7.4.3-2-debian-10-r143 release

bitnami/ejbca/7/debian-10/Dockerfile

@@ -28,7 +28,7 @@ ENV APP_VERSION="7.4.3-2" \
     JAVA_HOME="/opt/bitnami/java" \
     PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/common/bin:/opt/bitnami/ejbca/bin:$PATH"
 
-EXPOSE 8080 9990
+EXPOSE 8009 8080 9990
 
 USER 1001
 ENTRYPOINT [ "/opt/bitnami/scripts/ejbca/entrypoint.sh" ]

bitnami/ejbca/7/debian-10/docker-compose.yml

@@ -15,6 +15,7 @@ services:
     ports:
       - 8080:8080
       - 8443:8443
+      - 8009:8009
     volumes:
       - "wildfly_data:/bitnami/wildfly"
     environment:

bitnami/ejbca/7/debian-10/rootfs/opt/bitnami/scripts/ejbca-env.sh

@@ -36,6 +36,12 @@ ejbca_env_vars=(
     EJBCA_DATABASE_PASSWORD
     EJBCA_CA_NAME
     JAVA_OPTS
+    EJBCA_SMTP_HOST
+    EJBCA_SMTP_PORT
+    EJBCA_SMTP_FROM_ADDRESS
+    EJBCA_SMTP_TLS
+    EJBCA_SMTP_USERNAME
+    EJBCA_SMTP_PASSWORD
 )
 for env_var in "${ejbca_env_vars[@]}"; do
     file_env_var="${env_var}_FILE"
@@ -55,6 +61,7 @@ export BITNAMI_VOLUME_DIR="/bitnami"
 export EJBCA_BASE_DIR="/opt/bitnami/ejbca"
 export EJBCA_BIN_DIR="${EJBCA_BASE_DIR}/bin"
 export EJBCA_TMP_DIR="${EJBCA_BASE_DIR}/tmp"
+export EJBCA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
 export EJBCA_DATABASE_SCRIPTS_DIR="${EJBCA_BASE_DIR}/sql-scripts"
 
 # Persistence
@@ -107,6 +114,12 @@ export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}"
 export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}"
 export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}"
 export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -XX:MetaspaceSize=192M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}"
+export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}"
+export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}"
+export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}"
+export EJBCA_SMTP_TLS="${EJBCA_SMTP_TLS:-false}"
+export EJBCA_SMTP_USERNAME="${EJBCA_SMTP_USERNAME:-}"
+export EJBCA_SMTP_PASSWORD="${EJBCA_SMTP_PASSWORD:-}"
 
 # EJBCA environment variables.
 export EJBCA_HOME="${EJBCA_BASE_DIR}"

bitnami/ejbca/7/debian-10/rootfs/opt/bitnami/scripts/ejbca/setup.sh

@@ -18,3 +18,6 @@ ejbca_validate
 
 # Ensure ejbca is initialized
 ejbca_initialize
+
+# Launch init scripts
+ejbca_custom_init_scripts

bitnami/ejbca/7/debian-10/rootfs/opt/bitnami/scripts/libejbca.sh

@@ -139,6 +139,17 @@ ejbca_configure_wildfly() {
     ejbca_wildfly_command ':reload'
     wait_for_wildfly
 
+    info "Configure email"
+    ejbca_wildfly_command "/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=ejbca-mail-smtp:add(port=\"${EJBCA_SMTP_PORT}\", host=\"${EJBCA_SMTP_HOST}\")"
+    ejbca_wildfly_command "/subsystem=mail/mail-session=\"java:/EjbcaMail\":add(jndi-name=java:/EjbcaMail, from=\"${EJBCA_SMTP_FROM_ADDRESS}\")"
+    if [[ -n "$EJBCA_SMTP_USERNAME" ]]; then
+        ejbca_wildfly_command "/subsystem=mail/mail-session=\"java:/EjbcaMail\"/server=smtp:add(outbound-socket-binding-ref=ejbca-mail-smtp, tls=${EJBCA_SMTP_TLS}, username=\"${EJBCA_SMTP_USERNAME}\", password=\"${EJBCA_SMTP_PASSWORD}\")"
+    else
+        ejbca_wildfly_command "/subsystem=mail/mail-session=\"java:/EjbcaMail\"/server=smtp:add(outbound-socket-binding-ref=ejbca-mail-smtp, tls=${EJBCA_SMTP_TLS})"
+    fi
+    ejbca_wildfly_command ':reload'
+    wait_for_wildfly
+
     info "Configure redirection"
     ejbca_wildfly_command '/subsystem=undertow/server=default-server/host=default-host/location="\/":remove()'
     ejbca_wildfly_command '/subsystem=undertow/configuration=handler/file=welcome-content:remove()'
@@ -183,10 +194,11 @@ ejbca_configure_wildfly_https() {
     ejbca_wildfly_command '/subsystem=elytron/server-ssl-context=httpspub:add(key-manager=httpsKM,protocols=["TLSv1.2"])'
     ejbca_wildfly_command '/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=["TLSv1.2"],trust-manager=httpsTM,need-client-auth=false,authentication-optional=true,want-client-auth=true)'
 
