Oracle 12c Docker镜像配置SSL

一、Docker运行Oracle 12c服务

a.拉取镜像

bash 复制代码

docker pull truevoly/oracle-12c

b.运行

bash 复制代码

docker run -d -p 1521:1521 -p 2484:2484 -v /data/oracle/:/opt/oracle --name oracle_12c truevoly/oracle-12c

c.查看日志

bash 复制代码

docker logs -f oracle_12c

d.出现如下信息，则启动成功

Database not initialized. Initializing database.

Starting tnslsnr

Copying database files

1% complete

3% complete

11% complete

18% complete

37% complete

Creating and starting Oracle instance

40% complete

45% complete

50% complete

55% complete

56% complete

60% complete

62% complete

Completing Database Creation

66% complete

70% complete

73% complete

85% complete

96% complete

100% complete

Look at the log file "/u01/app/oracle/cfgtoollogs/dbca/xe/xe.log" for further details.

Configuring Apex console

Database initialized. Please visit http://#containeer:8080/em http://#containeer:8080/apex for extra configuration if needed

Starting web management console

PL/SQL procedure successfully completed.

Starting import from '/docker-entrypoint-initdb.d':

ls: cannot access /docker-entrypoint-initdb.d/*: No such file or directory

Import finished

Database ready to use. Enjoy! 😉

e.客户端连接测试

连接信息如下：

hostname: localhost

port: 1521

username1: system

password1: oracle

sid: xe

二、配置SSL

a.进入docker容器

bash 复制代码

docker exec -it oracle_12c /bin/bash

# 安装vim
apt-get update
apt-get install vim
# 修改目录权限
chown oracle:dba /opt/oracle/ -R
# 切换到oracle用户
su oracle

b.生成key

bash 复制代码

mkdir -p /opt/oracle/wallet
# 生成key
$ORACLE_HOME/bin/orapki wallet create -wallet /opt/oracle/wallet -pwd test@123 -auto_login
$ORACLE_HOME/bin/orapki wallet add -wallet /opt/oracle/wallet  -pwd test@123   -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 365
# 查看key信息
$ORACLE_HOME/bin/orapki wallet display -wallet /opt/oracle/wallet -pwd test@123
# 生成jks文件
$ORACLE_HOME/bin/orapki wallet pkcs12_to_jksls -wallet /opt/oracle/wallet -pwd test@123 -jksKeyStoreLoc /opt/oracle/wallet/oracle12c_ks.jks -jksKeyStorepwd test@123 -jksTrustStoreLoc /opt/oracle/wallet/oracle12c_ts.jks -jksTrustStorepwd test@123

# /opt/oracle/wallet目录下会生成如下6个文件
cwallet.sso
cwallet.sso.lck
ewallet.p12
ewallet.p12.lck
oracle12c_ks.jks
oracle12c_ts.jks

c.修改配置文件

bash 复制代码

cd /u01/app/oracle/product/12.1.0/xe/network/admin
# 分别添加三个配置文件
vim listener.ora
vim sqlnet.ora
vim tnsnames.ora

文件内容如下：

listener.ora

bash 复制代码

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /opt/oracle/wallet)
    )
  )

LISTENER =
(DESCRIPTION_LIST =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
    (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
  )
  (DESCRIPTION =
     (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484))
   )
)

DEDICATED_THROUGH_BROKER_LISTENER=ON
DIAG_ADR_ENABLED = off

sqlnet.ora

bash 复制代码

WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /opt/oracle/wallet)
     )
   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

tnsnames.ora

bash 复制代码

SSL=
(DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 2484))
  (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = XE)
  )
)

XE=
(DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
  (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = XE)
  )
)

d.重启listener

bash 复制代码

$ORACLE_HOME/bin/lsnrctl stop
$ORACLE_HOME/bin/lsnrctl start
# 查看listener状态
$ORACLE_HOME/bin/lsnrctl status

e.重启oracle

bash 复制代码

$ORACLE_HOME/bin/sqlplus / as sysdba
shutdown
startup

三、验证SSL

a.sqlplus验证

bash 复制代码

$ORACLE_HOME/bin/sqlplus system/oracle@SSL
 
# 出现如下信息则成功：
SQL*Plus: Release 12.1.0.2.0 Production on Tue Sep 19 09:34:12 2023

Copyright (c) 1982, 2014, Oracle.  All rights reserved.

Last Successful login time: Tue Sep 19 2023 08:56:51 +00:00

Connected to:
Oracle Database 12c Standard Edition Release 12.1.0.2.0 - 64bit Production

SQL>

b.java代码验证

java 复制代码

/**
添加odbc依赖
<!-- https://mvnrepository.com/artifact/com.oracle.database.jdbc/ojdbc8 -->
<!-- oracle -->
<dependency>
  <groupId>com.oracle.database.jdbc</groupId>
  <artifactId>ojdbc8</artifactId>
  <version>19.3.0.0</version>
</dependency>
*/

public static void main(String[] args) throws Exception {

    String dbUrl = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=XE)))";
    Properties properties = new Properties();
    properties.setProperty("user", "system");
    properties.setProperty("password", "oracle");
    properties.setProperty("javax.net.ssl.trustStore", "D:\\Download\\oracle12c_ts.jks");
    properties.setProperty("javax.net.ssl.trustStoreType","JKS");
    properties.setProperty("javax.net.ssl.trustStorePassword","test@123");
    properties.setProperty("oracle.net.ssl_server_dn_match","false");

    try {
        Connection connection = DriverManager.getConnection(dbUrl, properties);
        System.out.println("Connected to Oracle database over SSL.");
        connection.close();
    } catch (SQLException e) {
        e.printStackTrace();
    }
}