This article was last updated 149 days ago. The information in it may have developed or changed. If it is invalid, please leave a message in the comment section.

Contents

Preface

Actually, I didn't originally intend to write this article. I'm usually too lazy to write about things that are readily available online. However, I thought that using this as an opportunity to record the entire process of building an application (mainly including database reuse) from beginning to end would allow me to simply refer to my article when needed in the future, thus saving myself even more time. So, this article came about.

Like other applications (NextCloud, WordPress, Chevereto, Shlink, JumpServer, etc.), Next-Terminal requires a database. Below is the official documentation regarding environment variables:

At this point, I still recommend that when deploying an application, you try to read the official documentation (if there is no official website, you can check the relevant web pages on GitHub or Docker Hub). Sometimes online tutorials may not be comprehensive or suitable for your environment, so try to develop a good habit of reading the official documentation.

I generally use MariaDB. Although I've specified MySQL here, in most cases, MariaDB is considered compatible with MySQL (I've encountered incompatibility, but only once so far). Some applications distinguish between MySQL and MariaDB as different database types (e.g., shlink). In this deployment, I will continue to use MariaDB instead of MySQL.

Initialize the database

As I mentioned in previous articles, I only use existing databases directly and don't frequently use Docker Compose to create new ones. Therefore, for applications that depend on MariaDB, I always have to manually initialize the database first. For specific steps, please refer to the following article:Tips and tricks: Create a new empty database and grant permissions to corresponding usersFollow the steps in the article to create a database named "next-terminal" and a database user named "next-terminal" (please define your own password) and grant the user access permissions to the database.

If there is no existing database, you need to create a new database container and then initialize the database. Refer to the following command:

docker run --name=mariadb01 -d --restart=always --network=public-net \ -p 3306:3306 \ -v /docker/mariadb/db:/var/lib/mysql \ -e MARIADB_ROOT_PASSWORD=yourpassword \ mariadb:10.11

Creating a bridge

Because a bridge named public-net is used below, it needs to be created in advance:

docker network create public-net

Deploy guacamole

Guacamole is a remote desktop gateway (also known as a jump server, because without it, a separate jump server would be truly necessary) that allows us to directly access RDP, VNC, and SSH via a web browser.

The command to create a new container is as follows:

docker run --name=guacd -d --restart=always --network=public-net \ -v /docker/next-terminal/data:/usr/local/next-terminal/data \ dushixiang/guacd:latest

The directory mounted by the -v parameter mentioned above/docker/next-terminal/dataThis is the mount directory of the next-terminal container that will be installed below.

The `--network=public-net` parameter must be specified for both the guacd container and the next-terminal container; otherwise, the connection between next-terminal and guacd can only be established using `--link`.

Containers within the same non-default bridge can communicate directly using their container names. Using `--link` is not a good practice, as it can become confusing as more connections are created. Therefore, it's recommended to develop good habits: when creating new containers, use `--network` (or `--net`) to add them to the same bridge network, or plan ahead and place them on different bridges so that they can communicate directly using their container names when needed.

Deploy next-terminal

docker run --name next-terminal -d --restart=always --network=public-net \ -p 8088:8088 \ -v /docker/next-terminal/data:/usr/local/next-terminal/data \ -v /etc/localtime:/etc/localtime \ -e DB=mysql \ -e MYSQL_HOSTNAME=mariadb01 \ -e MYSQL_PORT=3306 \ -e MYSQL_USERNAME=nextterminal \ -e MYSQL_PASSWORD=yourpassword \ -e MYSQL_DATABASE=nextterminal \ - e GUACD_HOSTNAME=guacd \ -e GUACD_PORT=4822 \ dushixiang/next-terminal:latest

