├── Dockerfile ├── LICENSE ├── README.md ├── docker-compose.yml ├── fake-sudo.sh └── start.sh /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN ln -fs /usr/share/zoneinfo/Asia/Taipei /etc/localtime 4 | RUN apt-get update && apt-get install --no-install-recommends -y wget unzip pcscd pcsc-tools libc6 openssl locales tzdata psmisc 5 | RUN locale-gen zh_TW zh_TW.UTF-8 zh_CN zh_CN.UTF-8 en 6 | 7 | # MOICA內政部憑證管理中心-跨平台網頁元件 - http://moica.nat.gov.tw/rac_plugin.html 8 | RUN wget -O /dev/stdout http://moica.nat.gov.tw/download/File/HiPKILocalSignServer/linux/HiPKILocalSignServerApp.tar.gz | tar zxvf - -C /usr/local 9 | 10 | # workarounds for mLNHIICC_Setup: 11 | # 1. since it is already root, fake sudo command 12 | COPY fake-sudo.sh /usr/bin/sudo 13 | RUN chmod 755 /usr/bin/sudo 14 | # 2. make libssl1.0.0 installable 15 | RUN echo 'deb http://archive.ubuntu.com/ubuntu/ bionic main restricted' >> /etc/apt/sources.list && apt-get update 16 | 17 | # Setup for reading Health Insurance ID Card 18 | # 健保卡網路服務註冊-環境檢測(Chrome、FireFox、Opera、Edge) - https://cloudicweb.nhi.gov.tw/cloudic/system/SMC/mEventesting.htm 19 | RUN wget --no-check-certificate -O /tmp/mLNHIICC_Setup.Ubuntu.zip https://cloudicweb.nhi.gov.tw/cloudic/system/SMC/mLNHIICC_Setup.Ubuntu.zip \ 20 | && unzip -d /tmp /tmp/mLNHIICC_Setup.Ubuntu.zip \ 21 | && mkdir -p /tmp/mLNHIICC_Setup \ 22 | && tar zxvf $(ls /tmp/*.tar.gz) -C /tmp/mLNHIICC_Setup \ 23 | && cd /tmp/mLNHIICC_Setup/* && ./Install 24 | 25 | RUN rm -rf /tmp/* /var/tmp/* 26 | 27 | ADD start.sh /usr/local/bin 28 | RUN chmod 755 /usr/local/bin/start.sh 29 | 30 | # Run the final script 31 | CMD /usr/local/bin/start.sh 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 PastLeo 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 在 ArchLinux 上使用 Docker 執行健保卡元件 (`mLNHIICC`),可用於綜合所得稅申報等服務 2 | 3 | 這個是基於 [https://github.com/chihchun/personal-income-tax-docker](https://github.com/chihchun/personal-income-tax-docker) 改出來的,但個人偏好讓 docker 只執行最小需要虛擬的部份,使得瀏覽器以及 Linux 讀卡機服務可以留在 ArchLinux 上執行 4 | 5 | 首先當然得先準備好讀卡機,這邊使用隨便買的多功能 USB 讀卡機 6 | 7 | > 以下指令請自行判斷是否需要 `sudo`,無腦複製網路上的 `sudo` 指令來執行是很危險的... 8 | 9 | ## 在 ArchLinux 上需要安裝好的軟體 10 | 11 | * `docker`, `docker-compose` 12 | * 讀卡機服務 `pcscd` (Server protocol is 4:4) 13 | * 透過 `pacman -S ccid opensc pcsc-tools` 來安裝 14 | * 啟動讀卡機服務 `systemctl start pcscd` 15 | * `git`, `sudo` 等工具 16 | 17 | > 關於讀卡機 ArchLinux wiki 有更詳細的資料: [https://wiki.archlinux.org/index.php/Smartcards](https://wiki.archlinux.org/index.php/Smartcards) 18 | 19 | ## 在 ArchLinux 上測試一下 20 | 21 | ```sh 22 | pcsc_scan 23 | ``` 24 | 25 | 接著把健保卡插上,應該可以看到 `National Health Insurance Card, Taiwan` 之類的字樣,代表讀卡機與 ArchLinux pcscd 運作正常 26 | 27 | ## `git clone` 並建置執行健保卡元件 (`mLNHIICC`) 28 | 29 | ```sh 30 | git clone https://github.com/pastleo/mLNHIICC-docker-archlinux.git 31 | cd mLNHIICC-docker-archlinux 32 | docker-compose up 33 | ``` 34 | 35 | 看到以下 output 之後代表服務應該已經啟動: 36 | 37 | ``` 38 | Creating mlnhiicc-docker-archlinux_mlnhiicc_1 ... done 39 | Attaching to mlnhiicc-docker-archlinux_mlnhiicc_1 40 | mlnhiicc_1 | /usr/local/HiPKILocalSignServerApp/HiPKILocalSignServer 41 | mlnhiicc_1 | + /usr/local/share/NHIICC/mLNHIICC 42 | mlnhiicc_1 | + cd /usr/local/HiPKILocalSignServerApp 