Bitnami Secure Image for java
1M+
Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible.
Overview of Java Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
docker run --name java REGISTRY_NAME/bitnami/java:latest
Note: You need to substitute the
REGISTRY_NAMEplaceholder with a reference to your container registry.
docker run --name java REGISTRY_NAME/bitnami/java:latest
This asset is available in two flavors: Standard and Minimal; designed to address different use cases and operational needs.
The standard images are full-featured, production-ready containers built on top of secure base operating systems. They include:
Recommended for:
The minimal images are optimized, distroless-style containers derived from a stripped-down base. They only ship what’s strictly necessary to run the application; no shell, package manager, or extra libraries. They provide:
Recommended for:
Dockerfile linksLearn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.
The prod tags has been removed; from now on just the regular container images will be released.
The formatting convention for prod tags has been changed:
BRANCH-debian-10-prod is now tagged as BRANCH-prod-debian-10VERSION-debian-10-rX-prod is now tagged as VERSION-prod-debian-10-rXlatest-prod is now deprecatedThe recommended way to get the Bitnami Java Docker Image is to pull the prebuilt image from the Docker Hub Registry.
docker pull REGISTRY_NAME/bitnami/java:latest
To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.
docker pull REGISTRY_NAME/bitnami/java:[TAG]
If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.
git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t REGISTRY_NAME/bitnami/APP:latest .
docker-compose.yamlPlease be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes.
The following section describes how to run commands
The default work directory for the Java image is /app. You can mount a folder from your host here that includes your Java jar or war, and run it normally using the java command.
docker run -it --name java -v /path/to/app:/app REGISTRY_NAME/bitnami/java:latest \
java -jar package.jar
or using Docker Compose:
java:
image: REGISTRY_NAME/bitnami/java:latest
command: "java -jar package.jar"
volumes:
- .:/app
Further Reading:
In case you are replacing the default minideb base image with a custom base image (based on Debian), it is possible to replace the default truststore located in the /opt/bitnami/java/lib/security folder. This is done by setting the JAVA_EXTRA_SECURITY_DIR docker build ARG variable, which needs to point to a location that contains a cacerts file that would substitute the originally bundled truststore. In the following example we will use a minideb fork that contains a custom cacerts file in the /bitnami/java/extra-security folder:
FROM docker.io/bitnami/minideb:latest to use a custom image, defined with the MYJAVAFORK:TAG placeholder:- FROM REGISTRY_NAME/bitnami/minideb:latest
+ FROM MYFORK:TAG
docker build setting the value of JAVA_EXTRA_SECURITY_DIR. Remember to replace the MYJAVAFORK:TAG placeholder.docker build --build-arg JAVA_EXTRA_SECURITY_DIR=/bitnami/java/extra-security -t MYJAVAFORK:TAG .
The Bitnami Java Docker image from the Bitnami Secure Images catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:
OPENSSL_FIPS: whether OpenSSL runs in FIPS mode or not. yes (default), no.JAVA_TOOL_OPTIONS: controls Java FIPS mode. Use -Djava.security.properties==/opt/bitnami/java/conf/security/java.security.restricted (restricted), -Djava.security.properties==/opt/bitnami/java/conf/security/java.security.relaxed (relaxed), or -Djava.security.properties==/opt/bitnami/java/conf/security/java.security.original (off).Copyright © 2026 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.