ubuntu server 安装ejbca

BGK1123582023-08-12 22:10

使用bitnami提供的docker images

启动方式一:

bash 复制代码 
docker network create ejbca-network

sudo docker pull bitnami/mariadb:10.6
docker volume create --name mariadb_data
docker run -d --name mariadb --env ALLOW_EMPTY_PASSWORD=yes --env MARIADB_USER=bn_ejbca --env MARIADB_PASSWORD=Bitnami1234 --env MARIADB_DATABASE=bitnami_ejbca --network ejbca-network --volume mariadb_data:/bitnami/mariadb bitnami/mariadb:10.6

sudo docker pull bitnami/ejbca:7
docker volume create --name ejbca_data
docker run -d --name ejbca -p 8080:8080 -p 8443:8443 --env ALLOW_EMPTY_PASSWORD=yes --env EJBCA_DATABASE_USERNAME=bn_ejbca --env EJBCA_DATABASE_PASSWORD=Bitnami1234 --env EJBCA_DATABASE_HOST=mariadb --env EJBCA_DATABASE_NAME=bitnami_ejbca --network ejbca-network --volume ejbca_data:/bitnami/wildfly bitnami/ejbca:7

启动方式二:

bash 复制代码 
# docker-compose.yml
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0

version: "2"
services:
  mariadb:
    image: docker.io/bitnami/mariadb:10.6
    volumes:
      - "mariadb_data:/bitnami/mariadb"
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_USER=bn_ejbca
      - MARIADB_DATABASE=bitnami_ejbca
      - MARIADB_PASSWORD=Bitnami1234
  ejbca:
    image: docker.io/bitnami/ejbca:7
    ports:
      - 8081:8080
      - 8443:8443
      - 8009:8009
    volumes:
      - "wildfly_data:/bitnami/wildfly"
    environment:
      - EJBCA_DATABASE_HOST=mariadb
      - EJBCA_DATABASE_NAME=bitnami_ejbca
      - EJBCA_DATABASE_USERNAME=bn_ejbca
      - EJBCA_DATABASE_PASSWORD=Bitnami1234
volumes:
  mariadb_data:
    driver: local
  wildfly_data:
    driver: local
bash 复制代码 
docker-compose up -d

Persisting your application

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/wildfly path. If the mounted directory is empty, it will be initialized on the first run.

bash 复制代码 
docker run -v /path/to/ejbca-persistence:/bitnami/wildfly bitnami/ejbca:7

You can also do this with a minor change to the docker-compose.yml file present in this repository:

bash 复制代码 
   ejbca:
     ...
     volumes:
-      - 'wildfly_data:/bitnami/wildfly'
+      - /path/to/ejbca-persistence:/bitnami/wildfly
   ...
-volumes:
-  ejbca_data:
-    driver: local

客户端证书没有生成到默认位置(论坛给出的方法,经测试安装后并不能让浏览器信任)

bash 复制代码 
cd /opt/bitnami/ejbca
bin/ejbca.sh ra setendentitystatus superadmin 10
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch ejbca

其他参考

bash 复制代码 
bin/ejbca.sh ra set user status superadmin 10 
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch

获取客户端证书

bash 复制代码 
docker cp container-id:/opt/bitnami/ejbca/p12/superadmin.p12 /home/ubuntu

其他相关命令

bash 复制代码 
docker logs ejbca
docker exec -it container_name /bin/bash

官方描述步骤

bash 复制代码 
http://localhost:8080/ejbca/doc/Quick_Install_Guide.html

bitnami用了自己的策略,与官方的不同,官方描述的启动日志打印用户名和密码在bitnami中使用环境变量做了修改

bash 复制代码 
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
bash 复制代码 
#!/bin/bash
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for ejbca

# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)

# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh

export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"