43 | mlnhiicc_1 | + ./start.sh 44 | mlnhiicc_1 | + tail -f /dev/null 45 | mlnhiicc_1 | Server has started at 127.0.0.1:61161 46 | ``` 47 | 48 | > 其實 `mLNHIICC` 是跑在 `7777` 上,只是這個服務跑起來完全不會喊一聲 49 | 50 | ## 使 `iccert.nhi.gov.tw` 指向 `127.0.0.1`,並設定為可信任服務 51 | 52 | 對,很鳥: 53 | 54 | ```sh 55 | echo "127.0.0.1 iccert.nhi.gov.tw" >> /etc/hosts 56 | ``` 57 | 58 | 然後確認一下: 59 | 60 | ```sh 61 | ping iccert.nhi.gov.tw 62 | ``` 63 | 64 | 看到下面的回報代表這個設定沒問題了: 65 | 66 | ``` 67 | 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.041 ms 68 | ``` 69 | 70 | 接著使用瀏覽器打開本機內 docker 跑起來的 `mLNHIICC` 服務: 71 | 72 | * [https://iccert.nhi.gov.tw:7777/](https://iccert.nhi.gov.tw:7777/) 73 | * [https://localhost:7777/](https://localhost:7777/) 74 | 75 | > 在[健康存摺](https://myhealthbank.nhi.gov.tw/IHKE0002/IHKE0002S01.aspx)會使用 `https://localhost:7777` 來連接 `mLNHIICC` 服務 76 | 77 | 瀏覽器會說這些網站 SSL 不正常,這是當然的,他跑在本機上;我們得讓瀏覽器信任這個服務,在我這邊的 Chromium 上是 `Advanced` => `Proceed to ... (unsafe)`,接著應該可以看到 `已確認為可信任服務!` 78 | 79 | ## 檢測健保卡元件是否運作正常 80 | 81 | 使用剛剛信任 `iccert.nhi.gov.tw` 的瀏覽器打開這個網站: 82 | 83 | [https://cloudicweb.nhi.gov.tw/cloudic/system/SMC/webtesting/SampleY.aspx](https://cloudicweb.nhi.gov.tw/cloudic/system/SMC/webtesting/SampleY.aspx) 84 | 85 | * 戳一下 `讀取健保卡` 應該可以看到 `讀卡成功:XXX` 86 | * 戳一下 `驗證健保卡` 應該可以看到各種成功,最後 `認證卡片:成功!` 87 | 88 | ## 接著就可以進行需要使用健保卡的服務 89 | 90 | * 健保卡註冊:[https://cloudicweb.nhi.gov.tw/cloudic/system/mlogin.aspx](https://cloudicweb.nhi.gov.tw/cloudic/system/mlogin.aspx) 91 | * 個人綜合所得稅申報:[https://efile.tax.nat.gov.tw/irxw/index.jsp](https://efile.tax.nat.gov.tw/irxw/index.jsp) 92 | * 健保個人資料、欠費查詢:[https://eservice.nhi.gov.tw/Personal1/System/mLogin.aspx](https://eservice.nhi.gov.tw/Personal1/System/mLogin.aspx) 93 | * 健康存摺:[https://myhealthbank.nhi.gov.tw/IHKE0002/IHKE0002S01.aspx](https://myhealthbank.nhi.gov.tw/IHKE0002/IHKE0002S01.aspx) 94 | 95 | ## 用完之後可以清理一下 96 | 97 | * 把 `docker-compose up` 停掉 98 | * 刪除 container:`docker-compose rm` 99 | * 刪除 docker image:`docker rmi mlnhiicc` 100 | * 把 `/etc/hosts` 恢復原狀 101 | * 停止 pcscd: `systemctl stop pcscd` 102 | 103 | ## References 104 | 105 | * 健保卡網路服務註冊-環境說明: [https://cloudicweb.nhi.gov.tw/cloudic/system/SMC/mEventesting.htm](https://cloudicweb.nhi.gov.tw/cloudic/system/SMC/mEventesting.htm) 106 | * 財政部電子申報繳稅服務網:[https://tax.nat.gov.tw/alltax.html?id=1](https://tax.nat.gov.tw/alltax.html?id=1) -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | services: 3 | mlnhiicc: 4 | image: mlnhiicc 5 | build: . 6 | volumes: 7 | - "/run/pcscd:/var/run/pcscd" 8 | ports: 9 | - "127.0.0.1:7777:7777" 10 | - "127.0.0.1:61161:61161" 11 | -------------------------------------------------------------------------------- /fake-sudo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$1" == "--" ]; then 4 | shift 5 | fi 6 | 7 | exec "$@" 8 | -------------------------------------------------------------------------------- /start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -x 3 | 4 | # Start RAC Plugin 5 | cd /usr/local/HiPKILocalSignServerApp && ./start.sh & 6 | 7 | # Start plugin for health insurance card 8 | /usr/local/share/NHIICC/mLNHIICC 9 | 10 | tail -f /dev/null 11 | --------------------------------------------------------------------------------