This repository contains an extension to the original Dockerfile used to create the Alfresco ActiveMQ image available in https://github.com/Alfresco/alfresco-docker-activemq with TLS support.
This project includes a sample keystore folder including a sample server broker.ks
keystore and a sample client client-truststore.jks
truststore. These keystores are protected with password password
.
To generate these keystores Java keytool program can be used. Choose activemq
or the service name for the CN of the server certificate.
Create the server certificate activemq
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
Create the client certificate (to connect with the ActiveMQ service) and package it in a Java truststore.
keytool -export -alias broker -keystore broker.ks -file broker_cert
keytool -genkey -alias client -keyalg RSA -keystore client-truststore.jks
Building the Docker Image locally with tag name activemq-tls
can be done using regular Docker command.
docker build . -t activemq-tls
Following Container paths are expected:
/opt/activemq/broker.ks
- activemq server certificate (keystore)/opt/activemq/client-truststore.jks
- activemq client certificate (truststore)
Running activemq
container with local keystores can executed using following command:
docker run \
-v $(pwd)/keystore/broker.ks:/opt/activemq/broker.ks \
-v $(pwd)/keystore/client-truststore.jks:/opt/activemq/client-truststore.jks \
activemq-tls
When using this ActiveMQ TLS container in Alfresco Docker Compose stacks, apply following configuration to each client service to add client-truststore.jks
truststore:
service:
image: ...
environment:
JAVA_OPTS: "
-Djavax.net.ssl.trustStore=/opt/client-truststore.jks
-Djavax.net.ssl.trustStorePassword=password
-Djdk.tls.client.protocols=TLSv1.2
"
volumes:
- ./client-truststore.jks:/opt/client-truststore.jks
You may specify TLS version (as the TLSv1.2 in the example above) using the jdk.tls.client.protocol
environment variable.