Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-03-26 23:08:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/ejbca] Release 9.3.7-debian-12-r6 (#91773)

Browse Source 
Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Bitnami Bot
2026-03-21 03:51:37 +01:00
committed by GitHub
parent f3e50e2867
commit 8b2ff6dc62
2 changed files with 19 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/ejbca/9/debian-12/Dockerfile
View File

@@ -8,7 +8,7 @@ ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
ARG TARGETARCH
LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2026-02-19T01:08:20Z" \
org.opencontainers.image.created="2026-03-21T02:08:52Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ejbca/README.md" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ejbca" \
@@ -29,7 +29,7 @@ RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
COMPONENTS=( \
"wildfly-32.0.1-23-linux-${OS_ARCH}-debian-12" \
"wildfly-32.0.1-24-linux-${OS_ARCH}-debian-12" \
"jre-21.0.10-10-0-linux-${OS_ARCH}-debian-12" \
"mysql-client-12.2.2-0-linux-${OS_ARCH}-debian-12" \
"ejbca-9.3.7-0-linux-${OS_ARCH}-debian-12" \
@@ -54,7 +54,7 @@ RUN /opt/bitnami/scripts/ejbca/postunpack.sh
RUN /opt/bitnami/scripts/java/postunpack.sh
ENV APP_VERSION="9.3.7" \
BITNAMI_APP_NAME="ejbca" \
IMAGE_REVISION="5" \
IMAGE_REVISION="6" \
JAVA_HOME="/opt/bitnami/java" \
PATH="/opt/bitnami/wildfly/bin:/opt/bitnami/java/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ejbca/bin:$PATH"

