Merge pull request #140 from jumpserver/dev

v3.8.0
jumpserver · Oct 19, 2023 · c6f3f6f · c6f3f6f
2 parents 8cb59d1 + c7da888
commit c6f3f6f
Show file tree

Hide file tree

Showing 10 changed files with 233 additions and 121 deletions.
diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml
@@ -23,6 +23,8 @@ jobs:
         context: .
         push: false
         tags: jumpserver/web:test
+        build-args: |
+          APT_MIRROR=http://deb.debian.org
         file: Dockerfile
         cache-from: type=gha
         cache-to: type=gha,mode=max

diff --git a/Dockerfile b/Dockerfile
@@ -1,69 +1,91 @@
-FROM nginx:1.24-bullseye
-
+FROM nginx:1.24-bullseye as builder
 ARG TARGETARCH
-ARG APT_MIRROR=http://mirrors.ustc.edu.cn
 
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=web \
     sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
     && rm -f /etc/cron.daily/apt-compat \
     && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
     && apt-get update \
-    && apt-get install -y --no-install-recommends wget vim logrotate locales \
+    && apt-get install -y --no-install-recommends wget \
     && echo "no" | dpkg-reconfigure dash \
-    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
-    && rm -f /var/log/nginx/*.log \
     && rm -rf /var/lib/apt/lists/*
 
 ARG DOWNLOAD_URL=https://download.jumpserver.org
 ARG PLAY_VERSION=1.1.0-1
 
-# 下载 player 脚本
 WORKDIR /opt/player
 RUN set -ex \
     && wget -q ${DOWNLOAD_URL}/public/glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz \
     && tar -xf glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz -C /opt/player --strip-components 1 \
     && rm -f glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz
 
-# 下载公共的客户端
-WORKDIR /opt/download/public
-ARG Client_VERSION=v2.0.1
-ARG MRD_VERSION=10.6.7
-ARG VIDEO_PLAYER_VERSION=0.1.9
-ARG OPENSSH_VERSION=v9.2.0.0
+WORKDIR /opt/download/applets
 
+ARG PYTHON_VERSION=3.10.11
 RUN set -ex \
-    && mkdir -p /etc/nginx/sites-enabled /var/cache/nginx \
-    && wget -qO  JumpServer-Client-Installer-x86_64.msi https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-x86_64.msi \
-    && wget -qO  JumpServer-Client-Installer-x86_64.exe https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-x86_64.exe \
-    && wget -qO  JumpServer-Client-Installer-amd64.dmg https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-amd64.dmg \
-    && wget -qO  JumpServer-Client-Installer-arm64.dmg https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-arm64.dmg \
-    && wget -qO  JumpServer-Client-Installer-amd64.deb https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-amd64.deb \
-    && wget -qO  JumpServer-Client-Installer-arm64.deb https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-arm64.deb \
-    && wget -qO  JumpServer-Video-Player.dmg https://github.com/jumpserver/VideoPlayer/releases/download/v0.1.9/JumpServer.Video.Player-${VIDEO_PLAYER_VERSION}.dmg \
-    && wget -qO  JumpServer-Video-Player.exe https://github.com/jumpserver/VideoPlayer/releases/download/v0.1.9/JumpServer.Video.Player.Setup.${VIDEO_PLAYER_VERSION}.exe \
-    && wget -qO  OpenSSH-Win64.msi https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_VERSION}p1-Beta/OpenSSH-Win64-${OPENSSH_VERSION}.msi \
-    && wget -q ${DOWNLOAD_URL}/public/Microsoft_Remote_Desktop_${MRD_VERSION}_installer.pkg
+    && wget -q ${DOWNLOAD_URL}/public/python-${PYTHON_VERSION}-amd64.exe
 
