[bitnami/ejbca] Release 8.2.0-1-debian-11-r1 (#54974)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-03-15 14:58:17 +08:00 · 2024-01-19 21:07:04 +01:00
parent 361ce58fc2
commit dbf7081f66
4 changed files with 79 additions and 45 deletions
--- a/bitnami/ejbca/8/debian-11/Dockerfile
+++ b/bitnami/ejbca/8/debian-11/Dockerfile
@@ -8,10 +8,10 @@ ARG TARGETARCH

 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-12-22T10:32:05Z" \
+      org.opencontainers.image.created="2024-01-19T18:12:42Z" \
      org.opencontainers.image.description="Application packaged by VMware, Inc" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="8.2.0-1-debian-11-r0" \
+      org.opencontainers.image.ref.name="8.2.0-1-debian-11-r1" \
      org.opencontainers.image.title="ejbca" \
      org.opencontainers.image.vendor="VMware, Inc." \
      org.opencontainers.image.version="8.2.0-1"
@@ -27,7 +27,7 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 RUN install_packages acl ca-certificates curl libaio1 libaudit1 libcap-ng0 libgcc-s1 libicu67 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
    COMPONENTS=( \
-      "java-11.0.21-10-6-linux-${OS_ARCH}-debian-11" \
+      "java-11.0.22-12-0-linux-${OS_ARCH}-debian-11" \
      "wildfly-26.1.3-19-linux-${OS_ARCH}-debian-11" \
      "mysql-client-10.11.6-1-linux-${OS_ARCH}-debian-11" \
      "ejbca-8.2.0-1-0-linux-${OS_ARCH}-debian-11" \
@@ -45,6 +45,7 @@ RUN apt-get autoremove --purge -y curl && \
    apt-get update && apt-get upgrade -y && \
    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
+RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true

 COPY rootfs /
 RUN /opt/bitnami/scripts/ejbca/postunpack.sh
--- a/bitnami/ejbca/8/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/ejbca/8/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -9,7 +9,7 @@
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "11.0.21-10-6"
+        "version": "11.0.22-12-0"
    },
    "mysql-client": {
        "arch": "amd64",
--- a/bitnami/ejbca/8/debian-11/prebuildfs/usr/sbin/run-script
+++ b/bitnami/ejbca/8/debian-11/prebuildfs/usr/sbin/run-script
@@ -10,7 +10,7 @@ fi

 script=$1
 exit_code="${2:-96}"
-fail_if_not_present="${3:-y}"
+fail_if_not_present="${3:-n}"

 if test -f "$script"; then
  sh $script
--- a/bitnami/ejbca/README.md
+++ b/bitnami/ejbca/README.md
@@ -13,13 +13,6 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
 docker run --name ejbca bitnami/ejbca:latest
 ```

-### Docker Compose
-
-```console
-curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/ejbca/docker-compose.yml > docker-compose.yml
-docker-compose up -d
-```
-
 **Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment.

 ## Why use Bitnami Images?
@@ -71,19 +64,8 @@ docker build -t bitnami/APP:latest .

 EJBCA requires access to a MySQL or MariaDB database to store information. We'll use our very own [MariaDB image](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements.

-### Run the application using Docker Compose
-
-The main folder of this repository contains a functional [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/ejbca/docker-compose.yml) file. Run the application using it as shown below:
-
-```console
-curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/ejbca/docker-compose.yml > docker-compose.yml
-docker-compose up -d
-```
-
 ### Using the Docker Command Line

-If you want to run the application manually instead of using `docker-compose`, these are the basic steps you need to run:
-
 #### Step 1: Create a network

 ```console
@@ -122,6 +104,17 @@ docker run -d --name ejbca \

 Access your application at `http://your-ip:8080/ejbca/`

+### Run the application using Docker Compose
+
+```console
+curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/ejbca/docker-compose.yml > docker-compose.yml
+docker-compose up -d
+```
+
+Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/ejbca).
+
+If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md).
+
 ## Persisting your application

