Can ejbca-ce docker images be made to start wildfly on 80/443 instead of 8080/8443?

[mikebutash]

I've been hunting for a bit, but I've not seen any documented ways to get wildfly to start up on 80/443 instead of its default 8080/8443 and do this without use of using docker nat, which I very specifically do NOT want to do here.

Why not? In my docker setup for my lab, I use macvlans instead of normal namespaces so my hosts just pick up addresses from dhcp normally the old fashioned way on the lan with different security segments per vlan behind my firewall, and that's normally good as I don't like things hidden behind internal nat, except I lose the nat capability directly in docker to fix things like this that just seem to expect it.

I haven't found any environment variable definitions to ensure the image boots and will use 80/443 for services, and even some hacking on the image to get it to run on 80/443 proved unsuccessful, but it would sure make my life a lot easier than having to stand up another box to run lb/proxy service in front of it just for that right now for my home and testing. In setting up custom eku's, policies, things I want to actually test, I'd just like it to run on 80/443 to keep things simple for a single-box solution.

Thanks in advance!

[primetomas]

You have to run the container as root in order to do that. Something that is not best practice and actively discouraged , therefore there is no shortcut to do that. You have to reconfigure standalone.xml to do that, I guess you can do that by overriding it with your own with as fs overlay.

[wgoulet]

@mikebutash FYI I had a similar goal and found it was relatively straightforward to deploy nginx as a reverse proxy on the docker host to map the default ejbca ports to 80/443. I didn't get TLS client auth working seamlessly between my browser and ejbca-ce 8443, but I ended up configuring nginx with client admin cert to authn to ejbca-ce and configured nginx to require client auth from the browser as a workaround. Happy to share nginx config if helpful.