ubuntu server 安装ejbca

BGK1123582023-08-12 22:10

使用bitnami提供的docker images

启动方式一:

bash 复制代码 
docker network create ejbca-network

sudo docker pull bitnami/mariadb:10.6
docker volume create --name mariadb_data
docker run -d --name mariadb --env ALLOW_EMPTY_PASSWORD=yes --env MARIADB_USER=bn_ejbca --env MARIADB_PASSWORD=Bitnami1234 --env MARIADB_DATABASE=bitnami_ejbca --network ejbca-network --volume mariadb_data:/bitnami/mariadb bitnami/mariadb:10.6

sudo docker pull bitnami/ejbca:7
docker volume create --name ejbca_data
docker run -d --name ejbca -p 8080:8080 -p 8443:8443 --env ALLOW_EMPTY_PASSWORD=yes --env EJBCA_DATABASE_USERNAME=bn_ejbca --env EJBCA_DATABASE_PASSWORD=Bitnami1234 --env EJBCA_DATABASE_HOST=mariadb --env EJBCA_DATABASE_NAME=bitnami_ejbca --network ejbca-network --volume ejbca_data:/bitnami/wildfly bitnami/ejbca:7

启动方式二:

bash 复制代码 
# docker-compose.yml
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0

version: "2"
services:
  mariadb:
    image: docker.io/bitnami/mariadb:10.6
    volumes:
      - "mariadb_data:/bitnami/mariadb"
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_USER=bn_ejbca
      - MARIADB_DATABASE=bitnami_ejbca
      - MARIADB_PASSWORD=Bitnami1234
  ejbca:
    image: docker.io/bitnami/ejbca:7
    ports:
      - 8081:8080
      - 8443:8443
      - 8009:8009
    volumes:
      - "wildfly_data:/bitnami/wildfly"
    environment:
      - EJBCA_DATABASE_HOST=mariadb
      - EJBCA_DATABASE_NAME=bitnami_ejbca
      - EJBCA_DATABASE_USERNAME=bn_ejbca
      - EJBCA_DATABASE_PASSWORD=Bitnami1234
volumes:
  mariadb_data:
    driver: local
  wildfly_data:
    driver: local
bash 复制代码 
docker-compose up -d

Persisting your application

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/wildfly path. If the mounted directory is empty, it will be initialized on the first run.

bash 复制代码 
docker run -v /path/to/ejbca-persistence:/bitnami/wildfly bitnami/ejbca:7

You can also do this with a minor change to the docker-compose.yml file present in this repository:

bash 复制代码 
   ejbca:
     ...
     volumes:
-      - 'wildfly_data:/bitnami/wildfly'
+      - /path/to/ejbca-persistence:/bitnami/wildfly
   ...
-volumes:
-  ejbca_data:
-    driver: local

客户端证书没有生成到默认位置(论坛给出的方法,经测试安装后并不能让浏览器信任)

bash 复制代码 
cd /opt/bitnami/ejbca
bin/ejbca.sh ra setendentitystatus superadmin 10
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch ejbca

其他参考

bash 复制代码 
bin/ejbca.sh ra set user status superadmin 10 
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch

获取客户端证书

bash 复制代码 
docker cp container-id:/opt/bitnami/ejbca/p12/superadmin.p12 /home/ubuntu

其他相关命令

bash 复制代码 
docker logs ejbca
docker exec -it container_name /bin/bash

官方描述步骤

bash 复制代码 
http://localhost:8080/ejbca/doc/Quick_Install_Guide.html

bitnami用了自己的策略,与官方的不同,官方描述的启动日志打印用户名和密码在bitnami中使用环境变量做了修改

bash 复制代码 
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
bash 复制代码 
#!/bin/bash
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for ejbca

# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)

# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh

export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"