 If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
@@ -150,29 +143,69 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g

 ## Configuration

-The EJBCA instance can be customized by specifying environment variables on the first run. The following environment variables are available:
+### Environment variables

-* `EJBCA_HTTP_PORT_NUMBER`: HTTP port number. Defaults to `8080`.
-* `EJBCA_HTTPS_PORT_NUMBER`: HTTPS port number. Default to `8443`.
-* `EJBCA_HTTPS_ADVERTISED_PORT_NUMBER`: Port number used in the rendered URLs for the admistrator login. Default to `8443`.
-* `EJBCA_ADMIN_USERNAME`: EJBCA administrator username. Defaults to `superadmin`.
-* `EJBCA_ADMIN_PASSWORD`: EJBCA administrator password. Defaults to `Bitnami1234`.
-* `EJBCA_DATABASE_HOST`: Database hostname. No defaults.
-* `EJBCA_DATABASE_PORT`: Database port name. Defaults to `3306`.
-* `EJBCA_DATABASE_NAME`: Database name. No defaults.
-* `EJBCA_DATABASE_USERNAME`: Database username. No defaults.
-* `EJBCA_DATABASE_PASSWORD`: Database password. No defaults.
-* `EJBCA_BASE_DN`: Base DN for the CA. Defaults to `O=Example CA,C=SE,UID=c-XXXXXXX`, where `XXXXXXX` is a random generated ID.
-* `EJBCA_CA_NAME`: CA Name. Defaults to `ManagementCA`
-* `JAVA_OPTS`: Java options. Defaults to `-Xms2048m -Xmx2048m -XX:MetaspaceSize=192M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb`.
-* `EJBCA_SERVER_CERT_FILE`: User provided keystore file. No defaults.
-* `EJBCA_SERVER_CERT_PASSWORD`: User provided keystore file password. No defaults.
-* `EJBCA_SMTP_HOST`: SMTP Email server address. Defaults to `localhost`.
-* `EJBCA_SMTP_PORT`: SMTP Email server port. Defaults to `25`.
-* `EJBCA_SMTP_FROM_ADDRESS`: SMTP from email address. Defaults to `user@example.com`.
-* `EJBCA_SMTP_TLS`: SMTP TLS authentication: Defaults to `false`.
-* `EJBCA_SMTP_USERNAME`: SMTP authentication username. No defaults.
-* `EJBCA_SMTP_PASSWORD`: SMTP authentication password. No defaults.
+#### Customizable environment variables
+
+| Name                                 | Description                               | Default Value                                                                                                                                           |
+|--------------------------------------|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `EJBCA_WILDFLY_ADMIN_USER`           | Wildfly admin user                        | `admin`                                                                                                                                                 |
+| `EJBCA_HTTP_PORT_NUMBER`             | Wildfly http port number                  | `8080`                                                                                                                                                  |
+| `EJBCA_HTTPS_PORT_NUMBER`            | Wilfly https port number                  | `8443`                                                                                                                                                  |
+| `EJBCA_HTTPS_ADVERTISED_PORT_NUMBER` | Rendered port for administrator login URL | `$EJBCA_HTTPS_PORT_NUMBER`                                                                                                                              |
+| `EJBCA_ADMIN_USERNAME`               | EJBCA administrator username              | `superadmin`                                                                                                                                            |
+| `EJBCA_ADMIN_PASSWORD`               | EJBCA administrator password.             | `Bitnami1234`                                                                                                                                           |
+| `EJBCA_DATABASE_HOST`                | Database hostname                         | `127.0.0.1`                                                                                                                                             |
+| `EJBCA_DATABASE_PORT`                | Database port number.                     | `3306`                                                                                                                                                  |
+| `EJBCA_DATABASE_NAME`                | EJBCA database name.                      | `bitnami_ejbca`                                                                                                                                         |
+| `EJBCA_DATABASE_USERNAME`            | EJBCA database username.                  | `bn_ejbca`                                                                                                                                              |
+| `EJBCA_CA_NAME`                      | CA name.                                  | `ManagementCA`                                                                                                                                          |
+| `JAVA_OPTS`                          | JVM options                               | `-Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb` |
+| `JAVA_OPTS`                          | JVM options                               | `-Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb`                     |
+| `EJBCA_SMTP_HOST`                    | SMTP hostname                             | `localhost`                                                                                                                                             |
