \ - if [ "${TARGETARCH}" = "riscv64" ]; then \ - rustArch="riscv64gc-unknown-linux-gnu"; \ - fi; \ - wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}-unknown-linux-gnu.tar.xz"; \ + case "${TARGETARCH}" in \ + amd64) rustArch='x86_64-unknown-linux-gnu'; \ + ;; \ + arm64) rustArch='aarch64-unknown-linux-gnu'; \ + ;; \ + mips64le) rustArch='mips64el-unknown-linux-gnuabi64'; \ + ;; \ + ppc64le) rustArch='powerpc64le-unknown-linux-gnu'; \ + ;; \ + riscv64) rustArch='riscv64gc-unknown-linux-gnu'; \ + ;; \ + s390x) rustArch='s390x-unknown-linux-gnu'; \ + ;; \ + loong64) rustArch='loongarch64-unknown-linux-gnu'; \ + rustUrl="https://download.jumpserver.org/rust/dist"; \ + ;; \ + *) echo >&2 "error: unsupported architecture: ${TARGETARCH}"; \ + ;; \ + esac \ + && \ + if [ -n "${rustArch}" ]; then \ + wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}.tar.xz"; \ tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ cd /opt/rust-install && ./install.sh; \ cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ @@ -122,7 +128,7 @@ ARG PYTHONUNBUFFERED=1 \ ENV GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 RUN --mount=type=cache,target=/root/.cache \ - set -ex \ +set -ex \ && python3 -m venv /opt/py3 \ && pip install $(grep cryptography pyproject.toml | sed 's/ = /==/g' | sed 's/"//g') \ && pip install poetry \ @@ -130,12 +136,12 @@ RUN --mount=type=cache,target=/root/.cache \ && . /opt/py3/bin/activate \ && poetry install --only=main -FROM python:3.11-slim-bullseye +FROM python:3.11-slim-bookworm ENV LANG=en_US.UTF-8 \ PATH=/opt/py3/bin:$PATH ARG DEPENDENCIES=" \ - libjpeg-dev \ + freerdp2-dev \ libldap2-dev \ libx11-dev \ libxmlsec1-openssl" @@ -165,7 +171,7 @@ COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver WORKDIR /opt/jumpserver -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /opt/jumpserver/data diff --git a/docker-compose-mariadb.yml b/docker-compose-mariadb.yml index a4694a45..1214c68d 100644 --- a/docker-compose-mariadb.yml +++ b/docker-compose-mariadb.yml @@ -6,7 +6,7 @@ services: condition: service_healthy mysql: - image: jumpserver/mariadb:10.6 + image: mariadb:10.6 container_name: jms_mysql restart: always command: --character-set-server=utf8 --collation-server=utf8_general_ci diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml index beecacaf..4d4c41c4 100644 --- a/docker-compose-redis.yml +++ b/docker-compose-redis.yml @@ -2,11 +2,11 @@ version: '2.4' services: core: depends_on: - redis: + mysql: condition: service_healthy redis: - image: jumpserver/redis:7.0 + image: redis:7.0 container_name: jms_redis restart: always command: redis-server --requirepass $REDIS_PASSWORD --loglevel warning --maxmemory-policy allkeys-lru diff --git a/docker-compose.yml b/docker-compose.yml index 094179f8..5137f178 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -204,11 +204,13 @@ services: image: jumpserver/jms_web:${VERSION} container_name: jms_web restart: always + environment: + CORE_HOST: http://core:8080 depends_on: core: condition: service_healthy healthcheck: - test: "check http://localhost:51980/api/health/" + test: "check http://localhost/api/health/" interval: 10s timeout: 5s retries: 3 diff --git a/kael/Dockerfile b/kael/Dockerfile index dfff6075..48e980d5 100644 --- a/kael/Dockerfile +++ b/kael/Dockerfile @@ -1,23 +1,22 @@ -FROM debian:bullseye-slim as stage-1 +FROM debian:bookworm-slim as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ @@ -34,7 +33,7 @@ RUN set -ex \ WORKDIR /opt/kael -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} RUN set -ex \ @@ -48,7 +47,7 @@ RUN set -ex \ COPY kael/entrypoint.sh . RUN chmod 755 ./entrypoint.sh -FROM debian:bullseye-slim +FROM debian:bookworm-slim ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ @@ -57,20 +56,14 @@ ARG DEPENDENCIES=" \ RUN set -ex \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && apt-get update \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* + && apt-get -y install --no-install-recommends ${DEPENDENCIES} COPY --from=stage-1 /usr/local/bin /usr/local/bin COPY --from=stage-1 /opt/kael /opt/kael WORKDIR /opt/kael -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /opt/kael/data diff --git a/koko/Dockerfile b/koko/Dockerfile index d397cdf6..90063e9e 100644 --- a/koko/Dockerfile +++ b/koko/Dockerfile @@ -1,24 +1,23 @@ -FROM redis:7.0-bullseye as stage-1 -FROM debian:bullseye-slim as stage-2 +FROM redis:7.0-bookworm as stage-1 +FROM debian:bookworm-slim as stage-2 ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ @@ -75,7 +74,7 @@ RUN set -ex \ WORKDIR /opt/koko -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} RUN set -ex \ @@ -91,7 +90,7 @@ RUN set -ex \ COPY koko/entrypoint.sh . RUN chmod 755 ./entrypoint.sh -FROM debian:bullseye-slim +FROM debian:bookworm-slim ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ @@ -118,7 +117,7 @@ COPY --from=stage-2 /opt/kubectl-aliases /opt/kubectl-aliases WORKDIR /opt/koko -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /opt/koko/data diff --git a/lion/Dockerfile b/lion/Dockerfile index 6593b494..b3941c02 100644 --- a/lion/Dockerfile +++ b/lion/Dockerfile @@ -1,23 +1,22 @@ -FROM debian:bullseye-slim as stage-1 +FROM debian:bookworm-slim as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ @@ -26,7 +25,7 @@ RUN set -ex \ WORKDIR /opt/lion -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} RUN set -ex \ @@ -38,7 +37,7 @@ RUN set -ex \ COPY lion/entrypoint.sh . RUN chmod 755 ./entrypoint.sh -FROM jumpserver/guacd:1.5.3-bullseye +FROM jumpserver/guacd:1.5.3-bookworm ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ @@ -63,7 +62,7 @@ COPY lion/supervisord.conf /etc/supervisor/conf.d/lion.conf WORKDIR /opt/lion -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /opt/lion/data diff --git a/magnus/Dockerfile b/magnus/Dockerfile index e3207b2f..7ca5d1cf 100644 --- a/magnus/Dockerfile +++ b/magnus/Dockerfile @@ -1,23 +1,22 @@ -FROM debian:bullseye-slim as stage-1 +FROM debian:bookworm-slim as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ @@ -34,7 +33,7 @@ RUN set -ex \ WORKDIR /opt/magnus -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} RUN set -ex \ @@ -48,7 +47,7 @@ RUN set -ex \ COPY magnus/entrypoint.sh . RUN chmod 755 ./entrypoint.sh -FROM debian:bullseye-slim +FROM debian:bookworm-slim ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ @@ -69,7 +68,7 @@ COPY --from=stage-1 /opt/magnus /opt/magnus WORKDIR /opt/magnus -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /opt/magnus/data diff --git a/web/Dockerfile b/web/Dockerfile index 05d0cd0c..f2700bf3 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,31 +1,30 @@ -FROM jumpserver/web-static:v1.0.5 as stage-1 -FROM debian:bullseye-slim as stage-2 +FROM jumpserver/web-static:v1.0.6-bookworm as stage-1 +FROM debian:bookworm-slim as stage-2 ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ wget" -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ +RUN set -ex \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* WORKDIR /opt -ARG CHECK_VERSION=v1.0.1 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && mv check /usr/local/bin/ \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} RUN set -ex \ @@ -41,7 +40,7 @@ RUN set -ex \ COPY web/entrypoint.sh . RUN chmod 755 ./entrypoint.sh -FROM nginx:1.24-bullseye +FROM nginx:1.25-bookworm ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ @@ -65,7 +64,7 @@ COPY web/nginx.conf /etc/nginx/ WORKDIR /opt -ARG VERSION=v3.10.1 +ARG VERSION=v3.10.2 ENV VERSION=${VERSION} VOLUME /var/log/nginx diff --git a/web/nginx.conf b/web/nginx.conf index 8501837c..20390802 100644 --- a/web/nginx.conf +++ b/web/nginx.conf @@ -46,6 +46,11 @@ http { return 200 "User-agent: *\nDisallow: /\n"; } + location /private-media/ { + internal; + alias /opt/jumpserver/data/media/; + } + location /download/ { alias /opt/download/; }