Parameter explanation:
-p 8088:8088 Map the container's port 8088 to the host machine's port 8088. The port 8088 mentioned earlier is the host machine's port. You can modify this according to your specific needs.
-v /docker/next-terminal/data:/usr/local/next-terminal/data The host machine/docker/next-terminal/dataMounted in the container/usr/local/next-terminal/dataTable of contents
-v /etc/localtime:/etc/localtime Synchronize the host machine's local time to Docker.
-e DB=mysql \ Specify the database type as mysql
-e MYSQL_HOSTNAME=mariadb01 Your database container name or its external IP address. If the deployed MariaDB database is also on this host machine and uses...--network=public-netIf the parameters are specified, you can directly call the database using its corresponding container name; otherwise, you must use the `--link` command to hard-associate the database container name. If the databases are not on the same host machine, you need to access them over the network using the IP address of the host machine where the database is deployed.
-e MYSQL_PORT=3306 Specify the port for MariaDB. If it's on the same host machine and on the same network bridge, use port 3306 directly; otherwise, use the port mapped to the database.
-e MYSQL_USERNAME=nextterminal The username of the database created during database initialization.
-e MYSQL_PASSWORD=yourpassword The database user password set during database initialization
-e MYSQL_DATABASE=nextterminal The name of the database created during database initialization
-e GUACD_HOSTNAME=guacd The name of the newly created guacamole container
-e GUACD_PORT=4822 The guacd proxy listens on port 4822 by default. Since it's an in-container network access, it requires that it be on the same non-default bridge as next-terminal.

If all the previous preparations have been completed, the next-terminal can now be accessed directly.http://host_ip:8088Logged in:

The default username and password are both admin.

Mission accomplished.

I won't go into the details of the subsequent steps, as there are many tutorials online. In short, it's about adding assets and then clicking "Connect" to initiate the connection.

To be honest, this is much simpler than Jumpserver. I'm still completely confused about Jumpserver :( Mainly because I've never worked with a professional bastion host before, so I'm unfamiliar with some of the concepts. Also, for a home data center, those advanced features are really unnecessary, so I don't have much motivation to study it. I originally planned to write Jumpserver, but after setting it up, I got confused by some of the concepts, so I eventually compromised and used Next-Terminal instead.

Regarding jumpserver, those interested can try it out themselves. Besides initializing the database, you also need to deploy Redis beforehand. If you haven't deployed it, refer to the following commands:

docker run --name redis -d --restart=always --network=public-net -p 6379:6379 redis

I installed the all-in-one version, and the command is as follows:

docker run --name jumpserver -d --restart=always --network=public-net \ -v /docker/jumpserver/core/data:/opt/jumpserver/data \ -v /docker/jumpserver/koko/data:/opt/koko/data \ -v /docker/jumpserver/lion/data:/opt/lion/data \ -p 9040:80 \ -p 2222:2222 \ -p 30000-30100:30000-30100 \ -e SECRET_KEY=xxxxxxxx \ -e BOOTSTRAP_TOKEN=xxxxxxxx \ -e LOG_LEVEL=ERROR \ -e DB_HOST=mariaDB01 \ -e DB_PORT=3306 \ -e DB_USER=jumpserver \ -e DB_PASSWORD=yourpassowrd \ -e DB_NAME=jumpserver \ -e REDIS_HOST=redis \ -e REDIS_PORT=6379 \ --privileged=true \ jumpserver/jms_all:v3.4.3

There are many tutorials online, you can just search for them, I won't bother with that.

Configuring public network access

If you want to publish to the public Internet, you need to choose the most suitable publishing method according to the actual environment and the reverse proxy you use. You can refer to my previous articles:
1,Docker series uses Docker to build its own reverse proxy based on NPM
2,Linux panel series configure reverse proxy and use non-443 port for publishing
3.Home data center series uses domestic cloud hosting to get free cloudflare to achieve fast access to domestic sites from abroad
4.Home Data Center Series: Use cloudflare to build a website quickly with no public IP in your home broadband (general purpose)

The first and second methods are suitable for environments with public IP but no legal 443 port (home broadband, unregistered cloud host). You need to add a non-standard port after the URL (if you use cloudflare to build a website, you don't need to add a port, but you need to customize the source station port. You can refer to:Home data center series uses cloudflare's Origin Rules to solve the problem of having a public IP but no legal ports 80 and 443 when building a websiteThe third method is suitable for cloud hosts with a record, and the fourth method is suitable for all environments (including environments without public IP), which is also the method I recommend (regardless of whether your environment has a public IP or not, because this method does not require running https traffic directly on the public network).

📌 Content Structure Hints:

This content belongs to "Blog Knowledge MapThis is part of the document; you can view the full content path here: Blog Knowledge Map .

Share this article