# Logging configuration
export MODULE="${MODULE:-ejbca}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"

# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
ejbca_env_vars=(
    EJBCA_WILDFLY_ADMIN_USER
    EJBCA_WILDFLY_ADMIN_PASSWORD
    EJBCA_SERVER_CERT_FILE
    EJBCA_SERVER_CERT_PASSWORD
    EJBCA_HTTP_PORT_NUMBER
    EJBCA_HTTPS_PORT_NUMBER
    EJBCA_HTTPS_ADVERTISED_PORT_NUMBER
    EJBCA_ADMIN_USERNAME
    EJBCA_ADMIN_PASSWORD
    EJBCA_DATABASE_HOST
    EJBCA_DATABASE_PORT
    EJBCA_DATABASE_NAME
    EJBCA_DATABASE_USERNAME
    EJBCA_DATABASE_PASSWORD
    EJBCA_CA_NAME
    JAVA_OPTS
    EJBCA_SMTP_HOST
    EJBCA_SMTP_PORT
    EJBCA_SMTP_FROM_ADDRESS
    EJBCA_SMTP_TLS
    EJBCA_SMTP_USERNAME
    EJBCA_SMTP_PASSWORD
)
for env_var in "${ejbca_env_vars[@]}"; do
    file_env_var="${env_var}_FILE"
    if [[ -n "${!file_env_var:-}" ]]; then
        if [[ -r "${!file_env_var:-}" ]]; then
            export "${env_var}=$(< "${!file_env_var}")"
            unset "${file_env_var}"
        else
            warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
        fi
    fi
done
unset ejbca_env_vars

# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export EJBCA_BASE_DIR="${BITNAMI_ROOT_DIR}/ejbca"
export EJBCA_BIN_DIR="${EJBCA_BASE_DIR}/bin"
export EJBCA_TMP_DIR="${EJBCA_BASE_DIR}/tmp"
export EJBCA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export EJBCA_DATABASE_SCRIPTS_DIR="${EJBCA_BASE_DIR}/sql-scripts"

# Persistence
export EJBCA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ejbca"
export EJBCA_WILDFLY_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/wildfly"
export EJBCA_DATA_DIR="${EJBCA_VOLUME_DIR}/tls"

# DB scripts
export EJBCA_DB_SCRIPT_INDEXES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql"
export EJBCA_DB_SCRIPT_TABLES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql"

# EJBA deployment
export EJBCA_EAR_FILE="${EJBCA_BASE_DIR}/dist/ejbca.ear"

# Wildfly
export EJBCA_WILDFLY_BASE_DIR="${BITNAMI_ROOT_DIR}/wildfly"
export EJBCA_WILDFLY_TMP_DIR="${EJBCA_WILDFLY_BASE_DIR}/tmp"
export EJBCA_WILDFLY_BIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/bin"
export EJBCA_WILDFLY_CONF_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/configuration"
export EJBCA_WILDFLY_PID_DIR="${EJBCA_TMP_DIR}"
export EJBCA_WILDFLY_PID_FILE="${EJBCA_WILDFLY_PID_DIR}/wildfly.pid"
export EJBCA_WILDFLY_DEPLOY_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/deployments"
export EJBCA_WILDFLY_ADMIN_USER="${EJBCA_WILDFLY_ADMIN_USER:-admin}"
export EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-}"
export EJBCA_WILDFLY_TRUSTSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/truststore.jks"
export EJBCA_WILDFLY_KEYSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/keystore.jks"
export EJBCA_WILDFLY_STANDALONE_CONF_FILE="${EJBCA_WILDFLY_BIN_DIR}/standalone.conf"
export EJBCA_WILDFLY_STANDALONE_XML_FILE="${EJBCA_WILDFLY_CONF_DIR}/standalone.xml"

# Users
export EJBCA_DAEMON_USER="wildfly"
export EJBCA_DAEMON_GROUP="wildfly"

# Keystores
export EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/keystore.pwd"
export EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/truststore.pwd"
export EJBCA_WILDFLY_ADMIN_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/wildfly_admin.pwd"
export EJBCA_SERVER_CERT_FILE="${EJBCA_SERVER_CERT_FILE:-}"
export EJBCA_SERVER_CERT_PASSWORD="${EJBCA_SERVER_CERT_PASSWORD:-}"
export EJBCA_TEMP_CERT="${EJBCA_TMP_DIR}/cacert.der"

