Dockerfile Keytool Import Certificate Gradle Build and Tomcat Deploy

19-01-2022

We can use the following dockerfile to build gradle project. After build process, generated war file will be moved to /usr/local/tomcat/webapps/ directory.

If you need to add a custom certificate, you should copy the new certifacete to /etc/ssl/certs directory. Otherwise, Java Keytool is not importing the custom certificate from another location. (It took me 5 hours to reach this information.)

The last commands, for loop in this case, automatically imports existing certificates into cacerts.

FROM gradle:7.3.3-jdk8 AS build
ENV TIS_DATA=/home/tis-data
 #We added this code because gradle and tomcat override each other
RUN whoami
WORKDIR $TIS_DATA
COPY --chown=gradle:gradle . /home/gradle/src
WORKDIR /home/gradle/src
RUN gradle build --no-daemon

FROM tomcat:8.5.73
RUN rm -fr /usr/local/tomcat/webapps/ROOT
#after tomcat installed, JAVA_HOME is changed, so we will redirect

COPY --from=build /home/gradle/src/build/libs/ktbyigm.war /usr/local/tomcat/webapps/ROOT.war
COPY --from=build /home/gradle/src/src/main/resources/edevlet.pem /etc/ssl/certs/edevlet.pem

CMD ["catalina.sh", "run"]
EXPOSE 8080

#KTB SSL move
COPY ./gradle/ktb.pem /etc/ssl/certs/ktb.pem
COPY ./gradle/ktb.pem /usr/local/share/ca-certificates/ktb.pem
RUN ls /usr/local/share/ca-certificates
RUN ls /etc/ssl/certs
RUN update-ca-certificates
RUN $JAVA_HOME/bin/keytool -cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias edevlet -file /etc/ssl/certs/edevlet.pem

RUN for i in /etc/ssl/certs/*.pem; do yes | keytool -importcert -alias $i -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -file $i; done
RUN keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit

© 2019 All rights reserved. Codesenior.COM