-# 下载 applets 的相关依赖
-WORKDIR /opt/download/applets
-ARG TINKER_VERSION=v0.1.2
-ARG PYTHON_VERSION=3.10.11
 ARG CHROME_VERSION=114.0.5735.134
-ARG DBEAVER_VERSION=22.3.4
-
 RUN set -ex \
-    && wget -qO Tinker_Installer.exe ${DOWNLOAD_URL}/public/Tinker_Installer_${TINKER_VERSION}.exe \
-    && wget -qO dbeaver-patch.msi ${DOWNLOAD_URL}/public/dbeaver-patch-${DBEAVER_VERSION}-x86_64-setup.msi \
     && wget -q https://github.com/wojiushixiaobai/Chrome-Portable-Win64/releases/download/${CHROME_VERSION}/chromedriver_win32.zip \
-    && wget -q https://github.com/wojiushixiaobai/Chrome-Portable-Win64/releases/download/${CHROME_VERSION}/chrome-win.zip \
+    && wget -q https://github.com/wojiushixiaobai/Chrome-Portable-Win64/releases/download/${CHROME_VERSION}/chrome-win.zip
+
+ARG DBEAVER_VERSION=22.3.4
+RUN set -ex \
     && wget -q ${DOWNLOAD_URL}/public/dbeaver-ce-${DBEAVER_VERSION}-x86_64-setup.exe \
-    && wget -q ${DOWNLOAD_URL}/public/python-${PYTHON_VERSION}-amd64.exe
+    && wget -qO dbeaver-patch.msi ${DOWNLOAD_URL}/public/dbeaver-patch-${DBEAVER_VERSION}-x86_64-setup.msi
+
+ARG TINKER_VERSION=v0.1.3
+RUN set -ex \
+    && wget -qO Tinker_Installer.exe ${DOWNLOAD_URL}/public/Tinker_Installer_${TINKER_VERSION}.exe
+
+WORKDIR /opt/download/public
+ARG MRD_VERSION=10.6.7
+RUN set -ex \
+    && wget -q ${DOWNLOAD_URL}/public/Microsoft_Remote_Desktop_${MRD_VERSION}_installer.pkg
+
+ARG VIDEO_PLAYER_VERSION=0.1.9
+RUN set -ex \
+    && wget -qO JumpServer-Video-Player.dmg https://github.com/jumpserver/VideoPlayer/releases/download/v0.1.9/JumpServer.Video.Player-${VIDEO_PLAYER_VERSION}.dmg \
+    && wget -qO JumpServer-Video-Player.exe https://github.com/jumpserver/VideoPlayer/releases/download/v0.1.9/JumpServer.Video.Player.Setup.${VIDEO_PLAYER_VERSION}.exe
+
+ARG OPENSSH_VERSION=v9.4.0.0
+RUN set -ex \
+    && wget -qO OpenSSH-Win64.msi https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_VERSION}p1-Beta/OpenSSH-Win64-${OPENSSH_VERSION}.msi
+
+ARG Client_VERSION=v2.0.2
+RUN set -ex \
+    && wget -qO JumpServer-Client-Installer-x86_64.msi https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-x86_64.msi \
+    && wget -qO JumpServer-Client-Installer-x86_64.exe https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-x86_64.exe \
+    && wget -qO JumpServer-Client-Installer-amd64.dmg https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-amd64.dmg \
+    && wget -qO JumpServer-Client-Installer-arm64.dmg https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-arm64.dmg \
+    && wget -qO JumpServer-Client-Installer-amd64.deb https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-amd64.deb \
+    && wget -qO JumpServer-Client-Installer-arm64.deb https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-${Client_VERSION}-arm64.deb
+
+FROM nginx:1.24-bullseye
+ARG TARGETARCH
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=web \
+    sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && rm -f /etc/cron.daily/apt-compat \
+    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends wget vim logrotate locales \
+    && echo "no" | dpkg-reconfigure dash \
+    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
+    && rm -f /var/log/nginx/*.log \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt
 
-WORKDIR /opt/download/
+COPY --from=builder /opt /opt
 COPY release/lina /opt/lina
 COPY release/luna /opt/luna
 COPY release/applets /opt/download/applets
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY includes /etc/nginx/includes
-COPY http_server.conf /etc/nginx/conf.d/default.conf
+COPY default.conf /etc/nginx/conf.d/default.conf
+COPY http_server.conf /etc/nginx/sites-enabled/http_server.conf
 COPY init.sh /docker-entrypoint.d/40-init-config.sh
diff --git a/default.conf b/default.conf
@@ -0,0 +1,31 @@
+server {
+    listen 51980;
+    # listen [::]:51980;
+
+    client_max_body_size 5000m;
+
+    location /player/ {
+        try_files $uri / /index.html;
+        alias /opt/player/;
+    }
+
+    location /ui/ {
+        try_files $uri / /index.html;
+        alias /opt/lina/;
+    }
+
+    location /luna/ {
+        try_files $uri / /index.html;
+        alias /opt/luna/;
+    }
+
+    location /download/ {
+        alias /opt/download/;
+    }
+
+    location / {
+        rewrite ^/(.*)$ /ui/$1 last;
+    }
+
+    include includes/*.conf;
+}
diff --git a/http_server.conf b/http_server.conf
@@ -1,31 +1,23 @@
 server {
-    listen 80;
-    # listen [::]:80;
+  listen 80;
+  # listen [::]:80;
+  # server_name demo.jumpserver.org;  # 取消注释并自行修改成你自己的域名
 
-    client_max_body_size 5000m;
+  client_max_body_size 5000m;
 
-    location /player/ {
-        try_files $uri / /index.html;
-        alias /opt/player/;
-    }
-
-    location /ui/ {
-        try_files $uri / /index.html;
-        alias /opt/lina/;
-    }
-
-    location /luna/ {
-        try_files $uri / /index.html;
-        alias /opt/luna/;
-    }
-
-    location /download/ {
-        alias /opt/download/;
-    }
-
-    location / {
-        rewrite ^/(.*)$ /ui/$1 last;
-    }
-
-    include includes/*.conf;
-}
+  location / {
+    proxy_pass http://localhost:51980;
+    proxy_buffering off;
+    proxy_request_buffering off;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_ignore_client_abort on;
+    proxy_connect_timeout 600;
+    proxy_send_timeout 600;
+    proxy_read_timeout 600;
+    send_timeout 6000;
+  }
+}
diff --git a/includes/chen.conf b/includes/chen.conf
@@ -5,7 +5,6 @@ location /chen/ {
     proxy_request_buffering off;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
-    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_ignore_client_abort on;

diff --git a/includes/core.conf b/includes/core.conf
@@ -8,14 +8,12 @@ location /ws/ {
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
-    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }
 
 location ~ ^/(core|api|media)/ {
     proxy_pass http://core:8080;
-    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }
diff --git a/includes/kael.conf b/includes/kael.conf
@@ -5,7 +5,6 @@ location /kael/ {
     proxy_request_buffering off;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
-    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_ignore_client_abort on;

diff --git a/includes/koko.conf b/includes/koko.conf
@@ -5,7 +5,6 @@ location /koko/ {
     proxy_request_buffering off;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
-    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_ignore_client_abort on;

diff --git a/includes/lion.conf b/includes/lion.conf
@@ -5,7 +5,6 @@ location /lion/ {
     proxy_request_buffering off;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
-    proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_ignore_client_abort on;