DO NOT USE! Bastillion is no longer developed: bastillion-io/Bastillion#506 (comment)
Alternatives:
This is a fork of: e-COSI/docker-bastillion Docker image for Bastillion.io
I updated bastillion
to the latest version in order to address CVE-2021-44228, CVE-2021-45046 aka Log4Shell, updated the deprecated base image fom openJDK
to debian-slim
with openjdk-11-jre-headless
and because of the arm64 target I build dockerize from source as part of the build.
There are now Github Actions to build the image for:
linux/amd64
linux/arm64
linux/arm/v7
And to build a alpine
version taged -alpine
(e.g. mietzen/bastillion:3.14.0-alpine
) for:
linux/amd64
linux/arm64
The full upgrade path is available from e-COSI/docker-bastillion:3.09.00
image to 3.14.0
.
Shared tags:
3.14.0
->3.14.0-debian
3.13.00
->3.13.00-debian
3.12.02
->3.12.02-debian
3.12.01
->3.12.01-debian
3.12.00
->3.12.00-debian
3.11.01
->3.11.01-debian
3.10.00
->3.10.00-debian
3.14.0-alpine
3.13.00-alpine
3.12.02-alpine
3.12.01-alpine
3.12.00-alpine
3.11.01-alpine
3.10.00-alpine
For all tags, see: DockerHub
The base images are nightly updated and all images are rudimentary tested with InSpec.
Before upgrading to the next version make sure to read the release notes, check how to migrate your settings and database.
Bastillion is an open-source web-based SSH console that centrally manages administrative access to systems. A bastion host for administrators with features that promote infrastructure security, including key management and auditing. For more information visit the Bastillion website or the GitHub page
On Linux:
mkdir ./keydb
sudo chown 999:$(id -g) ./keydb
sudo chmod 770 ./keydb
Start Bastillion with docker run
on your local host:
docker run -d -p 8443:8443 -v $(pwd)/keydb:/keydb mietzen/bastillion:3.14.0
With --add-host=host.docker.internal:host-gateway
you will be able to connect to ssh-servers on your lan.
Go to https://127.0.0.1:8443 and login with:
- Username:
admin
- Password:
changeme
On Linux:
mkdir /srv/keydb
sudo chown 999:$(id -g) ./keydb
sudo chmod 770 ./keydb
version: "3"
services:
bastillion:
image: mietzen/bastillion:3.14.0
container_name: bastillion
restart: unless-stopped
ports:
- 8443:8443
volumes:
- ./keydb:/keydb
By adding:
extra_hosts:
- "host.docker.internal:host-gateway"
you will be able to connect to ssh-servers on your lan.
Run with:
docker-compose up -d
Go to https://127.0.0.1:8443 and login with:
- Username:
admin
- Password:
changeme
See also: docker-compose.yaml
BASTILLION_VERSION=3.14.0
BASTILLION_FILENAME_VERSION=$(echo $BASTILLION_VERSION | sed -r 's/(.*)\./\1_/')
if [ "${#BASTILLION_FILENAME_VERSION}" -lt 7 ]; then BASTILLION_FILENAME_VERSION=$(echo "${BASTILLION_FILENAME_VERSION}0"); fi # Fix for 3.14.0
docker build \
--build-arg BASTILLION_VERSION=${BASTILLION_VERSION} \
--build-arg BASTILLION_FILENAME_VERSION=${BASTILLION_FILENAME_VERSION} \
--no-cache -t bastillion:${BASTILLION_VERSION} \
--file ./Dockerfile .
BASTILLION_VERSION=3.14.0
BASTILLION_FILENAME_VERSION=$(echo $BASTILLION_VERSION | sed -r 's/(.*)\./\1_/')
if [ "${#BASTILLION_FILENAME_VERSION}" -lt 7 ]; then BASTILLION_FILENAME_VERSION=$(echo "${BASTILLION_FILENAME_VERSION}0"); fi # Fix for 3.14.0
docker build \
--build-arg BASTILLION_VERSION=${BASTILLION_VERSION} \
--build-arg BASTILLION_FILENAME_VERSION=${BASTILLION_FILENAME_VERSION} \
--no-cache -t bastillion:${BASTILLION_VERSION}-alpine \
--file ./Dockerfile.alpine .