阿里云CLB代理https转发到harbor

阿里云CLB代理https转发到harbor

背景

原来的harbor仓库和业务应用在同一台机器上,且没有域名。

现在需要迁移到一台单独机器上并配置域名。

迁移harbor

#原来的harbor在启动时就做了数据备份,先把数据copy到新机器上

scp -r /data/harbor 192.168.1.10:/data/harbor

#拷贝原harbor安装文件(其实不拷应该也没问题,但是很多配置相同这里懒得改了)

scp -r /usr/local/harbor  192.168.1.10:/usr/local/harbor

#登录新机器
ssh 192.168.1.10

cd /usr/local/harbor
#修改配置文件
vim harbor.yml
...
hostname: harbor.test  #域名

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 10081 #对外暴露的端口

#因为本次使用SLB代理https证书,所以harbor的https配置不再需要
# https related config
#https:
  # https port for harbor, default is 443
  #  port: 10082
  # The path of cert and key files for nginx
  #  certificate: /usr/local/harbor/SSL/harbor.test.pem
  # private_key: /usr/local/harbor/SSL/harbor.test.key

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
external_url: https://harbor.test   #这里改成你实际访问harbor的地址

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 100
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 1024 for postgres of harbor.
  max_open_conns: 900

# The default data volume
data_volume: /data/harbor #数据目录
...

#生成文件
sh prepare 

#安装harbor
sh install.sh

另一种方法迁移,暂未验证

现在新的服务器上启动好harbor仓库,然后通过脚本把镜像逐个推到新仓库

#在服务器上配置好两个私有仓库地址
[root@spark1 ~]# cat /etc/docker/daemon.json 
{
  "insecure-registries": ["10.1.119.12","172.10.10.xx"],     (这里为old与new的Harbor仓库服务器地址)
  "registry-mirrors": [
       "https://kuamavit.mirror.aliyuncs.com", "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn"
    ]
}

#登录俩仓库
docker login http://172.10.10.xx

#获取需要迁移的仓库名
curl -X GET --header 'Accept: application/json' 'http://10.1.119.12/api/search?q=项目名称' 

#迁移镜像脚本
#!/bin/bash
 
URL="http://10.1.119.12"
IP="10.1.119.12"
USER="admin"
PASS="Harbor12345"
targetIP="172.10.10.xx"
REPOS=$(curl -s -X GET --header 'Accept: application/json' "${URL}/api/repositories?project_id=45"|grep "name"|awk -F '"' '{print $4}')
for rp in ${REPOS}
do
  TAGS=$(curl -s -X GET --header 'Accept: application/json' "${URL}/api/repositories/${rp}/tags"|grep \"name\"|awk -F '"' '{print $4}'|sort -r)
  a=$(echo ${rp}|awk -F "/" '{print $2}')
    for t in ${TAGS}
    do
        docker pull ${IP}"/"${rp}":"${t} 
        docker tag ${IP}"/"${rp}":"${t} ${targetIP}"/"${rp}":"${t}
        docker rmi ${IP}"/"${rp}":"${t}
        docker push ${targetIP}"/"${rp}":"${t}
    done
    echo "===================="
done


阿里云CLB操作

1.添加子域名解析

记录值为CLB的ip地址

image

2.添加CLB转发

https转发

image

!!! 配置高级转发规则,一定要配置不然会报错502

检查的域名是在harbor配置文件写的域名

image

数据备份


#粗略备份脚本,缺少通知

#!/bin/bash
date;
echo "###############开始增量备份################"
rsync -avzp --delete /data/harbor /ali-data/harbor-bak

echo "###############结束备份###################"


#备份策略 根据需求调整
0 0 * * * /usr/local/back/harbor_bak.sh >> /usr/local/back/harbor_bak.log

FAQ

1.push镜像到私有仓库出现unknown blob

The push refers to repository [hub.kingboyworld.com/town-test/config]
b148c16cffe6: Pushing [==================================================>]   25.2MB/25.2MB
148268bf14be: Layer already exists 
6a47dae912f7: Layer already exists 
00439e7d6354: Layer already exists 
a1a8b7f7efac: Layer already exists 
341d865c1c22: Layer already exists 
61c06e07759a: Layer already exists 
bcbe43405751: Layer already exists 
e1df5dc88d2c: Layer already exists 
unknown blob


##解决方法
#修改nginx配置文件
cd /usr/local/harbor/common/config/nginx
vim nginx.config
#把配置文件中所有的proxy_set_header X-Forwarded-Proto $x_forwarded_proto 替换为proxy_set_header X-Forwarded-Proto https
...
#proxy_set_header X-Forwarded-Proto $x_forwarded_proto;  
proxy_set_header X-Forwarded-Proto https;
...
posted @ 2022-10-18 09:29  惊蛰2020  阅读(332)  评论(0编辑  收藏  举报