I've been trying for hours to get EJBCA working behind Nginx Proxy Manager. I've deployed EJBCA using Docker without issue using the following docker-compose:
`
version: '3'
services:
ejbca-database:
container_name: ejbca-database
image: library/mariadb:lts
networks:
- application-bridge
environment:
- MYSQL_ROOT_PASSWORD=foo123
- MYSQL_DATABASE=ejbca
- MYSQL_USER=ejbca
- MYSQL_PASSWORD=ejbca
volumes:
- ejbca-data:/var/lib/mysql:rw
ejbca-node1:
hostname: ejbca-node1
container_name: ejbca
image: keyfactor/ejbca-ce:latest
depends_on:
- ejbca-database
networks:
- proxy_network
- application-bridge
environment:
- DATABASE_JDBC_URL=jdbc:mariadb://ejbca-database:3306/ejbca?characterEncoding=UTF-8
- LOG_LEVEL_APP=INFO
- LOG_LEVEL_SERVER=INFO
- TLS_SETUP_ENABLED=true
volumes:
ejbca-data:
networks:
proxy_network:
external: true # proxy_network need to be created beforehand in Portainer interface
application-bridge:
driver: bridge
`
Enrollment is working like a charm and I was able to import the certificate into the browser.
Authorization Denied
No client certificate was presented
If you did not get prompted to select a client certificate, please check that you have the correct certificate.
I guess this is probably due to NPN configuration, but no idea how I could tackle this issue...
Dear all,
I've been trying for hours to get EJBCA working behind Nginx Proxy Manager. I've deployed EJBCA using Docker without issue using the following docker-compose:
`
version: '3'
services:
ejbca-database:
container_name: ejbca-database
image: library/mariadb:lts
networks:
- application-bridge
environment:
- MYSQL_ROOT_PASSWORD=foo123
- MYSQL_DATABASE=ejbca
- MYSQL_USER=ejbca
- MYSQL_PASSWORD=ejbca
volumes:
- ejbca-data:/var/lib/mysql:rw
ejbca-node1:
hostname: ejbca-node1
container_name: ejbca
image: keyfactor/ejbca-ce:latest
depends_on:
- ejbca-database
networks:
- proxy_network
- application-bridge
environment:
- DATABASE_JDBC_URL=jdbc:mariadb://ejbca-database:3306/ejbca?characterEncoding=UTF-8
- LOG_LEVEL_APP=INFO
- LOG_LEVEL_SERVER=INFO
- TLS_SETUP_ENABLED=true
volumes:
ejbca-data:
networks:
proxy_network:
external: true # proxy_network need to be created beforehand in Portainer interface
application-bridge:
driver: bridge
`
Enrollment is working like a charm and I was able to import the certificate into the browser.
That said, trying the access the https://myserver/ejbca/adminweb/ url is leading to an authorization denied error:
Authorization Denied
No client certificate was presented
If you did not get prompted to select a client certificate, please check that you have the correct certificate.
I guess this is probably due to NPN configuration, but no idea how I could tackle this issue...
I've found the following link but brought more confusion than other.
https://sourceforge.net/p/ejbca/discussion/123123/thread/d7b4c6b884/
In particular I don't understand what about ports 8081 / 8082 that are referenced in the configuration... I may have missed something…
I'm close to give up... Any clues about how I could get it working behind RP?
Regards
EJBCA discussions have moved here: https://github.com/Keyfactor/ejbca-ce/discussions