ubuntu server 安装ejbca

使用bitnami提供的docker images

启动方式一:

bash 复制代码
docker network create ejbca-network

sudo docker pull bitnami/mariadb:10.6
docker volume create --name mariadb_data
docker run -d --name mariadb --env ALLOW_EMPTY_PASSWORD=yes --env MARIADB_USER=bn_ejbca --env MARIADB_PASSWORD=Bitnami1234 --env MARIADB_DATABASE=bitnami_ejbca --network ejbca-network --volume mariadb_data:/bitnami/mariadb bitnami/mariadb:10.6

sudo docker pull bitnami/ejbca:7
docker volume create --name ejbca_data
docker run -d --name ejbca -p 8080:8080 -p 8443:8443 --env ALLOW_EMPTY_PASSWORD=yes --env EJBCA_DATABASE_USERNAME=bn_ejbca --env EJBCA_DATABASE_PASSWORD=Bitnami1234 --env EJBCA_DATABASE_HOST=mariadb --env EJBCA_DATABASE_NAME=bitnami_ejbca --network ejbca-network --volume ejbca_data:/bitnami/wildfly bitnami/ejbca:7

启动方式二:

bash 复制代码
# docker-compose.yml
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0

version: "2"
services:
  mariadb:
    image: docker.io/bitnami/mariadb:10.6
    volumes:
      - "mariadb_data:/bitnami/mariadb"
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_USER=bn_ejbca
      - MARIADB_DATABASE=bitnami_ejbca
      - MARIADB_PASSWORD=Bitnami1234
  ejbca:
    image: docker.io/bitnami/ejbca:7
    ports:
      - 8081:8080
      - 8443:8443
      - 8009:8009
    volumes:
      - "wildfly_data:/bitnami/wildfly"
    environment:
      - EJBCA_DATABASE_HOST=mariadb
      - EJBCA_DATABASE_NAME=bitnami_ejbca
      - EJBCA_DATABASE_USERNAME=bn_ejbca
      - EJBCA_DATABASE_PASSWORD=Bitnami1234
volumes:
  mariadb_data:
    driver: local
  wildfly_data:
    driver: local
bash 复制代码
docker-compose up -d

Persisting your application

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/wildfly path. If the mounted directory is empty, it will be initialized on the first run.

bash 复制代码
docker run -v /path/to/ejbca-persistence:/bitnami/wildfly bitnami/ejbca:7

You can also do this with a minor change to the docker-compose.yml file present in this repository:

bash 复制代码
   ejbca:
     ...
     volumes:
-      - 'wildfly_data:/bitnami/wildfly'
+      - /path/to/ejbca-persistence:/bitnami/wildfly
   ...
-volumes:
-  ejbca_data:
-    driver: local

客户端证书没有生成到默认位置(论坛给出的方法,经测试安装后并不能让浏览器信任)

bash 复制代码
cd /opt/bitnami/ejbca
bin/ejbca.sh ra setendentitystatus superadmin 10
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch ejbca

其他参考

bash 复制代码
bin/ejbca.sh ra set user status superadmin 10 
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch

获取客户端证书

bash 复制代码
docker cp container-id:/opt/bitnami/ejbca/p12/superadmin.p12 /home/ubuntu

其他相关命令

bash 复制代码
docker logs ejbca
docker exec -it container_name /bin/bash

官方描述步骤

bash 复制代码
http://localhost:8080/ejbca/doc/Quick_Install_Guide.html

bitnami用了自己的策略,与官方的不同,官方描述的启动日志打印用户名和密码在bitnami中使用环境变量做了修改

bash 复制代码
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
bash 复制代码
#!/bin/bash
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for ejbca

# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)

# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh

export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"

# Logging configuration
export MODULE="${MODULE:-ejbca}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"

# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
ejbca_env_vars=(
    EJBCA_WILDFLY_ADMIN_USER
    EJBCA_WILDFLY_ADMIN_PASSWORD
    EJBCA_SERVER_CERT_FILE
    EJBCA_SERVER_CERT_PASSWORD
    EJBCA_HTTP_PORT_NUMBER
    EJBCA_HTTPS_PORT_NUMBER
    EJBCA_HTTPS_ADVERTISED_PORT_NUMBER
    EJBCA_ADMIN_USERNAME
    EJBCA_ADMIN_PASSWORD
    EJBCA_DATABASE_HOST
    EJBCA_DATABASE_PORT
    EJBCA_DATABASE_NAME
    EJBCA_DATABASE_USERNAME
    EJBCA_DATABASE_PASSWORD
    EJBCA_CA_NAME
    JAVA_OPTS
    EJBCA_SMTP_HOST
    EJBCA_SMTP_PORT
    EJBCA_SMTP_FROM_ADDRESS
    EJBCA_SMTP_TLS
    EJBCA_SMTP_USERNAME
    EJBCA_SMTP_PASSWORD
)
for env_var in "${ejbca_env_vars[@]}"; do
    file_env_var="${env_var}_FILE"
    if [[ -n "${!file_env_var:-}" ]]; then
        if [[ -r "${!file_env_var:-}" ]]; then
            export "${env_var}=$(< "${!file_env_var}")"
            unset "${file_env_var}"
        else
            warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
        fi
    fi
done
unset ejbca_env_vars

# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export EJBCA_BASE_DIR="${BITNAMI_ROOT_DIR}/ejbca"
export EJBCA_BIN_DIR="${EJBCA_BASE_DIR}/bin"
export EJBCA_TMP_DIR="${EJBCA_BASE_DIR}/tmp"
export EJBCA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export EJBCA_DATABASE_SCRIPTS_DIR="${EJBCA_BASE_DIR}/sql-scripts"

# Persistence
export EJBCA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ejbca"
export EJBCA_WILDFLY_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/wildfly"
export EJBCA_DATA_DIR="${EJBCA_VOLUME_DIR}/tls"

# DB scripts
export EJBCA_DB_SCRIPT_INDEXES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql"
export EJBCA_DB_SCRIPT_TABLES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql"

# EJBA deployment
export EJBCA_EAR_FILE="${EJBCA_BASE_DIR}/dist/ejbca.ear"

# Wildfly
export EJBCA_WILDFLY_BASE_DIR="${BITNAMI_ROOT_DIR}/wildfly"
export EJBCA_WILDFLY_TMP_DIR="${EJBCA_WILDFLY_BASE_DIR}/tmp"
export EJBCA_WILDFLY_BIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/bin"
export EJBCA_WILDFLY_CONF_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/configuration"
export EJBCA_WILDFLY_PID_DIR="${EJBCA_TMP_DIR}"
export EJBCA_WILDFLY_PID_FILE="${EJBCA_WILDFLY_PID_DIR}/wildfly.pid"
export EJBCA_WILDFLY_DEPLOY_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/deployments"
export EJBCA_WILDFLY_ADMIN_USER="${EJBCA_WILDFLY_ADMIN_USER:-admin}"
export EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-}"
export EJBCA_WILDFLY_TRUSTSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/truststore.jks"
export EJBCA_WILDFLY_KEYSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/keystore.jks"
export EJBCA_WILDFLY_STANDALONE_CONF_FILE="${EJBCA_WILDFLY_BIN_DIR}/standalone.conf"
export EJBCA_WILDFLY_STANDALONE_XML_FILE="${EJBCA_WILDFLY_CONF_DIR}/standalone.xml"

# Users
export EJBCA_DAEMON_USER="wildfly"
export EJBCA_DAEMON_GROUP="wildfly"

# Keystores
export EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/keystore.pwd"
export EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/truststore.pwd"
export EJBCA_WILDFLY_ADMIN_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/wildfly_admin.pwd"
export EJBCA_SERVER_CERT_FILE="${EJBCA_SERVER_CERT_FILE:-}"
export EJBCA_SERVER_CERT_PASSWORD="${EJBCA_SERVER_CERT_PASSWORD:-}"
export EJBCA_TEMP_CERT="${EJBCA_TMP_DIR}/cacert.der"

# Settings
export EJBCA_HTTP_PORT_NUMBER="${EJBCA_HTTP_PORT_NUMBER:-8080}"
export EJBCA_HTTPS_PORT_NUMBER="${EJBCA_HTTPS_PORT_NUMBER:-8443}"
export EJBCA_HTTPS_ADVERTISED_PORT_NUMBER="${EJBCA_HTTPS_ADVERTISED_PORT_NUMBER:-$EJBCA_HTTPS_PORT_NUMBER}"
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
export EJBCA_DATABASE_HOST="${EJBCA_DATABASE_HOST:-}"
export EJBCA_DATABASE_PORT="${EJBCA_DATABASE_PORT:-3306}"
export EJBCA_DATABASE_NAME="${EJBCA_DATABASE_NAME:-}"
export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}"
export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}"
export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}"
export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}"
export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}"
export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}"
export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}"
export EJBCA_SMTP_TLS="${EJBCA_SMTP_TLS:-false}"
export EJBCA_SMTP_USERNAME="${EJBCA_SMTP_USERNAME:-}"
export EJBCA_SMTP_PASSWORD="${EJBCA_SMTP_PASSWORD:-}"

# EJBCA environment variables.
export EJBCA_HOME="${EJBCA_BASE_DIR}"
export JAVA_HOME="/opt/bitnami/java"
export JBOSS_HOME="${EJBCA_WILDFLY_BASE_DIR}"
export LAUNCH_JBOSS_IN_BACKGROUND="true"
export JBOSS_PIDFILE="${EJBCA_WILDFLY_PID_FILE}"
export EJBCA_WILDFLY_DATA_TO_PERSIST="${EJBCA_WILDFLY_CONF_DIR},${EJBCA_WILDFLY_ADMIN_PASSWORD_FILE},${EJBCA_WILDFLY_BASE_DIR}/standalone/data,${EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE},${EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE}"

# Custom environment variables may be defined below
相关推荐
大耳朵-小飞象2 小时前
智能调光4巨头争霸!轨道照明如何破局?
运维·智慧城市·智慧路灯·智能照明·楼宇智控·0-10v调光模块
sanzk2 小时前
firefly开发板ubuntu安装ros2下的micro-ROS Agent
linux·运维·ubuntu
努力进修4 小时前
Docker+cpolar 实战:打造灵活可控的远程办公系统
运维·docker·容器
其实防守也摸鱼4 小时前
运维--怎么看接口的请求和返回
运维·学习·网络安全·网络攻击模型·burpsuite·攻防对抗·蓝队
weixin_307779135 小时前
Linux下Nginx故障系统化检查Shell脚本
linux·运维·服务器·nginx·自动化
skyutuzz6 小时前
node安装部署
linux
一次旅行6 小时前
【AI工具】Rust-Based CLI:用 xargs 和并行加速你的 Linux 日常
linux·开发语言·rust
jieyucx7 小时前
Docker 入门第一阶段:建立正确认知与初体验
运维·docker·容器
2501_925963389 小时前
Hi3516CV610 + MPU6050 DMP 软件 EIS 防抖笔记
linux·运维·服务器
qetfw9 小时前
CentOS 7 基础环境配置
linux·运维·centos