# Logging configuration
export MODULE="${MODULE:-ejbca}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"

# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
ejbca_env_vars=(
    EJBCA_WILDFLY_ADMIN_USER
    EJBCA_WILDFLY_ADMIN_PASSWORD
    EJBCA_SERVER_CERT_FILE
    EJBCA_SERVER_CERT_PASSWORD
    EJBCA_HTTP_PORT_NUMBER
    EJBCA_HTTPS_PORT_NUMBER
    EJBCA_HTTPS_ADVERTISED_PORT_NUMBER
    EJBCA_ADMIN_USERNAME
    EJBCA_ADMIN_PASSWORD
    EJBCA_DATABASE_HOST
    EJBCA_DATABASE_PORT
    EJBCA_DATABASE_NAME
    EJBCA_DATABASE_USERNAME
    EJBCA_DATABASE_PASSWORD
    EJBCA_CA_NAME
    JAVA_OPTS
    EJBCA_SMTP_HOST
    EJBCA_SMTP_PORT
    EJBCA_SMTP_FROM_ADDRESS
    EJBCA_SMTP_TLS
    EJBCA_SMTP_USERNAME
    EJBCA_SMTP_PASSWORD
)
for env_var in "${ejbca_env_vars[@]}"; do
    file_env_var="${env_var}_FILE"
    if [[ -n "${!file_env_var:-}" ]]; then
        if [[ -r "${!file_env_var:-}" ]]; then
            export "${env_var}=$(< "${!file_env_var}")"
            unset "${file_env_var}"
        else
            warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
        fi
    fi
done
unset ejbca_env_vars

# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export EJBCA_BASE_DIR="${BITNAMI_ROOT_DIR}/ejbca"
export EJBCA_BIN_DIR="${EJBCA_BASE_DIR}/bin"
export EJBCA_TMP_DIR="${EJBCA_BASE_DIR}/tmp"
export EJBCA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export EJBCA_DATABASE_SCRIPTS_DIR="${EJBCA_BASE_DIR}/sql-scripts"

# Persistence
export EJBCA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ejbca"
export EJBCA_WILDFLY_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/wildfly"
export EJBCA_DATA_DIR="${EJBCA_VOLUME_DIR}/tls"

# DB scripts
export EJBCA_DB_SCRIPT_INDEXES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql"
export EJBCA_DB_SCRIPT_TABLES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql"

# EJBA deployment
export EJBCA_EAR_FILE="${EJBCA_BASE_DIR}/dist/ejbca.ear"

# Wildfly
export EJBCA_WILDFLY_BASE_DIR="${BITNAMI_ROOT_DIR}/wildfly"
export EJBCA_WILDFLY_TMP_DIR="${EJBCA_WILDFLY_BASE_DIR}/tmp"
export EJBCA_WILDFLY_BIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/bin"
export EJBCA_WILDFLY_CONF_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/configuration"
export EJBCA_WILDFLY_PID_DIR="${EJBCA_TMP_DIR}"
export EJBCA_WILDFLY_PID_FILE="${EJBCA_WILDFLY_PID_DIR}/wildfly.pid"
export EJBCA_WILDFLY_DEPLOY_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/deployments"
export EJBCA_WILDFLY_ADMIN_USER="${EJBCA_WILDFLY_ADMIN_USER:-admin}"
export EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-}"
export EJBCA_WILDFLY_TRUSTSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/truststore.jks"
export EJBCA_WILDFLY_KEYSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/keystore.jks"
export EJBCA_WILDFLY_STANDALONE_CONF_FILE="${EJBCA_WILDFLY_BIN_DIR}/standalone.conf"
export EJBCA_WILDFLY_STANDALONE_XML_FILE="${EJBCA_WILDFLY_CONF_DIR}/standalone.xml"

# Users
export EJBCA_DAEMON_USER="wildfly"
export EJBCA_DAEMON_GROUP="wildfly"

# Keystores
export EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/keystore.pwd"
export EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/truststore.pwd"
export EJBCA_WILDFLY_ADMIN_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/wildfly_admin.pwd"
export EJBCA_SERVER_CERT_FILE="${EJBCA_SERVER_CERT_FILE:-}"
export EJBCA_SERVER_CERT_PASSWORD="${EJBCA_SERVER_CERT_PASSWORD:-}"
export EJBCA_TEMP_CERT="${EJBCA_TMP_DIR}/cacert.der"