+| `EJBCA_SMTP_PORT`                    | SMTP port                                 | `25`                                                                                                                                                    |
+| `EJBCA_SMTP_FROM_ADDRESS`            | SMTP from address                         | `user@example.com`                                                                                                                                      |
+| `EJBCA_SMTP_TLS`                     | SMTP enable TLS                           | `false`                                                                                                                                                 |
+
+#### Read-only environment variables
+
+| Name                                     | Description                              | Value                                                                                                                                                                                        |
+|------------------------------------------|------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `BITNAMI_VOLUME_DIR`                     | Directory where to mount volumes.        | `/bitnami`                                                                                                                                                                                   |
+| `EJBCA_BASE_DIR`                         | EJBCA installation directory.            | `${BITNAMI_ROOT_DIR}/ejbca`                                                                                                                                                                  |
+| `EJBCA_BIN_DIR`                          | EJBCA directory for binary executables.  | `${EJBCA_BASE_DIR}/bin`                                                                                                                                                                      |
+| `EJBCA_TMP_DIR`                          | EJBCA directory for temp files.          | `${EJBCA_BASE_DIR}/tmp`                                                                                                                                                                      |
+| `EJBCA_INITSCRIPTS_DIR`                  | EJBCA directory for init scripts.        | `/docker-entrypoint-initdb.d`                                                                                                                                                                |
+| `EJBCA_DATABASE_SCRIPTS_DIR`             | EJBCA directory for database scripts.    | `${EJBCA_BASE_DIR}/sql-scripts`                                                                                                                                                              |
+| `EJBCA_VOLUME_DIR`                       | EJBCA persistence directory.             | `${BITNAMI_VOLUME_DIR}/ejbca`                                                                                                                                                                |
+| `EJBCA_WILDFLY_VOLUME_DIR`               | EJBCA Wildlfy persistence directory.     | `${BITNAMI_VOLUME_DIR}/wildfly`                                                                                                                                                              |
+| `EJBCA_DATA_DIR`                         | EJBCA data directory.                    | `${EJBCA_VOLUME_DIR}/tls`                                                                                                                                                                    |
+| `EJBCA_DB_SCRIPT_INDEXES`                | EJBCA database tables creation script.   | `${EJBCA_DATABASE_SCRIPTS_DIR}/create-index-ejbca.sql`                                                                                                                                       |
+| `EJBCA_DB_SCRIPT_TABLES`                 | EJBCA database indexes creation script.  | `${EJBCA_DATABASE_SCRIPTS_DIR}/create-tables-ejbca-mysql.sql`                                                                                                                                |
+| `EJBCA_EAR_FILE`                         | EJBCA application deployment file.       | `${EJBCA_BASE_DIR}/dist/ejbca.ear`                                                                                                                                                           |
+| `EJBCA_WILDFLY_BASE_DIR`                 | Wildfly base directory.                  | `${BITNAMI_ROOT_DIR}/wildfly`                                                                                                                                                                |
+| `EJBCA_WILDFLY_TMP_DIR`                  | Wildfly temporal directory               | `${EJBCA_WILDFLY_BASE_DIR}/tmp`                                                                                                                                                              |
+| `EJBCA_WILDFLY_BIN_DIR`                  | Wildfly bin directory                    | `${EJBCA_WILDFLY_BASE_DIR}/bin`                                                                                                                                                              |
+| `EJBCA_WILDFLY_CONF_DIR`                 | Wildfly configuration directory          | `${EJBCA_WILDFLY_BASE_DIR}/standalone/configuration`                                                                                                                                         |
+| `EJBCA_WILDFLY_PID_DIR`                  | Wildlfy directory to hold PID file       | `${EJBCA_TMP_DIR}`                                                                                                                                                                           |
+| `EJBCA_WILDFLY_PID_FILE`                 | Wildfly PID file                         | `${EJBCA_WILDFLY_PID_DIR}/wildfly.pid`                                                                                                                                                       |
+| `EJBCA_WILDFLY_DEPLOY_DIR`               | Wildfly deployment directory.            | `${EJBCA_WILDFLY_BASE_DIR}/standalone/deployments`                                                                                                                                           |
+| `EJBCA_WILDFLY_TRUSTSTORE_FILE`          | Wildfly truststore file                  | `${EJBCA_WILDFLY_CONF_DIR}/truststore.jks`                                                                                                                                                   |
+| `EJBCA_WILDFLY_KEYSTORE_FILE`            | Wildfly keystore file                    | `${EJBCA_WILDFLY_CONF_DIR}/keystore.jks`                                                                                                                                                     |
+| `EJBCA_WILDFLY_STANDALONE_CONF_FILE`     | Wildfly standalone configuration file    | `${EJBCA_WILDFLY_BIN_DIR}/standalone.conf`                                                                                                                                                   |
+| `EJBCA_WILDFLY_STANDALONE_XML_FILE`      | Wildfly standalone configuration file    | `${EJBCA_WILDFLY_CONF_DIR}/standalone.xml`                                                                                                                                                   |
+| `EJBCA_DAEMON_USER`                      | Wildfly system user.                     | `wildfly`                                                                                                                                                                                    |
+| `EJBCA_DAEMON_GROUP`                     | Wildfly system group                     | `wildfly`                                                                                                                                                                                    |
+| `EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE`   | File to store the keystore password      | `${EJBCA_WILDFLY_TMP_DIR}/keystore.pwd`                                                                                                                                                      |
+| `EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE` | File to store the truststore password    | `${EJBCA_WILDFLY_TMP_DIR}/truststore.pwd`                                                                                                                                                    |
+| `EJBCA_WILDFLY_ADMIN_PASSWORD_FILE`      | File to store the wildfly admin password | `${EJBCA_WILDFLY_TMP_DIR}/wildfly_admin.pwd`                                                                                                                                                 |
+| `EJBCA_TEMP_CERT`                        | Temporary cert file                      | `${EJBCA_TMP_DIR}/cacert.der`                                                                                                                                                                |
+| `EJBCA_HOME`                             | EJBCA home.                              | `${EJBCA_BASE_DIR}`                                                                                                                                                                          |
+| `JAVA_HOME`                              | Java home.                               | `/opt/bitnami/java`                                                                                                                                                                          |
+| `JBOSS_HOME`                             | Jboss home                               | `${EJBCA_WILDFLY_BASE_DIR}`                                                                                                                                                                  |
+| `LAUNCH_JBOSS_IN_BACKGROUND`             | Run jboss in background                  | `true`                                                                                                                                                                                       |
+| `JBOSS_PIDFILE`                          | Wildfly PID file                         | `${EJBCA_WILDFLY_PID_FILE}`                                                                                                                                                                  |
+| `EJBCA_WILDFLY_DATA_TO_PERSIST`          | EJBCA data to persist.                   | `${EJBCA_WILDFLY_CONF_DIR},${EJBCA_WILDFLY_ADMIN_PASSWORD_FILE},${EJBCA_WILDFLY_BASE_DIR}/standalone/data,${EJBCA_WILDFLY_KEYSTORE_PASSWORD_FILE},${EJBCA_WILDFLY_TRUSTSTORE_PASSWORD_FILE}` |

 ## Logging