Skip to content

Getting started

Hardware & Network requirements

To run SingleJump, you need to have a physical server or a virtual machine with the following minimum hardware requirements:

  • 2 CPUs
  • 4GB of RAM
  • 60GB of disk space

Additionally, it is recommended that you have a static public IP address so that this IP address can be the one accepted in the firewalls of your devices.

If you are planing to generate Let’s Encrypt certificates to secure the web access, the TCP port 80 should be opened.

Prepare your system

Install docker & docker compose

curl -sSL https://get.docker.com/ | CHANNEL=stable sh
systemctl enable --now docker
On Debian/Ubuntu systems:
apt update
apt install docker-compose-plugin

On RPM-based distributions:

yum update
yum install docker-compose-plugin

Create directory structure

SingleJump will persist data in the directories that you specify in the .env file, but you also need to create the directory structure for those volumes. For example:

mkdir -p /opt/singlejump/data/mysql/ /opt/singlejump/data/keys/ /opt/singlejump/data/recordings/ /opt/singlejump/data/logs/ /opt/singlejump/data/certs/ /opt/singlejump/data/letsencrypt/etc/ /opt/singlejump/data/letsencrypt/var/ /tmp/letsencrypt

DNS setup

It is recommended to choose a subdomain to access your SingleJump instance, as this will allow for the installation of an SSL certificate. For example: login.singlejump.com

To do this, point the subdomain using an A record to the IP address you have chosen for your SingleJump instance.

Install SingleJump

Authentication

SingleJump utilizes a private Docker repository to store the Docker images (web_server and ssh_server). To access these images, authentication with our repository is required.

To authenticate, follow these steps:

docker login docker.singlejump.com

And provide your credentails.

Create Compose File

Navigate to the directory where you are setting up SingleJump, such as /opt/singlejump, create a new file called docker-compose.yml with the following content:

version: "3.8"
services:
  web_server:
    container_name: web_server
    image: docker.singlejump.com/web-server:1.0
    environment:
      - TIMEZONE=${TIMEZONE}
      - DB_DATABASE=${DB_DATABASE}
      - DB_USERNAME=${DB_USERNAME}
      - DB_PASSWORD=${DB_PASSWORD}
      - DB_KEY=${DB_KEY}
      - DOMAIN=${DOMAIN}
    ports:
      - ${HTTPS_PORT}:443
      - 80:80
    volumes:
      - ${VOLUME_KEYS}:/home/singlejump/webapp/storage/app/keys
      - ${VOLUME_RECORDINGS}:/home/singlejump/recordings
      - ${VOLUME_LOGS}:/home/singlejump/webapp/storage/logs
      - ${VOLUME_CERTS}:/home/singlejump/webapp/storage/app/certs
    restart: unless-stopped
  ssh_server:
    container_name: ssh_server
    image: docker.singlejump.com/ssh-server:1.0
    environment:
      - DB_DATABASE=${DB_DATABASE}
      - DB_USERNAME=${DB_USERNAME}
      - DB_PASSWORD=${DB_PASSWORD}
      - DB_KEY=${DB_KEY}
    ports:
      - ${SSHD_PORT}:2222
    volumes:
      - ${VOLUME_KEYS}:/home/singlejump/keys
      - ${VOLUME_RECORDINGS}:/home/singlejump/recordings
      - ${VOLUME_LOGS}:/home/singlejump/logs
    restart: unless-stopped
  database_server:
    container_name: database_server
    image: mysql:latest
    ports:
      - 3306
    volumes:
      - ${VOLUME_MYSQL_DATA}:/var/lib/mysql
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE=${DB_DATABASE}
      - MYSQL_USER=${DB_USERNAME}
      - MYSQL_PASSWORD=${DB_PASSWORD}
    restart: unless-stopped

Now we need to configure our docker-compose environment variables. To do that, we need to generate a key that will be used to secure some user information into the database. You can generate it with the following command:

dd if=/dev/urandom bs=32 count=1|base64

Please take note of the output and use that string to set the variable DB_KEY in your .env file.

Also, ensure to set a secure password in the DB_PASSWORD variable.

Avoid using characters such as &, |, ;, <, >, !, [, ], (, ), {, }, *, ?, $, #, ^, ~, ", ', or ` in your DB_PASSWORD variable, as they may cause unexpected behavior.

Create the environment variables file .env and populate it with your configuration:

# Enviroment variables for running docker instances
TIMEZONE=America/Chicago
DB_DATABASE=singlejump
DB_USERNAME=singlejump
DB_PASSWORD=(random_password)

# You can generate this key with the following command: dd if=/dev/urandom bs=32 count=1|base64, do not change it after set
DB_KEY=(database_password_please_change)

HTTPS_PORT=8585
SSHD_PORT=2023
DOMAIN=login.yourdomain.com

VOLUME_KEYS=/opt/singlejump/data/keys
VOLUME_RECORDINGS=/opt/singlejump/data/recordings
VOLUME_LOGS=/opt/singlejump/data/logs
VOLUME_CERTS=/opt/singlejump/data/certs
VOLUME_MYSQL_DATA=/opt/singlejump/data/mysql

Set your license file

Place the provided license.txt file into the directory data/keys, for example: /opt/singlejump/data/keys/license.txt.

Start your SingleJump

Now it's time to start SingleJump. You can run your docker-compose file with the following command:

docker compose up -d

Configure SingleJump

SingleJump comes without any user, before you can access it you need to create a super-admin user.

Create super-user

Execute the following command and follow the instructions:

docker exec -it web_server su - singlejump -c "php /home/singlejump/webapp/artisan make:super-admin"

Login to the web interface

Now you can log in to the web interface using your IP address or domain specified in the .env file. For example: https://login.yourdomain.com:8585. Use the super-user credentials previously created.

Secure your web interface

We recommend setting up SSL to access your web interface, and you have two options:

Use Let’s Encrypt certificates

We shipped SingleJump with Let’s Encrypt auto signing and renewal for SSL certificates.

To generate and sign your Let’s Encrypt certificate, please follow these steps:

  1. Go to Settings.
  2. Enter your email address and domain name (e.g., login.yourdomain.com).
  3. Click Enable, then Save.
  4. Click Request, then Request now.

Please ensure that TCP port 80 is opened in your firewall and a public IP address is configured on your server to sign your certificate.

SingleJump will automatically renew the certificate before it expires.

Initialize the database

SingleJump utilizes asymmetric encryption or public-key encryption to store SSH private keys for each device you add. To do this, you need to generate the master private/public key that will be used for all your devices and users.

Please note that you should only initialize the database once. If you do it more than once, you will lose access to your devices, and you will have to add them again.

To initialize the database, enter your super-admin user password and click Save.

Activate your Two-Factor Authentication

To access devices through SSH or view SSH session recordings, you should enable 2FA. Currently, SingleJump provides Google Authenticator, but more alternatives will be added.

To enable it, click on the profile button at the top right corner, then click on "Two Factor Authentication", and then click "Enable".

You will be prompted for your password and presented with a QR code that you can scan using the Google Authenticator app.

Now you can start adding your Device Groups, Devices and Users.

Enable SSH Access

SingleJump allows SSH access to your devices through two methods:

From your browser by accessing the SingleJump web interface. From your favorite SSH client like Putty or the regular SSH terminal client. By default, there is an ACL (Access Control List) that allows connections from anywhere (0.0.0.0/0) for web access, but SSH access to SingleJump is disabled.

We recommend changing this default ACL to include only the IP address from which you or your staff will connect, and enabling SSH access. This will allow you to use SingleJump SSH Server to access your devices.

To do so, connect to SingleJump like this:

ssh -l [email protected] -p2023

You can add as many ACLs as you want, including IP addresses or networks. You can also define those ACLs by user or globally.

Please note that you need to enable Two-Factor Authentication before connecting to SingleJump via SSH.