# Settings
export EJBCA_HTTP_PORT_NUMBER="${EJBCA_HTTP_PORT_NUMBER:-8080}"
export EJBCA_HTTPS_PORT_NUMBER="${EJBCA_HTTPS_PORT_NUMBER:-8443}"
export EJBCA_HTTPS_ADVERTISED_PORT_NUMBER="${EJBCA_HTTPS_ADVERTISED_PORT_NUMBER:-$EJBCA_HTTPS_PORT_NUMBER}"
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
export EJBCA_DATABASE_HOST="${EJBCA_DATABASE_HOST:-}"
export EJBCA_DATABASE_PORT="${EJBCA_DATABASE_PORT:-3306}"
export EJBCA_DATABASE_NAME="${EJBCA_DATABASE_NAME:-}"
export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}"
export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}"
export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}"
export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}"
export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}"
export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}"
export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}"
export EJBCA_SMTP_TLS="${EJBCA_SMTP_TLS:-false}"
export EJBCA_SMTP_USERNAME="${EJBCA_SMTP_USERNAME:-}"
export EJBCA_SMTP_PASSWORD="${EJBCA_SMTP_PASSWORD:-}"

# EJBCA environment variables.
export EJBCA_HOME="${EJBCA_BASE_DIR}"
export JAVA_HOME="/opt/bitnami/java"
export JBOSS_HOME="${EJBCA_WILDFLY_BASE_DIR}"
export LAUNCH_JBOSS_IN_BACKGROUND="true"
export JBOSS_PIDFILE="${EJBCA_WILDFLY_PID_FILE}"
export EJBCA_WILDFLY_DATA_TO_PERSIST="${EJBCA_WILDFLY_CONF_DIR},${EJBCA_WILDFLY_ADMIN_PASSWORD_FILE},${EJBCA_WILDFLY_BASE_DIR}/standalone/data,${EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE},${EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE}"

# Custom environment variables may be defined below
相关推荐
你好呀我是裤裤1 小时前
Linux基础开发工具的使用(apt、vim、gcc、g++、gdb、make、makefile)
linux·运维·vim
望获linux1 小时前
如何在望获实时 Linux & 京博航友善 NanoPC-T6 上部署 Docker
linux·运维·服务器·docker·eureka·开源软件
wangchen_01 小时前
linux编译器和自动化构建工具(gcc与Makeile)
linux·运维·服务器
DC_BLOG1 小时前
Linux-Ansible命令
linux·运维·服务器·ansible
人工干智能1 小时前
科普:“docker”与“docker compose”
运维·docker·容器
suenpeng1 小时前
安全运维,等保测试常见解决问题。
linux·运维·安全
神马都会亿点点的毛毛张1 小时前
【Docker教程】万字长文详解Docker命令
java·运维·后端·docker·容器
码农君莫笑1 小时前
Linux系统上同时打印到物理打印机并生成PDF副本方法研究
linux·前端·chrome·打印·信管通
马剑威(威哥爱编程)2 小时前
Linux驱动开发13个实用案例
linux·运维·驱动开发
程序员JerrySUN3 小时前
每天设计者模式-1:基础面试题
java·linux·运维·服务器·开发语言·python·docker
热门推荐
01本地部署DeepSeek教程(Mac版本)02如何在WPS和Word/Excel中直接使用DeepSeek功能03DeepSeek本地部署详细指南04太炸裂了!清华大学deepseek从入门到精通使用手册又出第三版了,《普通人如何抓住DeepSeek红利》(无套路,直接下载)05DeepSeek各版本说明与优缺点分析06DeepSeek r1本地安装全指南07本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程08DeepSeek R1本地化部署 Ollama + Chatbox 打造最强 AI 工具09在Windows下安装Ollama并体验DeepSeek r1大模型10Page Assist - 本地Deepseek模型 Web UI 的安装和使用