-    info "Add HTTP(S) Listeners"
+    info "Add HTTP(S) and AJP Listeners"
     ejbca_wildfly_command '/subsystem=undertow/server=default-server/http-listener=http:add(socket-binding="http", redirect-socket="httpspriv")'
     ejbca_wildfly_command '/subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding="httpspub", ssl-context="httpspub", max-parameters=2048)'
     ejbca_wildfly_command '/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding="httpspriv", ssl-context="httpspriv", max-parameters=2048)'
+    ejbca_wildfly_command "/subsystem=undertow/server=default-server/ajp-listener=ajp-listener:add(socket-binding=ajp, scheme=https, enabled=true)"
     ejbca_wildfly_command ':reload'
     wait_for_wildfly
 
@@ -474,6 +486,44 @@ ejbca_create_truststore() {
     fi
 }
 
+########################
+# Run custom initialization scripts
+# Globals:
+#   EJBCA_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ejbca_custom_init_scripts() {
+    if [[ -n $(find "${EJBCA_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh") ]]; then
+        info "Loading user's custom files from $EJBCA_INITSCRIPTS_DIR ..."
+        local -r tmp_file="/tmp/filelist"
+        ejbca_start_bg
+        find "${EJBCA_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh" | sort >"$tmp_file"
+        while read -r f; do
+            case "$f" in
+            *.sh)
+                if [[ -x "$f" ]]; then
+                    debug "Executing $f"
+                    "$f"
+                else
+                    debug "Sourcing $f"
+                    . "$f"
+                fi
+                ;;
+            *)
+                debug "Ignoring $f"
+                ;;
+            esac
+        done <$tmp_file
+        ejbca_stop
+        rm -f "$tmp_file"
+    else
+        info "No custom scripts in $EJBCA_INITSCRIPTS_DIR"
+    fi
+}
+
 ########################
 # Sets java_opts
 # Globals:
@@ -505,7 +555,6 @@ ejbca_initialize() {
     am_i_root && configure_permissions_ownership "$EJBCA_TMP_DIR $EJBCA_LOG_DIR" -u "$EJBCA_DAEMON_USER" -g "$EJBCA_DAEMON_GROUP"
     am_i_root && configure_permissions_ownership "$EJBCA_DATA_DIR" -u "$EJBCA_DAEMON_USER" -g "$EJBCA_DAEMON_GROUP" -d "755" -f "644"
 
-
     # Note we need to use wildfly instead of ejbca as directory since the persist_app function relativizes them to /opt/bitnami/wildfly
     if ! is_app_initialized "wildfly"; then
         info "Deploying EJBCA from scratch"

bitnami/ejbca/README.md

@@ -43,7 +43,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/).
 
 
-* [`7`, `7-debian-10`, `7.4.3-2`, `7.4.3-2-debian-10-r142`, `latest` (7/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-ejbca/blob/7.4.3-2-debian-10-r142/7/debian-10/Dockerfile)
+* [`7`, `7-debian-10`, `7.4.3-2`, `7.4.3-2-debian-10-r143`, `latest` (7/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-ejbca/blob/7.4.3-2-debian-10-r143/7/debian-10/Dockerfile)
 
 Subscribe to project updates by watching the [bitnami/ejbca GitHub repo](https://github.com/bitnami/bitnami-docker-ejbca).
 
@@ -167,6 +167,12 @@ The EJBCA instance can be customized by specifying environment variables on the
 - `JAVA_OPTS`: Java options. Defaults to `-Xms2048m -Xmx2048m -XX:MetaspaceSize=192M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb`.
 - `EJBCA_SERVER_CERT_FILE`: User provided keystore file. No defaults.
 - `EJBCA_SERVER_CERT_PASSWORD`: User provided keystore file password. No defaults.
+- `EJBCA_SMTP_HOST`: SMTP Email server address. Defaults to `localhost`.
+- `EJBCA_SMTP_PORT`: SMTP Email server port. Defaults to `25`.
+- `EJBCA_SMTP_FROM_ADDRESS`: SMTP from email address. Defaults to `user@example.com`.
+- `EJBCA_SMTP_TLS`: SMTP TLS authentication: Defaults to `false`.
+- `EJBCA_SMTP_USERNAME`: SMTP authentication username. No defaults.
+- `EJBCA_SMTP_PASSWORD`: SMTP authentication password. No defaults.
 
 ## Logging
 
@@ -178,6 +184,12 @@ $ docker logs ejbca
 
 You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver.
 
+## Custom scripts
+
+The Bitnami EJBCA Docker image contains functions to execute any shell scripts after startup. These scripts are executed during the initialization of the EJBCA Wildfly installation.
+
+You can add custom script into the `/docker-entrypoint-init.d` directory. All files in the directory will be executed using bash.
+
 ## Maintenance
 
 ### Upgrade this image

bitnami/ejbca/docker-compose.yml

@@ -15,6 +15,7 @@ services:
     ports:
       - 8080:8080
       - 8443:8443
+      - 8009:8009
     volumes:
       - "wildfly_data:/bitnami/wildfly"
     environment: