harbor Configuring Harbor with HTTPS Access

首先,下载fq (fanqiang) harbor-offline-installer-v1.2.0-rc5.tgz           

 tar xvf harbor-offline-installer-<version>.tgz

本文参考(https://github.com/vmware/harbor/blob/master/docs/configure_https.md )

  1. Create your own CA certificate:
  openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
    -x509 -days 365 -out ca.crt
  1. Generate a Certificate Signing Request:

If you use FQDN like reg.yourdomain.com to connect your registry host, then you must use reg.yourdomain.com as CN (Common Name). Otherwise, if you use IP address to connect your registry host, CN can be anything like your name and so on:

  openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
    -out yourdomain.com.csr
  1. Generate the certificate of your registry host:

If you're using IP, say 10.1.1.5 to connect your registry host, you may instead run the command below:

  echo subjectAltName = IP:10.1.1.50 > extfile.cnf

  openssl x509 -req -days 365 -in 10.1.1.5.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 10.1.1.50.com
.crt

Configuration and Installation

After obtaining the yourdomain.com.crt and yourdomain.com.key files, you can put them into directory such as/root/cert/:

  cp 10.1.1.50.crt /root/cert/
  cp 10.1.1.50.key /root/cert/

Next, edit the file make/harbor.cfg , update the hostname and the protocol, and update the attributes ssl_cert andssl_cert_key:

  #set hostname
  hostname = 10.1.1.50
  #set ui_url_protocol
  ui_url_protocol = https
  ......
  #The path of cert and key files for nginx, they are applied only the protocol is set to https 
  ssl_cert = /root/cert/10.1.1.50.crt
  ssl_cert_key = /root/cert/10.1.1.50.key

Generate configuration files for Harbor:

  ./prepare

Finally, restart Harbor:

  docker-compose up -d


After setting up HTTPS for Harbor, you can verify it by the following steps:

  1. Open a browser and enter the address: https://10.1.1.50 . It should display the user interface of Harbor.

docker login reg.yourdomain.com
(admin/Harbor12345) --succeed

Troubleshooting

You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:

 

[

自签CA证书:
cd /etc/pki/CA
touch index.txt
echo 01 > serial
openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048
chmod 600 private/cakey.pem
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem

 

cd /etc/docker/certs.d/
 mkdir 10.1.1.50
cd 10.1.1.50/
cp /etc/pki/CA/cacert.pem ./
 cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt

systemctl restart docker

docker-compose stop
docker-compose up -d
 docker-compose ps

]
posted @   littlevigra  阅读(225)  评论(0编辑  收藏  举报
编辑推荐:
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
阅读排行:
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 如何调用 DeepSeek 的自然语言处理 API 接口并集成到在线客服系统
· 【译】Visual Studio 中新的强大生产力特性
· 2025年我用 Compose 写了一个 Todo App
点击右上角即可分享
微信分享提示
SQL AI 助手