130
bitnami/ejbca/README.md
View File

@@ -1,7 +1,5 @@
# Bitnami Secure Image for EJBCA
## What is EJBCA?
> EJBCA is an enterprise class PKI Certificate Authority software, built using Java (JEE) technology.
[Overview of EJBCA](https://www.ejbca.org)
@@ -64,89 +62,26 @@ docker build -t bitnami/APP:latest .
## How to use this image
EJBCA requires access to a MySQL or MariaDB database to store information. We'll use our very own [MariaDB image](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements.
### Using the Docker Command Line
#### Step 1: Create a network
```console
docker network create ejbca-network
```
#### Step 2: Create a volume for MariaDB persistence and create a MariaDB container
```console
$ docker volume create --name mariadb_data
docker run -d --name mariadb \
--env ALLOW_EMPTY_PASSWORD=yes \
--env MARIADB_USER=bn_ejbca \
--env MARIADB_PASSWORD=Bitnami1234 \
--env MARIADB_DATABASE=bitnami_ejbca \
--network ejbca-network \
--volume mariadb_data:/bitnami/mariadb \
bitnami/mariadb:latest
```
#### Step 3: Create volumes for EJBCA persistence and launch the container
```console
$ docker volume create --name ejbca_data
docker run -d --name ejbca \
-p 8080:8080 -p 8443:8443 \
--env ALLOW_EMPTY_PASSWORD=yes \
--env EJBCA_DATABASE_USERNAME=bn_ejbca \
--env EJBCA_DATABASE_PASSWORD=Bitnami1234 \
--env EJBCA_DATABASE_HOST=mariadb \
--env EJBCA_DATABASE_NAME=bitnami_ejbca \
--network ejbca-network \
--volume ejbca_data:/bitnami/wildfly \
bitnami/ejbca:latest
```
Access your application at `http://your-ip:8080/ejbca/`
EJBCA requires access to a MySQL or MariaDB database to store information. We'll use the [Bitnami MariaDB image](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements.
### Run the application using Docker Compose
```console
curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/ejbca/docker-compose.yml > docker-compose.yml
docker-compose up -d
```
Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/ejbca).
If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md).
## Persisting your application
If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the `/bitnami/wildfly` path. If the mounted directory is empty, it will be initialized on the first run.
```console
docker run \
-v /path/to/ejbca-persistence:/bitnami/wildfly \
bitnami/ejbca:latest
```
You can also do this with a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/ejbca/docker-compose.yml) file present in this repository:
```diff
ejbca:
...
volumes:
- - wildfly_data:/bitnami/wildfly
+ - /path/to/ejbca-persistence:/bitnami/wildfly
...
-volumes:
- ejbca_data:
- driver: local
```
## Configuration
The following section describes the supported environment variables
### Environment variables
The following tables list the main variables you can set.
#### Customizable environment variables
| Name | Description | Default Value |
@@ -156,7 +91,7 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g
| `EJBCA_SERVER_CERT_FILE` | Server cert file | `nil` |
| `EJBCA_SERVER_CERT_PASSWORD` | Server cert file password. | `nil` |
| `EJBCA_HTTP_PORT_NUMBER` | Wildfly http port number | `8080` |
| `EJBCA_HTTPS_PORT_NUMBER` | Wilfly https port number | `8443` |
| `EJBCA_HTTPS_PORT_NUMBER` | Wildfly https port number | `8443` |
| `EJBCA_HTTPS_ADVERTISED_PORT_NUMBER` | Rendered port for administrator login URL | `$EJBCA_HTTPS_PORT_NUMBER` |
| `EJBCA_ADMIN_USERNAME` | EJBCA administrator username | `superadmin` |
| `EJBCA_ADMIN_PASSWORD` | EJBCA administrator password. | `Bitnami1234` |
@@ -188,7 +123,7 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g
| `EJBCA_INITSCRIPTS_DIR` | EJBCA directory for init scripts. | `/docker-entrypoint-initdb.d` |
| `EJBCA_DATABASE_SCRIPTS_DIR` | EJBCA directory for database scripts. | `${EJBCA_BASE_DIR}/sql-scripts` |
| `EJBCA_VOLUME_DIR` | EJBCA persistence directory. | `${BITNAMI_VOLUME_DIR}/ejbca` |
| `EJBCA_WILDFLY_VOLUME_DIR` | EJBCA Wildlfy persistence directory. | `${BITNAMI_VOLUME_DIR}/wildfly` |
| `EJBCA_WILDFLY_VOLUME_DIR` | EJBCA Wildfly persistence directory. | `${BITNAMI_VOLUME_DIR}/wildfly` |
| `EJBCA_DATA_DIR` | EJBCA data directory. | `${EJBCA_VOLUME_DIR}/tls` |
| `EJBCA_DB_SCRIPT_INDEXES` | EJBCA database tables creation script. | `${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql` |
| `EJBCA_DB_SCRIPT_TABLES` | EJBCA database indexes creation script. | `${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql` |
@@ -201,7 +136,7 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g
| `EJBCA_WILDFLY_TMP_DIR` | Wildfly temporal directory | `${EJBCA_WILDFLY_BASE_DIR}/tmp` |
| `EJBCA_WILDFLY_BIN_DIR` | Wildfly bin directory | `${EJBCA_WILDFLY_BASE_DIR}/bin` |
| `EJBCA_WILDFLY_CONF_DIR` | Wildfly configuration directory | `${EJBCA_WILDFLY_STANDALONE_DIR}/configuration` |
| `EJBCA_WILDFLY_PID_DIR` | Wildlfy directory to hold PID file | `${EJBCA_TMP_DIR}` |
| `EJBCA_WILDFLY_PID_DIR` | Wildfly directory to hold PID file | `${EJBCA_TMP_DIR}` |
| `EJBCA_WILDFLY_PID_FILE` | Wildfly PID file | `${EJBCA_WILDFLY_PID_DIR}/wildfly.pid` |
| `EJBCA_WILDFLY_DEPLOY_DIR` | Wildfly deployment directory. | `${EJBCA_WILDFLY_STANDALONE_DIR}/deployments` |
| `EJBCA_WILDFLY_TRUSTSTORE_FILE` | Wildfly truststore file | `${EJBCA_WILDFLY_CONF_DIR}/truststore.jks` |
@@ -226,6 +161,13 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g
The Bitnami EJBCA Docker image from the [Bitnami Secure Images](https://go-vmware.broadcom.com/contact-us) catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:
- `OPENSSL_FIPS`: whether OpenSSL runs in FIPS mode or not. `yes` (default), `no`.
- `JAVA_TOOL_OPTIONS`: controls Java FIPS mode. Use `-Djava.security.properties==/opt/bitnami/java/conf/security/java.security.restricted` (restricted), `-Djava.security.properties==/opt/bitnami/java/conf/security/java.security.relaxed` (relaxed), or `-Djava.security.properties==/opt/bitnami/java/conf/security/java.security.original` (off).
## Custom scripts
The Bitnami EJBCA Docker image contains functions to execute any shell scripts after startup. These scripts are executed during the initialization of the EJBCA Wildfly installation.
You can add custom script into the `/docker-entrypoint-init.d` directory. All files in the directory will be executed using bash.
## Logging
@@ -237,53 +179,13 @@ docker logs ejbca
You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver.
## Custom scripts
The Bitnami EJBCA Docker image contains functions to execute any shell scripts after startup. These scripts are executed during the initialization of the EJBCA Wildfly installation.
You can add custom script into the `/docker-entrypoint-init.d` directory. All files in the directory will be executed using bash.
## Maintenance
### Upgrade this image
Bitnami provides up-to-date versions of EJBCA, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container.
#### Step 1: Get the updated image
```console
docker pull bitnami/ejbca:latest
```
#### Step 2: Stop the running container
Stop the currently running container using the command
```console
docker stop ejbca
```
#### Step 3: Remove the currently running container
```console
docker rm -v ejbca
```
#### Step 4: Run the new image
Re-create your container from the new image.
```console
docker run --name ejbca bitnami/ejbca:latest
```
## Notable Changes
### 7.4.3-2-debian-10-r68
The persistence has been refactorized and the volume mount point was moved from `/bitnami/ejbca` to `/bitnami/wildfly`.
In previous versions only password files were persisted, making the container was unable to restart. The initialization logic has been changed as well as the persisted data directories. The Wildlfy configuration and data directories are now persisted, making the container able to automatically restart.
In previous versions only password files were persisted, making the container was unable to restart. The initialization logic has been changed as well as the persisted data directories. The Wildfly configuration and data directories are now persisted, making the container able to automatically restart.
The time that the container takes to restart has also been improved.
Due to the mentioned changes, the automatic upgrade from previous image versions is not supported and requires a manual migration.