ejbca手动安装(基于almalinux9.5)

ejbca手动安装(基于almalinux9.5)

手动安装的一个好处是使用hsm方便,可以安装hsm驱动,但是安装过程颇为繁锁

  • 安装java环境

    “`
    dnf update
    dnf install java-17-openjdk java-17-openjdk-devel
    “`

  • 下载ejbca源码

    下载WildFly 32.0
    https://www.wildfly.org/downloads/
    ejbca下载
    https://github.com/Keyfactor/ejbca-ce/releases

  • 安装wildFly

    “`
    wget https://github.com/wildfly/wildfly/releases/download/32.0.1.Final/wildfly-32.0.1.Final.zip -O /tmp/wildfly-32.0.1.Final.zip
    unzip -q /tmp/wildfly-32.0.1.Final.zip -d /opt/
    ln -snf /opt/wildfly-32.0.1.Final /opt/wildfly
    sed -i '/.*org.jboss.resteasy.resteasy-crypto.*/d' /opt/wildfly/modules/system/layers/base/org/jboss/as/jaxrs/main/module.xml
    rm -rf /opt/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-crypto/
    “`

    替换文件/opt/wildfly/bin/standalone.conf

    “`
    if [ "xJBOSS_MODULES_SYSTEM_PKGS" = "x" ]; then
    JBOSS_MODULES_SYSTEM_PKGS="org.jboss.byteman"
    fi

    if [ "xJAVA_OPTS" = "x" ]; then
    JAVA_OPTS="-Xms{{ HEAP_SIZE }}m -Xmx{{ HEAP_SIZE }}m"
    JAVA_OPTS="JAVA_OPTS -Dhttps.protocols=TLSv1.2,TLSv1.3"
    JAVA_OPTS="
    JAVA_OPTS -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3"
    JAVA_OPTS="JAVA_OPTS -Djava.net.preferIPv4Stack=true"
    JAVA_OPTS="
    JAVA_OPTS -Djboss.modules.system.pkgs=JBOSS_MODULES_SYSTEM_PKGS"
    JAVA_OPTS="
    JAVA_OPTS -Djava.awt.headless=true"
    JAVA_OPTS="JAVA_OPTS -Djboss.tx.node.id={{ TX_NODE_ID }}"
    JAVA_OPTS="
    JAVA_OPTS -XX:+HeapDumpOnOutOfMemoryError"
    JAVA_OPTS="JAVA_OPTS -Djdk.tls.ephemeralDHKeySize=2048"
    else
    echo "JAVA_OPTS already set in environment; overriding default settings with values:
    JAVA_OPTS"
    fi

    “`

    “`
    echo -e "\nJAVA_OPTS=\"\JAVA_OPTS –add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED\"" >> /opt/wildfly/bin/standalone.conf
    sed -i -e 's/{{ HEAP_SIZE }}/2048/g' /opt/wildfly/bin/standalone.conf
    sed -i -e "s/{{ TX_NODE_ID }}/
    (od -A n -t d -N 1 /dev/urandom | tr -d ' ')/g" /opt/wildfly/bin/standalone.conf

    cp /opt/wildfly/docs/contrib/scripts/systemd/launch.sh /opt/wildfly/bin
    cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system
    mkdir /etc/wildfly
    cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.conf /etc/wildfly
    systemctl daemon-reload
    useradd -r -s /bin/false wildfly
    chown -R wildfly:wildfly /opt/wildfly-32.0.1.Final/
    systemctl start wildfly
    systemctl stop firewalld
    systemctl disable firewalld
    systemctl enable wildfly
    #开启remoting,否者ejbcli无法使用,既而ant runinstall无法执行
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=connector-ref,value=remoting)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/socket-binding-group=standard-sockets/socket-binding=remoting:add(port=4447,interface=management)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=undertow/server=default-server/http-listener=remoting:add(socket-binding=remoting,enable-http2=true)'
    /opt/wildfly/bin/jboss-cli.sh –connect ':reload'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=org.ejbca:add(level=INFO)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=org.cesecore:add(level=INFO)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=com.keyfactor:add(level=INFO)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add(pattern="%h %t \"%r\" %s \"%{i,User-Agent}\"", relative-to=jboss.server.log.dir, directory=access-logs)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=io.undertow.accesslog:add(level=INFO)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/root-logger=ROOT:remove-handler(name=CONSOLE)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/console-handler=CONSOLE:remove()'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=org.cesecore.certificates.ocsp.logging.TransactionLogger:add(use-parent-handlers=false)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=org.cesecore.certificates.ocsp.logging.TransactionLogger:write-attribute(name=level, value=INFO)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/async-handler=ocsp-tx-async:add(queue-length="100")'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/async-handler=ocsp-tx-async:write-attribute(name=level, value=DEBUG)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/async-handler=ocsp-tx-async:write-attribute(name="overflow-action", value="BLOCK")'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/logger=org.cesecore.certificates.ocsp.logging.TransactionLogger:add-handler(name=ocsp-tx-async)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/periodic-rotating-file-handler=ocsp-tx:add(autoflush=true, append=true, suffix=".yyyy-MM-dd", file={path=ocsp-tx.log,relative-to=jboss.server.log.dir})'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=logging/async-handler=ocsp-tx-async:add-handler(name=ocsp-tx)'
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=deployment-scanner/scanner=default:write-attribute(name=scan-interval,value=0)'

    “`
    配置https并使用3端口配置(默认是2端口)
    “`
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/http-listener=default:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/socket-binding-group=standard-sockets/socket-binding=http:remove()’
    # Line 4 is not needed if Galleon was used
    #/opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/https-listener=https:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/socket-binding-group=standard-sockets/socket-binding=https:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/interface=http:add(inet-address=”0.0.0.0″)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/interface=httpspub:add(inet-address=”0.0.0.0″)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/interface=httpspriv:add(inet-address=”0.0.0.0″)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/socket-binding-group=standard-sockets/socket-binding=http:add(port=”8080″,interface=”http”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/socket-binding-group=standard-sockets/socket-binding=httpspub:add(port=”8442″,interface=”httpspub”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/socket-binding-group=standard-sockets/socket-binding=httpspriv:add(port=”8443″,interface=”httpspriv”)’

    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/credential-store=defaultCS:add-alias(alias=httpsKeystorePassword, secret-value=”hetao1987″)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/credential-store=defaultCS:add-alias(alias=httpsTruststorePassword, secret-value=”hetao1987″)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/key-store=httpsKS:add(path=”keystore/keystore.p12″,relative-to=jboss.server.config.dir,credential-reference={store=defaultCS, alias=httpsKeystorePassword},type=PKCS12)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/key-store=httpsTS:add(path=”keystore/truststore.p12″,relative-to=jboss.server.config.dir,credential-reference={store=defaultCS, alias=httpsTruststorePassword},type=PKCS12)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,algorithm=”SunX509″,credential-reference={store=defaultCS, alias=httpsKeystorePassword})’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/trust-manager=httpsTM:add(key-store=httpsTS)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/server-ssl-context=httpspub:add(key-manager=httpsKM,protocols=[“TLSv1.3″,”TLSv1.2″],use-cipher-suites-order=false,cipher-suite-filter=”TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256″,cipher-suite-names=”TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=[“TLSv1.3″,”TLSv1.2″],use-cipher-suites-order=false,cipher-suite-filter=”TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256″,cipher-suite-names=”TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256″,trust-manager=httpsTM,need-client-auth=true)’

    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/http-listener=http:add(socket-binding=”http”, redirect-socket=”httpspriv”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding=”httpspub”, ssl-context=”httpspub”, max-parameters=2048)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding=”httpspriv”, ssl-context=”httpspriv”, max-parameters=2048)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’

    /opt/wildfly/bin/jboss-cli.sh –connect ‘/system-property=org.apache.catalina.connector.URI_ENCODING:add(value=”UTF-8″)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING:add(value=true)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/system-property=org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:add(value=true)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/system-property=org.apache.tomcat.util.http.Parameters.MAX_COUNT:add(value=2048)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/system-property=org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:add(value=true)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=webservices:write-attribute(name=wsdl-host, value=jbossws.undefined.host)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=webservices:write-attribute(name=modify-wsdl-address, value=true)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/host=default-host/location=”\/”:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/configuration=handler/file=welcome-content:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    #rm -rf /opt/wildfly/welcome-content/
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/configuration=filter/rewrite=redirect-to-app:add(redirect=true,target=”/ejbca/adminweb/”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/host=default-host/filter-ref=redirect-to-app:add(priority=1,predicate=”method(GET) and not path-prefix(/ejbca,/crls,/certificates,/.well-known) and not equals({\%{LOCAL_PORT}, 4447})”)’

    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/configuration=filter/rewrite=redirect-to-app:add(redirect=true,target=”/ejbca/adminweb/”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/host=default-host/filter-ref=redirect-to-app:add(priority=1,predicate=”method(GET) and not path-prefix(/ejbca,/crls,/certificates,/.well-known) and not equals({\%{LOCAL_PORT}, 4447})”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/configuration=filter/rewrite=crl-rewrite:add(target=”/ejbca/publicweb/crls/{1}”)’
    /opt/wildfly/bin/jboss-cli.sh –connect “/subsystem=undertow/server=default-server/host=default-host/filter-ref=crl-rewrite:add(predicate=\”method(GET) and regex(‘/crls/(._)’)\”)”
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/configuration=filter/rewrite=certs-rewrite:add(target=”/ejbca/publicweb/certificates/
    {1}”)’
    /opt/wildfly/bin/jboss-cli.sh –connect “/subsystem=undertow/server=default-server/host=default-host/filter-ref=certs-rewrite:add(predicate=\”method(GET) and regex(‘/certificates/(.)’)\”)”
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/configuration=filter/rewrite=rewrite-ocsp:add(target=”/ejbca/publicweb/status/ocsp”)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/host=default-host/filter-ref=rewrite-ocsp:add(predicate=”path(/ocsp) and method(GET,POST)”)’
    #/opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=elytron/trust-manager=httpsTM:write-attribute(name=ocsp, value={})’
    #/opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=ee/service=default-bindings:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘data-source remove –name=ExampleDS’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=jdr:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=sar:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=jmx:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=pojo:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-jwt-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=ee-security:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-opentracing-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=distributable-web:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=datasources/jdbc-driver=h2:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-config-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=request-controller:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=security-manager:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.config-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.jwt-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.clustering.web:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.opentracing-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=health:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=metrics:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.health:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.metrics:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.jdr:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.jmx:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.sar:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.pojo:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.ee-security:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.request-controller:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.security.manager:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=jdr:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=sar:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=jmx:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=pojo:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-jwt-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=ee-security:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-opentracing-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=distributable-web:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=datasources/jdbc-driver=h2:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-config-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=request-controller:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=security-manager:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.config-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.jwt-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.clustering.web:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.opentracing-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=health:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=metrics:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.health:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.metrics:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.jdr:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.jmx:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.sar:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.pojo:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.ee-security:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.request-controller:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.security.manager:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=jdr:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=sar:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=jmx:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=pojo:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-jwt-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=ee-security:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-opentracing-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=distributable-web:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=datasources/jdbc-driver=h2:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=microprofile-config-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=request-controller:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=security-manager:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.config-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.jwt-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.clustering.web:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.microprofile.opentracing-smallrye:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=health:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=metrics:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.health:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.metrics:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.jdr:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.jmx:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.sar:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.jboss.as.pojo:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.ee-security:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.request-controller:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/extension=org.wildfly.extension.security.manager:remove()’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘/subsystem=undertow/server=default-server/ajp-listener=ajp-listener:add(socket-binding=ajp, scheme=https, enabled=true)’
    /opt/wildfly/bin/jboss-cli.sh –connect ‘:reload’

    “`
    </p></li>
    <li><p>安装数据库

    “`
    dnf install mariadb maraidb-server
    mysql -u root -p
    CREATE DATABASE ejbca CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
    GRANT ALL PRIVILEGES ON ejbca.* TO ‘ejbca’@’%’ IDENTIFIED BY ‘ejbca’;
    quit
    “`

    “`
    echo '#!/bin/sh' > /usr/bin/wildfly_pass
    echo "echo '$(openssl rand -base64 24)'" >> /usr/bin/wildfly_pass
    chown wildfly:wildfly /usr/bin/wildfly_pass
    chmod 700 /usr/bin/wildfly_pass
    mkdir /opt/wildfly/standalone/configuration/keystore
    chown wildfly:wildfly /opt/wildfly/standalone/configuration/keystore
    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=elytron/credential-store=defaultCS:add(path=keystore/credentials, relative-to=jboss.server.config.dir, credential-reference={clear-text="{EXT}/usr/bin/wildfly_pass", type="COMMAND"}, create=true)'

    wget https://dlm.mariadb.com/3852266/Connectors/java/connector-java-3.4.1/mariadb-java-client-3.4.1.jar -O /opt/wildfly/standalone/deployments/mariadb-java-client.jar

    /opt/wildfly/bin/jboss-cli.sh –connect '/subsystem=elytron/credential-store=defaultCS:add-alias(alias=dbPassword, secret-value="ejbca")'
    /opt/wildfly/bin/jboss-cli.sh –connect 'data-source add –name=ejbcads –connection-url="jdbc:mysql://127.0.0.1:3306/ejbca?permitMysqlScheme" –jndi-name="java:/EjbcaDS" –use-ccm=true –driver-name="mariadb-java-client.jar" –driver-class="org.mariadb.jdbc.Driver" –user-name="ejbca" –credential-reference={store=defaultCS, alias=dbPassword} –validate-on-match=true –background-validation=false –prepared-statements-cache-size=50 –share-prepared-statements=true –min-pool-size=5 –max-pool-size=150 –pool-prefill=true –transaction-isolation=TRANSACTION_READ_COMMITTED –check-valid-connection-sql="select 1;"'
    /opt/wildfly/bin/jboss-cli.sh –connect ':reload'

    “`

  • 安装ejbca

    “`
    export ejbca_home=/opt/ejbca
    # 用dnf安装的ant绑定了java11,会出现class file has wrong version 61.0, should be 55.0的错误
    wget https://downloads.apache.org/ant/binaries/apache-ant-1.10.15-bin.tar.gz -O apache-ant-1.10.15-bin.tar.gz
    tar -zxf apache-ant-1.10.15-bin.tar.gz
    mv apache-ant-1.10.15 /opt/
    cd /opt
    mv apache-ant-1.10.15 ant
    export PATH=$PATH:/opt/ant/bin
    ant -q clean deployear
    ant runinstall
    ant deploy-keystore
    systemctl restart wildfly
    “`

Views: 1

评论

发表回复