centos7安装harbor带ssl
Posted hao-guo
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos7安装harbor带ssl相关的知识,希望对你有一定的参考价值。
1、安装依赖 yum install ebtables ethtool iproute iptables socat util-linux wget openssl-devel -y
2、安装 docker-compose yum install epel-release -y yum install python-pip -y pip install --upgrade pip curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose chmod a+x /usr/local/bin/docker-compose docker-compose --version 修改hosts文件 笔者以下使用的域名hub.domain.com,并不是实际注册的域名,而是通过修改Hosts文件指向了这个Harbor服务器的地址,你可以修改为自己需要的域名。 [root@harbor ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.43 hub.domain.com 创建为Harbor使用Https的CA证书 创建证书存放目录 [root@harbor ~]# mkdir -p /data/cert [root@harbor ~]# cd /data/cert/ 获得证书授权 [root@harbor cert]# openssl genrsa -out ca.key 4096 [root@harbor cert]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Guangzhou/L=Guangzhou/O=example/CN=hub.domain.com" -key ca.key -out ca.crt 获得证书服务器 # 创建私钥 [root@harbor cert]# openssl genrsa -out hub.domain.com.key 4096 # 生成证书签名 [root@harbor cert]# openssl req -sha512 -new -subj "/C=CN/ST=Guangzhou/L=Guangzhou/O=example/CN=hub.domain.com" -key hub.domain.com.key -out hub.domain.com.csr # 生成注册表主机的证书 [root@harbor cert]# cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=hub.domain.com DNS.2=hub.domain EOF [root@harbor cert]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in hub.domain.com.csr -out hub.domain.com.crt # 转换证书 [root@harbor cert]# openssl x509 -inform PEM -in hub.domain.com.crt -out hub.domain.com.cert 生成完之后的证书目录结构 [root@harbor cert]# tree . . ├── ca.crt ├── ca.key ├── ca.srl ├── hub.domain.com.cert ├── hub.domain.com.crt ├── hub.domain.com.csr ├── hub.domain.com.key └── v3.ext 0 directories, 8 files 安装及配置Harbor私有仓库 下载加解压离线安装版Harbor安装文件 [root@harbor cert]# cd .. [root@harbor data]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz [root@harbor data]# tar -xf harbor-offline-installer-v1.7.1.tgz [root@harbor data]# ls cert harbor harbor-offline-installer-v1.7.1.tgz 编辑harbor.cfg配置文件 [root@harbor data]# cd harbor.yml Edit the file harbor.yml, update the hostname and uncomment the https block, and update the attributes certificate and private_key: #set hostname hostname: yourdomain.com http: port: 80 https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /data/cert/yourdomain.com.crt private_key: /data/cert/yourdomain.com.key 为Harbor生成配置文件 [root@harbor harbor]# ./prepare 1 为Docker配置服务器证书,密钥和CA [root@harbor harbor]# mkdir -p /etc/docker/certs.d/hub.demian.com [root@harbor harbor]# cp hub.domain.com.cert /etc/docker/certs.d/hub.domain.com/ [root@harbor harbor]# cp hub.domain.com.key /etc/docker/certs.d/hub.domain.com/ [root@harbor harbor]# cp ca.crt /etc/docker/certs.d/hub.domain.com/ Edit the file harbor.yml, update the hostname and uncomment the https block, and update the attributes certificate and private_key: #set hostname hostname: yourdomain.com http: port: 80 https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /data/cert/yourdomain.com.crt private_key: /data/cert/yourdomain.com.key
以上是关于centos7安装harbor带ssl的主要内容,如果未能解决你的问题,请参考以下文章