ubuntu server 安装ejbca

使用bitnami提供的docker images

启动方式一:

bash 复制代码
docker network create ejbca-network

sudo docker pull bitnami/mariadb:10.6
docker volume create --name mariadb_data
docker run -d --name mariadb --env ALLOW_EMPTY_PASSWORD=yes --env MARIADB_USER=bn_ejbca --env MARIADB_PASSWORD=Bitnami1234 --env MARIADB_DATABASE=bitnami_ejbca --network ejbca-network --volume mariadb_data:/bitnami/mariadb bitnami/mariadb:10.6

sudo docker pull bitnami/ejbca:7
docker volume create --name ejbca_data
docker run -d --name ejbca -p 8080:8080 -p 8443:8443 --env ALLOW_EMPTY_PASSWORD=yes --env EJBCA_DATABASE_USERNAME=bn_ejbca --env EJBCA_DATABASE_PASSWORD=Bitnami1234 --env EJBCA_DATABASE_HOST=mariadb --env EJBCA_DATABASE_NAME=bitnami_ejbca --network ejbca-network --volume ejbca_data:/bitnami/wildfly bitnami/ejbca:7

启动方式二:

bash 复制代码
# docker-compose.yml
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0

version: "2"
services:
  mariadb:
    image: docker.io/bitnami/mariadb:10.6
    volumes:
      - "mariadb_data:/bitnami/mariadb"
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_USER=bn_ejbca
      - MARIADB_DATABASE=bitnami_ejbca
      - MARIADB_PASSWORD=Bitnami1234
  ejbca:
    image: docker.io/bitnami/ejbca:7
    ports:
      - 8081:8080
      - 8443:8443
      - 8009:8009
    volumes:
      - "wildfly_data:/bitnami/wildfly"
    environment:
      - EJBCA_DATABASE_HOST=mariadb
      - EJBCA_DATABASE_NAME=bitnami_ejbca
      - EJBCA_DATABASE_USERNAME=bn_ejbca
      - EJBCA_DATABASE_PASSWORD=Bitnami1234
volumes:
  mariadb_data:
    driver: local
  wildfly_data:
    driver: local
bash 复制代码
docker-compose up -d

Persisting your application

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/wildfly path. If the mounted directory is empty, it will be initialized on the first run.

bash 复制代码
docker run -v /path/to/ejbca-persistence:/bitnami/wildfly bitnami/ejbca:7

You can also do this with a minor change to the docker-compose.yml file present in this repository:

bash 复制代码
   ejbca:
     ...
     volumes:
-      - 'wildfly_data:/bitnami/wildfly'
+      - /path/to/ejbca-persistence:/bitnami/wildfly
   ...
-volumes:
-  ejbca_data:
-    driver: local

客户端证书没有生成到默认位置(论坛给出的方法,经测试安装后并不能让浏览器信任)

bash 复制代码
cd /opt/bitnami/ejbca
bin/ejbca.sh ra setendentitystatus superadmin 10
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch ejbca

其他参考

bash 复制代码
bin/ejbca.sh ra set user status superadmin 10 
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch

获取客户端证书

bash 复制代码
docker cp container-id:/opt/bitnami/ejbca/p12/superadmin.p12 /home/ubuntu

其他相关命令

bash 复制代码
docker logs ejbca
docker exec -it container_name /bin/bash

官方描述步骤

bash 复制代码
http://localhost:8080/ejbca/doc/Quick_Install_Guide.html

bitnami用了自己的策略,与官方的不同,官方描述的启动日志打印用户名和密码在bitnami中使用环境变量做了修改

bash 复制代码
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
bash 复制代码
#!/bin/bash
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for ejbca

# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)

# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh

export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"

# Logging configuration
export MODULE="${MODULE:-ejbca}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"

# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
ejbca_env_vars=(
    EJBCA_WILDFLY_ADMIN_USER
    EJBCA_WILDFLY_ADMIN_PASSWORD
    EJBCA_SERVER_CERT_FILE
    EJBCA_SERVER_CERT_PASSWORD
    EJBCA_HTTP_PORT_NUMBER
    EJBCA_HTTPS_PORT_NUMBER
    EJBCA_HTTPS_ADVERTISED_PORT_NUMBER
    EJBCA_ADMIN_USERNAME
    EJBCA_ADMIN_PASSWORD
    EJBCA_DATABASE_HOST
    EJBCA_DATABASE_PORT
    EJBCA_DATABASE_NAME
    EJBCA_DATABASE_USERNAME
    EJBCA_DATABASE_PASSWORD
    EJBCA_CA_NAME
    JAVA_OPTS
    EJBCA_SMTP_HOST
    EJBCA_SMTP_PORT
    EJBCA_SMTP_FROM_ADDRESS
    EJBCA_SMTP_TLS
    EJBCA_SMTP_USERNAME
    EJBCA_SMTP_PASSWORD
)
for env_var in "${ejbca_env_vars[@]}"; do
    file_env_var="${env_var}_FILE"
    if [[ -n "${!file_env_var:-}" ]]; then
        if [[ -r "${!file_env_var:-}" ]]; then
            export "${env_var}=$(< "${!file_env_var}")"
            unset "${file_env_var}"
        else
            warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
        fi
    fi
done
unset ejbca_env_vars

# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export EJBCA_BASE_DIR="${BITNAMI_ROOT_DIR}/ejbca"
export EJBCA_BIN_DIR="${EJBCA_BASE_DIR}/bin"
export EJBCA_TMP_DIR="${EJBCA_BASE_DIR}/tmp"
export EJBCA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export EJBCA_DATABASE_SCRIPTS_DIR="${EJBCA_BASE_DIR}/sql-scripts"

