Docker-Harbor:配置证书,添加https认证
harbor
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
项目地址:https://gitcode.com/gh_mirrors/ha/harbor
免费下载资源
·
harbor配置证书,添加https认证
上一篇文章分享了如何跳过仓库的安全认证,除此之外,我们也是可以通过自己生成证书来使用https的,当然也可以购买权威认证的证书,下面分享一下harbor如何配置证书,添加https认证。
如果之前已经登录了,先退出来并先停止harbor。
[root@kube-node-1 harbor]# docker logout reg.harbor.com:80
Removing login credentials for reg.harbor.com:80
[root@kube-node-1 harbor]# docker-compose stop
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping registry ... done
Stopping harbor-portal ... done
Stopping redis ... done
Stopping registryctl ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
创建证书
[root@kube-node-1 harbor]# mkdir harbor-cert
[root@kube-node-1 harbor]# cd harbor-cert/
[root@kube-node-1 harbor-cert]# pwd
/opt/harbor/harbor-cert
[root@kube-node-1 harbor-cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout test-harbor.com.key -x509 -days 365 -out test-harbor.com.crt
Generating a 4096 bit RSA private key
................................................................................................................................................................................++
...........................................................................................................++
writing new private key to 'test-harbor.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:xx
Locality Name (eg, city) [Default City]:yy
Organization Name (eg, company) [Default Company Ltd]:SMART
Organizational Unit Name (eg, section) []:OPERATION
Common Name (eg, your name or your server's hostname) []:reg.harbor.com
Email Address []:123@qq.com
修改harbor.yml文件
重新执行脚本
[root@kube-node-1 harbor]# ./prepare
[root@kube-node-1 harbor]# ./install.sh
启动成功后,谷歌浏览器访问就会弹出风险提示
docker重新登录
[root@kube-node-2 reg.test.com]# docker login reg.harbor.com
Username: admin
Password:
Error response from daemon: Get https://reg.harbor.com/v2/: x509: certificate signed by unknown authority
提示证书不是权威机构发布
此时我们还是要修改docker的启动参数
注意:如果有看我上一篇文章的朋友,配置这里时注意不要用=号
重启docker后登录成功
[root@kube-node-1 harbor]# systemctl daemon-reload
[root@kube-node-1 harbor]# systemctl restart docker
[root@kube-node-1 harbor]# docker login reg.harbor.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
提示:如果其他节点的docker要登录harbor,也需要在启动项添加以上参数。
GitHub 加速计划 / ha / harbor
23.24 K
4.68 K
下载
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
最近提交(Master分支:2 个月前 )
9e55afbb
pull image from registry.goharbor.io instead of dockerhub
Update testcase to support Docker Image Can Be Pulled With Credential
Change gitlab project name when user changed.
Update permissions count and permission count total
Change webhook_endpoint_ui
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com> 2 天前
3dbfd422
Signed-off-by: wang yan <wangyan@vmware.com> 3 天前
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)