Giter Club home page Giter Club logo

docker-bastillion's Introduction

DO NOT USE! Bastillion is no longer developed: bastillion-io/Bastillion#506 (comment)

Alternatives:

Bastillion Docker Image

This is a fork of: e-COSI/docker-bastillion Docker image for Bastillion.io

I updated bastillion to the latest version in order to address CVE-2021-44228, CVE-2021-45046 aka Log4Shell, updated the deprecated base image fom openJDK to debian-slim with openjdk-11-jre-headless and because of the arm64 target I build dockerize from source as part of the build.

There are now Github Actions to build the image for:

  • linux/amd64
  • linux/arm64
  • linux/arm/v7

And to build a alpine version taged -alpine (e.g. mietzen/bastillion:3.14.0-alpine) for:

  • linux/amd64
  • linux/arm64

The full upgrade path is available from e-COSI/docker-bastillion:3.09.00 image to 3.14.0.

Shared tags:

  • 3.14.0 -> 3.14.0-debian
  • 3.13.00 -> 3.13.00-debian
  • 3.12.02 -> 3.12.02-debian
  • 3.12.01 -> 3.12.01-debian
  • 3.12.00 -> 3.12.00-debian
  • 3.11.01 -> 3.11.01-debian
  • 3.10.00 -> 3.10.00-debian
  • 3.14.0-alpine
  • 3.13.00-alpine
  • 3.12.02-alpine
  • 3.12.01-alpine
  • 3.12.00-alpine
  • 3.11.01-alpine
  • 3.10.00-alpine

For all tags, see: DockerHub

The base images are nightly updated and all images are rudimentary tested with InSpec.

Upgrade to the latest version

Before upgrading to the next version make sure to read the release notes, check how to migrate your settings and database.

What is Bastillion?

Bastillion is an open-source web-based SSH console that centrally manages administrative access to systems. A bastion host for administrators with features that promote infrastructure security, including key management and auditing. For more information visit the Bastillion website or the GitHub page

Start with docker run

On Linux:

mkdir ./keydb
sudo chown 999:$(id -g) ./keydb
sudo chmod 770 ./keydb

Start Bastillion with docker run on your local host:

docker run -d -p 8443:8443 -v $(pwd)/keydb:/keydb mietzen/bastillion:3.14.0

With --add-host=host.docker.internal:host-gateway you will be able to connect to ssh-servers on your lan.

Go to https://127.0.0.1:8443 and login with:

  • Username: admin
  • Password: changeme

Start using docker-compose

On Linux:

mkdir /srv/keydb
sudo chown 999:$(id -g) ./keydb
sudo chmod 770 ./keydb

version: "3"
services:
  bastillion:
    image: mietzen/bastillion:3.14.0
    container_name: bastillion
    restart: unless-stopped
    ports:
      - 8443:8443
    volumes:
      - ./keydb:/keydb

By adding:

extra_hosts:
      - "host.docker.internal:host-gateway"

you will be able to connect to ssh-servers on your lan.

Run with:

docker-compose up -d

Go to https://127.0.0.1:8443 and login with:

  • Username: admin
  • Password: changeme

See also: docker-compose.yaml

Build it your self

Ubuntu

BASTILLION_VERSION=3.14.0
BASTILLION_FILENAME_VERSION=$(echo $BASTILLION_VERSION | sed -r 's/(.*)\./\1_/')
if [ "${#BASTILLION_FILENAME_VERSION}" -lt 7 ]; then BASTILLION_FILENAME_VERSION=$(echo "${BASTILLION_FILENAME_VERSION}0"); fi # Fix for 3.14.0 
docker build \
   --build-arg BASTILLION_VERSION=${BASTILLION_VERSION} \
   --build-arg BASTILLION_FILENAME_VERSION=${BASTILLION_FILENAME_VERSION} \
   --no-cache -t bastillion:${BASTILLION_VERSION} \
   --file ./Dockerfile .

Alpine

BASTILLION_VERSION=3.14.0
BASTILLION_FILENAME_VERSION=$(echo $BASTILLION_VERSION | sed -r 's/(.*)\./\1_/')
if [ "${#BASTILLION_FILENAME_VERSION}" -lt 7 ]; then BASTILLION_FILENAME_VERSION=$(echo "${BASTILLION_FILENAME_VERSION}0"); fi # Fix for 3.14.0
docker build \
   --build-arg BASTILLION_VERSION=${BASTILLION_VERSION} \
   --build-arg BASTILLION_FILENAME_VERSION=${BASTILLION_FILENAME_VERSION} \
   --no-cache -t bastillion:${BASTILLION_VERSION}-alpine \
   --file ./Dockerfile.alpine .

Full list of environment variables:

See: all environment variables

docker-bastillion's People

Contributors

fjoesne avatar jbrummans avatar mietzen avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

docker-bastillion's Issues

Allow for usage of http or https via environment or build arg

Hello,

I've been trying to work from ecosi's image before seeing yours.

I have a reverse proxy using traefik, and in my version I build the start.ini file depending on the requested method (http or https).

Is it doable to offer such an option or should I start from your image?

Thanks

Allow http in build arg / environment

Hi !

I was working to build a version of bastillion on OpenJDK > 9 and I found your page :)

2 questions :

  • Can you make the http / https scheme a choice ? I am using traefik to route trafic, and I don't need bastillion to run as https (I know how to do it, but I think it's a good feature to offer)
  • Have you tried to setup a AD server for auth using JDK 11 ?
    Thanks,

Cloudflare tunnel (Solved)

Hi
An easy way to have https accesses to my web services running in my Home server without having to open ports is to use Cloudflare tunnels. This process works with services like Node-RED, InfluxDB, Grafana, etc. but not with Bastillion. Note that if I open locally (that is inside the server) the url https://127.0.0.1:8443, all works OK which means that the container is running well.
Do you know what could cause this?
Regards and congratulations for this project.

Run behind Traefik reverse proxy

Just in case someone also wants to use Traefik, the following docker-compose.yml works. It was a bit tricky to figure out how to let Traefik (latest version, at least above 2.4!) to accept the self-signed certificate without fretting. For this, it requires also a dynamic conf file to relate to (see below).
docker-compose.yml.txt
nocertcheck.toml.txt

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.