docker 镜像仓库Harbor https访问
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker 镜像仓库Harbor https访问相关的知识,希望对你有一定的参考价值。
配置harbor的https
为什么要配置https?
因为后续你将镜像打包好放入到harbor仓库中,若是生产环境的镜像,会包含很多隐私的配置文件(db,redis等),需要用到https进行加密
参考文档:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
下载:https://github.com/goharbor/harbor/releases
下载:docker-compose
https://docs.docker.com/compose/install/#install-compose
配置如下
1、在harbor的目录中新建ssl目录,用来存放自签证书
[[email protected] harbor]# mkdir ssl
2、[[email protected] harbor]# cd ssl/
3、[[email protected] ssl]# openssl genrsa -out ca.key 4096
4、主要是这里的域名test.com 就是待会访问harbor的域名
[[email protected] ssl]# openssl req -x509 -new -nodes -sha512 -days 3650
-subj "/C=GZ/ST=Guangd/L=Taipei/O=example/OU=Personal/CN=test.com"
-key ca.key
-out ca.crt
5、[[email protected] ssl]# openssl genrsa -out test.com.key 4096
6、[[email protected] ssl]# openssl req -sha512 -new
-subj "/C=GZ/ST=Guangd/L=Taipei/O=example/OU=Personal/CN=test.com"
-key test.com.key
-out test.com.csr
7、[[email protected] ssl]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=test.com
DNS.2=test
DNS.3=hostname
EOF
8、[[email protected] ssl]# openssl x509 -req -sha512 -days 3650
-extfile v3.ext
-CA ca.crt -CAkey ca.key -CAcreateserial
-in test.com.csr
-out test.com.crt
9、修改配置文件
[[email protected] harbor]# vi harbor.cfg
hostname = test.com #这个就是你访问的地址
ui_url_protocol = https
ssl_cert = ./ssl/test.com.crt
ssl_cert_key = ./ssl/test.com.key
harbor_admin_password = 123456
10、重载配置文件
[[email protected] harbor]# ./prepare
11、安装,这个过程需要等5分钟
[[email protected] harbor]# ./install.sh
12、结果正常
13、绑定hosts,访问
docker拉取镜像验证:
1、[[email protected] ~]# vi /etc/docker/daemon.json
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],"insecure-registries":["https://test.com","192.168.1.13"]}
2、绑定hosts
3、重启docker
[[email protected] ~]# systemctl restart docker
4、[[email protected] ~]# docker login https://test.com
以上是关于docker 镜像仓库Harbor https访问的主要内容,如果未能解决你的问题,请参考以下文章