# Settings
export EJBCA_HTTP_PORT_NUMBER="${EJBCA_HTTP_PORT_NUMBER:-8080}"
export EJBCA_HTTPS_PORT_NUMBER="${EJBCA_HTTPS_PORT_NUMBER:-8443}"
export EJBCA_HTTPS_ADVERTISED_PORT_NUMBER="${EJBCA_HTTPS_ADVERTISED_PORT_NUMBER:-$EJBCA_HTTPS_PORT_NUMBER}"
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
export EJBCA_DATABASE_HOST="${EJBCA_DATABASE_HOST:-}"
export EJBCA_DATABASE_PORT="${EJBCA_DATABASE_PORT:-3306}"
export EJBCA_DATABASE_NAME="${EJBCA_DATABASE_NAME:-}"
export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}"
export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}"
export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}"
export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}"
export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}"
export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}"
export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}"
export EJBCA_SMTP_TLS="${EJBCA_SMTP_TLS:-false}"
export EJBCA_SMTP_USERNAME="${EJBCA_SMTP_USERNAME:-}"
export EJBCA_SMTP_PASSWORD="${EJBCA_SMTP_PASSWORD:-}"

# EJBCA environment variables.
export EJBCA_HOME="${EJBCA_BASE_DIR}"
export JAVA_HOME="/opt/bitnami/java"
export JBOSS_HOME="${EJBCA_WILDFLY_BASE_DIR}"
export LAUNCH_JBOSS_IN_BACKGROUND="true"
export JBOSS_PIDFILE="${EJBCA_WILDFLY_PID_FILE}"
export EJBCA_WILDFLY_DATA_TO_PERSIST="${EJBCA_WILDFLY_CONF_DIR},${EJBCA_WILDFLY_ADMIN_PASSWORD_FILE},${EJBCA_WILDFLY_BASE_DIR}/standalone/data,${EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE},${EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE}"

# Custom environment variables may be defined below
相关推荐
YuTaoShao11 分钟前
【LeetCode 热题 100】994. 腐烂的橘子——BFS
java·linux·算法·leetcode·宽度优先
退役小学生呀13 分钟前
十五、K8s可观测能力:日志收集
linux·云原生·容器·kubernetes·k8s
van叶~15 分钟前
Linux探秘坊-------15.线程概念与控制
linux·运维·服务器
Andy杨2 小时前
20250718-1-Kubernetes 应用程序生命周期管理-应用部署、升级、弹性_笔记
linux·docker·容器
写写闲篇儿6 小时前
Python+MongoDB高效开发组合
linux·python·mongodb
一个龙的传说7 小时前
linux 常用命令
linux·服务器·zookeeper
别致的影分身8 小时前
Docker 镜像原理
运维·docker·容器
路人蛃8 小时前
通过国内扣子(Coze)搭建智能体并接入discord机器人
人工智能·python·ubuntu·ai·aigc·个人开发
庸子8 小时前
Ansible & AWX 自动化运维
运维·自动化·ansible
热门推荐
01全球最强模型Grok4,国内已可免费使用!(附教程)02Cursor Claude 模型无法使用的解决方法03KGG转MP3工具|非KGM文件|解密音频04【2025.7.18】更新vscode后所有.vue文件template标签后报红的临时解决办法,Vue - Official 插件3.0.2导致05【无标题】06集群聊天服务器---MySQL数据库的建立07突破限制:使用 Claude Code Proxy 让 Claude Code 自由连接任意模型08绿色建筑新态势:楼宇自控助力能效提升,推动成本优化新路径09使用Ruby接入实时行情API教程10Claude Code 最新版已经支持 Windows 安装使用!