使用bitnami提供的docker images
启动方式一:
bash
docker network create ejbca-network
sudo docker pull bitnami/mariadb:10.6
docker volume create --name mariadb_data
docker run -d --name mariadb --env ALLOW_EMPTY_PASSWORD=yes --env MARIADB_USER=bn_ejbca --env MARIADB_PASSWORD=Bitnami1234 --env MARIADB_DATABASE=bitnami_ejbca --network ejbca-network --volume mariadb_data:/bitnami/mariadb bitnami/mariadb:10.6
sudo docker pull bitnami/ejbca:7
docker volume create --name ejbca_data
docker run -d --name ejbca -p 8080:8080 -p 8443:8443 --env ALLOW_EMPTY_PASSWORD=yes --env EJBCA_DATABASE_USERNAME=bn_ejbca --env EJBCA_DATABASE_PASSWORD=Bitnami1234 --env EJBCA_DATABASE_HOST=mariadb --env EJBCA_DATABASE_NAME=bitnami_ejbca --network ejbca-network --volume ejbca_data:/bitnami/wildfly bitnami/ejbca:7
启动方式二:
bash
# docker-compose.yml
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
version: "2"
services:
mariadb:
image: docker.io/bitnami/mariadb:10.6
volumes:
- "mariadb_data:/bitnami/mariadb"
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
- MARIADB_USER=bn_ejbca
- MARIADB_DATABASE=bitnami_ejbca
- MARIADB_PASSWORD=Bitnami1234
ejbca:
image: docker.io/bitnami/ejbca:7
ports:
- 8081:8080
- 8443:8443
- 8009:8009
volumes:
- "wildfly_data:/bitnami/wildfly"
environment:
- EJBCA_DATABASE_HOST=mariadb
- EJBCA_DATABASE_NAME=bitnami_ejbca
- EJBCA_DATABASE_USERNAME=bn_ejbca
- EJBCA_DATABASE_PASSWORD=Bitnami1234
volumes:
mariadb_data:
driver: local
wildfly_data:
driver: local
bash
docker-compose up -d
Persisting your application
If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the /bitnami/wildfly
path. If the mounted directory is empty, it will be initialized on the first run.
bash
docker run -v /path/to/ejbca-persistence:/bitnami/wildfly bitnami/ejbca:7
You can also do this with a minor change to the docker-compose.yml file present in this repository:
bash
ejbca:
...
volumes:
- - 'wildfly_data:/bitnami/wildfly'
+ - /path/to/ejbca-persistence:/bitnami/wildfly
...
-volumes:
- ejbca_data:
- driver: local
客户端证书没有生成到默认位置(论坛给出的方法,经测试安装后并不能让浏览器信任)
bash
cd /opt/bitnami/ejbca
bin/ejbca.sh ra setendentitystatus superadmin 10
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch ejbca
其他参考
bash
bin/ejbca.sh ra set user status superadmin 10
bin/ejbca.sh ra setclearpwd superadmin ejbca
bin/ejbca.sh batch
获取客户端证书
bash
docker cp container-id:/opt/bitnami/ejbca/p12/superadmin.p12 /home/ubuntu
其他相关命令
bash
docker logs ejbca
docker exec -it container_name /bin/bash
官方描述步骤
bash
http://localhost:8080/ejbca/doc/Quick_Install_Guide.html
bitnami用了自己的策略,与官方的不同,官方描述的启动日志打印用户名和密码在bitnami中使用环境变量做了修改
bash
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
bash
#!/bin/bash
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for ejbca
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-ejbca}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
ejbca_env_vars=(
EJBCA_WILDFLY_ADMIN_USER
EJBCA_WILDFLY_ADMIN_PASSWORD
EJBCA_SERVER_CERT_FILE
EJBCA_SERVER_CERT_PASSWORD
EJBCA_HTTP_PORT_NUMBER
EJBCA_HTTPS_PORT_NUMBER
EJBCA_HTTPS_ADVERTISED_PORT_NUMBER
EJBCA_ADMIN_USERNAME
EJBCA_ADMIN_PASSWORD
EJBCA_DATABASE_HOST
EJBCA_DATABASE_PORT
EJBCA_DATABASE_NAME
EJBCA_DATABASE_USERNAME
EJBCA_DATABASE_PASSWORD
EJBCA_CA_NAME
JAVA_OPTS
EJBCA_SMTP_HOST
EJBCA_SMTP_PORT
EJBCA_SMTP_FROM_ADDRESS
EJBCA_SMTP_TLS
EJBCA_SMTP_USERNAME
EJBCA_SMTP_PASSWORD
)
for env_var in "${ejbca_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset ejbca_env_vars
# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export EJBCA_BASE_DIR="${BITNAMI_ROOT_DIR}/ejbca"
export EJBCA_BIN_DIR="${EJBCA_BASE_DIR}/bin"
export EJBCA_TMP_DIR="${EJBCA_BASE_DIR}/tmp"
export EJBCA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export EJBCA_DATABASE_SCRIPTS_DIR="${EJBCA_BASE_DIR}/sql-scripts"
# Persistence
export EJBCA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ejbca"
export EJBCA_WILDFLY_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/wildfly"
export EJBCA_DATA_DIR="${EJBCA_VOLUME_DIR}/tls"
# DB scripts
export EJBCA_DB_SCRIPT_INDEXES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql"
export EJBCA_DB_SCRIPT_TABLES="${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql"
# EJBA deployment
export EJBCA_EAR_FILE="${EJBCA_BASE_DIR}/dist/ejbca.ear"
# Wildfly
export EJBCA_WILDFLY_BASE_DIR="${BITNAMI_ROOT_DIR}/wildfly"
export EJBCA_WILDFLY_TMP_DIR="${EJBCA_WILDFLY_BASE_DIR}/tmp"
export EJBCA_WILDFLY_BIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/bin"
export EJBCA_WILDFLY_CONF_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/configuration"
export EJBCA_WILDFLY_PID_DIR="${EJBCA_TMP_DIR}"
export EJBCA_WILDFLY_PID_FILE="${EJBCA_WILDFLY_PID_DIR}/wildfly.pid"
export EJBCA_WILDFLY_DEPLOY_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone/deployments"
export EJBCA_WILDFLY_ADMIN_USER="${EJBCA_WILDFLY_ADMIN_USER:-admin}"
export EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-}"
export EJBCA_WILDFLY_TRUSTSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/truststore.jks"
export EJBCA_WILDFLY_KEYSTORE_FILE="${EJBCA_WILDFLY_CONF_DIR}/keystore.jks"
export EJBCA_WILDFLY_STANDALONE_CONF_FILE="${EJBCA_WILDFLY_BIN_DIR}/standalone.conf"
export EJBCA_WILDFLY_STANDALONE_XML_FILE="${EJBCA_WILDFLY_CONF_DIR}/standalone.xml"
# Users
export EJBCA_DAEMON_USER="wildfly"
export EJBCA_DAEMON_GROUP="wildfly"
# Keystores
export EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/keystore.pwd"
export EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/truststore.pwd"
export EJBCA_WILDFLY_ADMIN_PASSWORD_FILE="${EJBCA_WILDFLY_TMP_DIR}/wildfly_admin.pwd"
export EJBCA_SERVER_CERT_FILE="${EJBCA_SERVER_CERT_FILE:-}"
export EJBCA_SERVER_CERT_PASSWORD="${EJBCA_SERVER_CERT_PASSWORD:-}"
export EJBCA_TEMP_CERT="${EJBCA_TMP_DIR}/cacert.der"
# Settings
export EJBCA_HTTP_PORT_NUMBER="${EJBCA_HTTP_PORT_NUMBER:-8080}"
export EJBCA_HTTPS_PORT_NUMBER="${EJBCA_HTTPS_PORT_NUMBER:-8443}"
export EJBCA_HTTPS_ADVERTISED_PORT_NUMBER="${EJBCA_HTTPS_ADVERTISED_PORT_NUMBER:-$EJBCA_HTTPS_PORT_NUMBER}"
export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}"
export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}"
export EJBCA_DATABASE_HOST="${EJBCA_DATABASE_HOST:-}"
export EJBCA_DATABASE_PORT="${EJBCA_DATABASE_PORT:-3306}"
export EJBCA_DATABASE_NAME="${EJBCA_DATABASE_NAME:-}"
export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}"
export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}"
export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}"
export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}"
export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}"
export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}"
export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}"
export EJBCA_SMTP_TLS="${EJBCA_SMTP_TLS:-false}"
export EJBCA_SMTP_USERNAME="${EJBCA_SMTP_USERNAME:-}"
export EJBCA_SMTP_PASSWORD="${EJBCA_SMTP_PASSWORD:-}"
# EJBCA environment variables.
export EJBCA_HOME="${EJBCA_BASE_DIR}"
export JAVA_HOME="/opt/bitnami/java"
export JBOSS_HOME="${EJBCA_WILDFLY_BASE_DIR}"
export LAUNCH_JBOSS_IN_BACKGROUND="true"
export JBOSS_PIDFILE="${EJBCA_WILDFLY_PID_FILE}"
export EJBCA_WILDFLY_DATA_TO_PERSIST="${EJBCA_WILDFLY_CONF_DIR},${EJBCA_WILDFLY_ADMIN_PASSWORD_FILE},${EJBCA_WILDFLY_BASE_DIR}/standalone/data,${EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE},${EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE}"
# Custom environment variables may be defined below