实现Harbor https认证

Posted 2022-04-15

简介：

实现harbor的https，用于数据加密传输，官方文档：https://github.com/vmware/harbor/blob/master/docs/configure_https.md

部署架构：

用两台服务器，一台harbor服务器，一台业务服务器作为harbor的测试机

部署过程

在服务器自制证书

制作CA私钥和自签名CA证书

[[email protected] ~]#mkdir mkdir -pv  /usr/local/src/harbor/certs/
[[email protected] ~]#cd mkdir -pv  /usr/local/src/harbor/certs/
[[email protected] certs]#openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key
[[email protected] cetrs]# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key  -subj "/CN=harbor.linux.com" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt

查看证书文件

[[email protected] certs]#ll
总用量 8
-rw-r--r-- 1 root root 1107 7月  11 08:43 harbor-ca.crt
-rw-r--r-- 1 root root 1679 7月  11 08:42 harbor-ca.key

编辑harbor配置文件，添加证书

[[email protected] ~]#vim /usr/local/src/harbor/harbor.cfg 
21：customize_crt = on
24：ssl_cert =  /usr/local/src/harbor/certs/harbor-ca.crt
25：ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key 
28：secretkey_path = /usr/local/src/harbor/certs/

创建目录

[[email protected] ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[[email protected] ~]#cp /usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

启动harbor

[[email protected] harbor]#pwd
/usr/local/src/harbor
[[email protected] harbor]#docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting adminserver ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done

配置harbor测试机

[[email protected] ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[[email protected] ~]#scp 192.168.8.134:/usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

上传测试

[[email protected] ~]#docker tag alpine:latest harbor.linux.com/kubernetes/alpine
[[email protected] ~]#docker push harbor.linux.com/kubernetes/alpine