Harbor安装配置(HTTPS)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Harbor安装配置(HTTPS)相关的知识,希望对你有一定的参考价值。
1、下载harbor
git clone https://github.com/vmware/harbor
2、安装docker、docker-compose
pip uninstall docker docker-py; pip install docker
pip install docker-compose
3、修改/data/harbor/make/harbor.cfg
hostname = registry.niudingfeng.com
ui_url_protocol = https
email_server = smtp.xiaoniu66.com
email_server_port = 25
email_username = [email protected]
email_password = xnkj94nb!
email_from = ndf.operate <[email protected]>
email_ssl = false
4、创建https证书
cd /data/harbor/cert
[[email protected] cert]# openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout /data/harbor/cert/server.key -out /data/harbor/cert/server.crt
Generating a 2048 bit RSA private key
...........................+++
.....................................................................................................................+++
writing new private key to ‘/data/harbor/cert/server.key‘
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server‘s hostname) []:registry-backup.niudingfeng.com
Email Address []:
5、生成配置文件
cd /data/harbor/make && ./prepare
6、复制docker-compose文件
cd /data/harbor/make && cp docker-compose.tpl docker-compose.yml
7、执行安装脚本
cd /data/harbor/make && ./install.sh
FQA:
1、登录时报错:Error response from daemon: Get https://registry.niudingfeng.com/v1/users/: x509: certificate signed by unknown authority
此种情况多发生在自签名的证书,报错含义是签发证书机构未经认证,无法识别。
chmod 644 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
cat /data/harbor/cert/server.crt >>/etc/pki/tls/certs/ca-bundle.crt
chmod 444 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
证书是docker的daemon需要用到的,重启docker服务:service docker restart
本文出自 “我的运维时光” 博客,请务必保留此出处http://aaronsa.blog.51cto.com/5157083/1897891
以上是关于Harbor安装配置(HTTPS)的主要内容,如果未能解决你的问题,请参考以下文章