ejbca-docker

Overview

This docker image contains EJBCA.

Debugging jboss and ejbca

Modify ejbca install to use jboss cli password

sed --in-place '/--command=/r /dev/stdin' $EJBCA_HOME/bin/jboss.xml <<- EOF
        <arg value="--user=admin" />
        <arg value="--password=\${env.JBOSS_PASSWORD}" />
EOF

Expose ejbca cli arguments (including secrets!)

sed --in-place 's/ejbca:cli-hideargs/ejbca:cli/g' $EJBCA_HOME/bin/cli.xml

Enable trace logging for ejbca cli

for i in ERROR WARN INFO DEBUG ; do
        sed --in-place "s/$i/TRACE/g" $EJBCA_HOME/dist/ejbca-ejb-cli/log4j.xml
done
sed --in-place 's/false/true/g' $EJBCA_HOME/dist/ejbca-ejb-cli/log4j.xml

Enable trace logging for jboss remoting

Reference: http://www.mastertheboss.com/jboss-server/jboss-log/5-loggers-in-jboss-you-should-know-about

Add the following to /usr/share/jboss/standalone/configuration/standalone.xml

<logger category="org.jboss.remoting.remote">
        <level name="TRACE"/>
</logger>

Entrypoint Scripts

ejbca

The embedded entrypoint script is located at /etc/entrypoint.d/20ejbca and performs the following actions:

A new ejbca configuration is generated using the following environment variables:

Variable	Default Value	Description
EJBCA_ADMIN_PASSWORD	random	The ejbca `admin` password.
EJBCA_DATABASE_PASSWORD	random	The ejbca `database` password.
EJBCA_KEYSTORE_PASSWORD	random	The ejbca `keystore` password.
EJBCA_TRUSTSTORE_PASSWORD	random	The ejbca `truststore` password.

Standard Configuration

Container Layout

/
├─ etc/
│  └─ entrypoint.d/
│     └─ ejbca
├─ mnt/
│  ├─ external/
│  │  ├─ p12/
│  │  └─ secrets/
│  │     └─ tls/
│  │        ├─ ks/
│  │        │  ├─ server.jks
│  │        │  └─ server.storepasswd
│  │        └─ ts/
│  │           ├─ truststore.jks
│  │           └─ truststore.storepasswd
│  └─ persistent/
├─ opt/
│  └─ keyfactor/
│     ├─ ejbca/
│     └─ wildfly-x.y.z.Final/
│        └─ standalone/
│           └─ configuration/
└─ run/
   └─ secrets/
      ├─ ejbca_admin_password
      ├─ ejbca_database_password
      ├─ ejbca_keystore_password
      └─ ejbca_truststore_password

Exposed Ports

8009/tcp - Apache JServ Protocol. Used for HTTP clustering and load balancing.
8080/tcp - Public HTTP port of your application server, used for clients to access the public web for information. Not to be used for enrollment since it's not encrypted.
8081/tcp - HTTP back-end proxy port.
8082/tcp - HTTP back-end proxy port with client certificate headers.
8442/tcp - Public HTTPS port (server side only SSL) of your application server, used for clients to access the public web for enrollment.
8443/tcp - SSL protected HTTPS port used to access the EJBCA Admin GUI. This port requires client certificate for access.

Volumes

/mnt/external - EJBCA data directory (static).
/mnt/persistent - EJBCA data directory (dynamic).

Development

Source Control

gr33nbl00d / ejbca-docker Goto Github PK

ejbca-docker's Introduction

ejbca-docker

Overview

Debugging jboss and ejbca

Modify ejbca install to use jboss cli password

Expose ejbca cli arguments (including secrets!)

Enable trace logging for ejbca cli

Enable trace logging for jboss remoting

Entrypoint Scripts

ejbca

Standard Configuration

Container Layout

Exposed Ports

Volumes

Development

ejbca-docker's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent