Home > Developer > PostgreSQL
The author in this machine under the virtual machine installation, the database has been installed.
ubuntu16.04 x64
Postgresql:9
Wildfly10
Download the necessary packages (download them directly to the website):
This time the author of the above software are installed in the/OPT directory
The user named Royoan is logged into the operating system, and all of the following actions are user actions
The installation of the JDK is not mentioned, note the setting of the environment variable java_home.
The author creates a user and a schema for that user on the existing test database, which is equivalent to a new database.
--Login database test to add a user and mode Create user ejbca password ‘ejbca‘; CREATE SCHEMA ejbca AUTHORIZATION ejbca;
Unzip the apache-ant-1.10.1-bin.tar.gz into the/opt directory and get the/opt/apache-ant-1.10.1
Configure the environment variable, modify the/home/royoan/.profile file, and at the end of the file, insert the following code
export JAVA_HOME=/opt/jdk1.8.0_131 PATH="$JAVA_HOME/bin:$PATH" export ANT_HOME=/opt/apache-ant-1.10.1 PATH="$ANT_HOME/bin:$PATH"
After saving, execute
$:/opt$ source ~/.profile $:/opt$ cd /opt $:/opt$ ant Buildfile: build.xml does not exist! Build failed
The following build failed hint appears, indicating that Ant is loaded
Also unzip the package to the/OPT directory to get
/opt/wildfly-10.0.0.final Directory
Execute the following command to start the Wildfly server:
2.3.1 Installing the PostgreSQL driver and configuration data source in the Wildflycd /opt/wildfly-10.0.0.Final bin/standalone.sh
Put the Postgresql-9.4.1207.jar file in the/home/royoan/directory, and wait for Wildfly to execute the following command:
Jboss-cli.bat-c
This command goes into the command line tool and executes the following CLI command to install the module
module add --name=org.postgresql --resources=/home/roy/postgresql-9.4.1207.jar --dependencies=javax.api,javax.transaction.api
The command creates a directory below the Jboss_home/modules
|-org/postgresql/main
|-module.xml
∟-postgresql-9.4.1207.jar
Add CLI commands to drive and increase data sources:
/subsystem=datasources/jdbc-driver=postgresql:add(driver-name="postgresql",driver-module-name="org.postgresql",driver-xa-datasource-class-name=org.postgresql.Driver) data-source add --name=ejbcads --driver-name="postgresql" --connection-url="jdbc:postgresql://localhost:5432/test" --jndi-name="java:/EjbcaDS" --use-ccm=true --driver-class="org.postgresql.Driver" --user-name="ejbca" --password="ejbca" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql="select 1;"
The above command modifies the Standalone.xml configuration file, please note that the above url,username,password is actually filled in according to your database configuration.
The command is also executed under the CLI command line:
/subsystem=remoting/http-connector=http-remoting-connector:remove /subsystem=remoting/http-connector=http-remoting-connector:add(connector-ref="remoting",security-realm="ApplicationRealm") /socket-binding-group=standard-sockets/socket-binding=remoting:add(port="4447") /subsystem=undertow/server=default-server/http-listener=remoting:add(socket-binding=remoting) :reload
Configuration log:
/subsystem=logging/logger=org.ejbca:add /subsystem=logging/logger=org.ejbca:write-attribute(name=level, value=DEBUG) /subsystem=logging/logger=org.cesecore:add /subsystem=logging/logger=org.cesecore:write-attribute(name=level, value=DEBUG)
Unzip the ejbca_ce_6_5.0.5.zip to the/OPT directory, and enter the extracted folder.
The Conf directory is a EJBCA configuration file that reads some of the settings in this file when build and the CA is generated, and the configuration files in the. Sample end, and if we want to modify the default configuration, we need to rename the file that needs to be modified, remove the. Sample
We need to change a few files, Sir, into 4 important files:
cd /opt/ejbca_ce_6_5.0.5/conf mv ejbca.properties.sample ejbca.properties mv web.properties.sample web.properties mv database.properties.sample database.properties mv install.properties.sample install.properties
Modify the Ejbca.properties file
Set the value of the Appserver.home (the installation location of the application server, which is/opt/wildfly-10.0.0.final for us)
Modify the Web.properties file
Set the certificate password for the Super administrator of the CA, the certificate password for the server-side certificate generated by the application server, the password for the CA's truststory, and so on, the settings of these passwords can be set as needed, or the default configuration will be maintained. Note that the httpsserver.hostname, which corresponds to the alias behind, my IP address is 147.128.105.149, and here we set the 147.128.105.149
Modify the Database.properties file
In fact, just use the wildfly data source. Cancel the Datasource.jndi-name=ejbcads comment, and also release the database type database.name=postgres the comment. Otherwise, the installation of the library table of the H2 database will be executed with an error. The author is not open this option causes the first installation error.
Modify the Install.properties file
Set the name of the CA, encryption, and so on, it is recommended to leave the default.
Go to the command line and execute the following command:
cd /opt/ejbca_ce_6_5.0.5/ ant clean deployear ant runinstall ant deploy-keystore
Deployear's step will be a little longer,
Ant Runinstall You do not need to perform this step when removing an existing installation (with available TLS KeyStore). The truth has not been read.
After the ant Deploy-keystore is executed, the KEYSTORE.JKS is generated in the EJBCA directory, Truststore.jks, and the script is automatically copied to the $JBOSS _home/standalone/configuration/ KeyStore, we don't care.
Also execute jboss-cli.sh-c into CLI command line interface in the/opt/wild directory, execute the following CLI:
4.2 Configuring the new TLS/subsystem=undertow/server=default-server/http-listener=default:remove /subsystem=undertow/server=default-server/https-listener=https:remove /socket-binding-group=standard-sockets/socket-binding=http:remove /socket-binding-group=standard-sockets/socket-binding=https:remove
/interface=http:add(inet-address="0.0.0.0") /interface=httpspub:add(inet-address="0.0.0.0") /interface=httpspriv:add(inet-address="0.0.0.0") /socket-binding-group=standard-sockets/socket-binding=http:add(port="8080",interface="http") /subsystem=undertow/server=default-server/http-listener=http:add(socket-binding=http) /subsystem=undertow/server=default-server/http-listener=http:write-attribute(name=redirect-socket, value="httpspriv") :reload
The above "0.0.0.0" means that the other machine can also be accessed, the original default is 127.0.0.1 is only native access.
Then configure realm, socket-binding, note two password, here alias is mentioned earlier to configure the IP address.
/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add(keystore-path="${jboss.server.config.dir}/keystore/keystore.jks", keystore-password="serverpwd", alias="147.128.105.149")
/core-service=management/security-realm=SSLRealm/authentication=truststore:add(keystore-path="${jboss.server.config.dir}/keystore/truststore.jks", keystore-password="changeit")
/socket-binding-group=standard-sockets/socket-binding=httpspriv:add(port="8443",interface="httpspriv")
/socket-binding-group=standard-sockets/socket-binding=httpspub:add(port="8442", interface="httpspub")
When you're done, exit jboss-cli.sh.
Stop Wildfly and reboot. (Be sure not to forget it)
Re-entry into jboss-cli.sh-c
Perform:
/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding=httpspriv, security-realm="SSLRealm", verify-client=REQUIRED) /subsystem=undertow/server=default-server/https-listener=httpspriv:write-attribute(name=max-parameters, value="2048") /subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding=httpspub, security-realm="SSLRealm") /subsystem=undertow/server=default-server/https-listener=httpspub:write-attribute(name=max-parameters, value="2048") :reload
Then there are some important configurations
/system-property=org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:add(value=true) /system-property=org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:add(value=true) /system-property=org.apache.catalina.connector.URI_ENCODING:add(value="UTF-8") /system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING:add(value=true) /subsystem=webservices:write-attribute(name=wsdl-host, value=jbossws.undefined.host) /subsystem=webservices:write-attribute(name=modify-wsdl-address, value=true) :reload
If you have an Apache service in front of Wildfly, execute the following command, or do not:
/subsystem=undertow/server=default-server/ajp-listener=ajp-listener:add(socket-binding=ajp, scheme=https, enabled=true) :reload
Download the certificate/opt/ejbca_ce_6_5.0.5/p12/superadmin.p12 to the local, then import the browser, you can access the background () because two-way authentication is required)
EJBCA Management Background
Https://147.128.105.149:8443/ejbca/adminweb
Done!!!
This article copyright belongs to author Royoan (Bowen address: http://www.cnblogs.com/royoan/p/7763633.html) all, welcome reprint and Commercial, please in the article page obvious location give the original link and retain this paragraph statement, Otherwise reserves the right to hold legal responsibility, other matters, can leave a message to consult.
EJBCA Installation Tutorial +postgresql+wildfly10
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