# Persistence
export EJBCA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ejbca"
export EJBCA_WILDFLY_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/wildfly"
export EJBCA_DATA_DIR="${EJBCA_VOLUME_DIR}/tls"

# DB scripts
export EJBCA_DB_SCRIPT_INDEXES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql"
export EJBCA_DB_SCRIPT_TABLES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql"

# EJBA deployment
export EJBCA_EAR_FILE="${EJBCA_BASE_DIR}/dist/ejbca.ear"

# Wildfly
export EJBCA_WILDFLY_BASE_DIR="${BITNAMI_ROOT_DIR}/wildfly"
export EJBCA_WILDFLY_TMP_DIR="${EJBCA_WILDFLY_BASE_DIR}/tmp"
export EJBCA_WILDFLY_BIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/bin"
export EJBCA_WILDFLY_CONF_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/configuration"
export EJBCA_WILDFLY_PID_DIR="${EJBCA_TMP_DIR}"
export EJBCA_WILDFLY_PID_FILE="${EJBCA_WILDFLY_PID_DIR}/wildfly.pid"
export EJBCA_WILDFLY_DEPLOY_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/deployments"
export EJBCA_WILDFLY_ADMIN_USER="${EJBCA_WILDFLY_ADMIN_USER:-admin}"
export EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-}"
export EJBCA_WILDFLY_TRUSTSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/truststore.jks"
export EJBCA_WILDFLY_KEYSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/keystore.jks"
export EJBCA_WILDFLY_STANDALONE_CONF_FILE="${EJBCA_WILDFLY_BIN_DIR}/standalone.conf"
export EJBCA_WILDFLY_STANDALONE_XML_FILE="${EJBCA_WILDFLY_CONF_DIR}/standalone.xml"

# Users
export EJBCA_DAEMON_USER="wildfly"
export EJBCA_DAEMON_GROUP="wildfly"

# Keystores
export EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/keystore.pwd"
export EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/truststore.pwd"
export EJBCA_WILDFLY_ADMIN_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/wildfly_admin.pwd"
export EJBCA_SERVER_CERT_FILE="${EJBCA_SERVER_CERT_FILE:-}"
export EJBCA_SERVER_CERT_PASSWORD="${EJBCA_SERVER_CERT_PASSWORD:-}"
export EJBCA_TEMP_CERT="${EJBCA_TMP_DIR}/cacert.der"

# Settings
export EJBCA_HTTP_PORT_NUMBER="${EJBCA_HTTP_PORT_NUMBER:-8080}"
export EJBCA_HTTPS_PORT_NUMBER="${EJBCA_HTTPS_PORT_NUMBER:-8443}"
export EJBCA_HTTPS_ADVERTISED_PORT_NUMBER="${EJBCA_HTTPS_ADVERTISED_PORT_NUMBER:-$EJBCA_HTTPS_PORT_NUMBER}"
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
export EJBCA_DATABASE_HOST="${EJBCA_DATABASE_HOST:-}"
export EJBCA_DATABASE_PORT="${EJBCA_DATABASE_PORT:-3306}"
export EJBCA_DATABASE_NAME="${EJBCA_DATABASE_NAME:-}"
export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}"
export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}"
export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}"
export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}"
export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}"
export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}"
export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}"
export EJBCA_SMTP_TLS="${EJBCA_SMTP_TLS:-false}"
export EJBCA_SMTP_USERNAME="${EJBCA_SMTP_USERNAME:-}"
export EJBCA_SMTP_PASSWORD="${EJBCA_SMTP_PASSWORD:-}"

# EJBCA environment variables.
export EJBCA_HOME="${EJBCA_BASE_DIR}"
export JAVA_HOME="/opt/bitnami/java"
export JBOSS_HOME="${EJBCA_WILDFLY_BASE_DIR}"
export LAUNCH_JBOSS_IN_BACKGROUND="true"
export JBOSS_PIDFILE="${EJBCA_WILDFLY_PID_FILE}"
export EJBCA_WILDFLY_DATA_TO_PERSIST="${EJBCA_WILDFLY_CONF_DIR},${EJBCA_WILDFLY_ADMIN_PASSWORD_FILE},${EJBCA_WILDFLY_BASE_DIR}/standalone/data,${EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE},${EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE}"

# Custom environment variables may be defined below
相关推荐
c30%0040 分钟前
内网渗透——红日靶场五
运维·服务器
宇钶宇夕1 小时前
EPLAN 电气制图:建立自己的部件库,添加部件-加SQL Server安装教程(三)上
运维·服务器·数据库·程序人生·自动化
susu10830189112 小时前
Debian 11 Bullseye 在线安装docker
运维·docker·debian
行止62 小时前
OpenStack云平台管理
linux·openstack
love530love2 小时前
Docker 稳定运行与存储优化全攻略(含可视化指南)
运维·人工智能·windows·docker·容器
岁岁岁平安2 小时前
CentOS-7-x86_64解决:使用NAT模式无法ping通www.baidu.com或无法ping 8.8.8.8问题。
linux·运维·centos·centos-7
运维小贺3 小时前
各服务器厂商调整BIOS睿频教程
linux·运维·服务器·性能优化
网硕互联的小客服3 小时前
如何排查服务器中已经存在的后门程序?
运维·服务器·github
人生匆匆3 小时前
docker进入启动失败的容器
运维·docker·容器
Fanmeang3 小时前
OSPF路由过滤
运维·网络·华为·ip·路由·ospf·路由过滤