harbor配置证书，添加https认证

上一篇文章分享了如何跳过仓库的安全认证，除此之外，我们也是可以通过自己生成证书来使用https的，当然也可以购买权威认证的证书，下面分享一下harbor如何配置证书，添加https认证。
如果之前已经登录了，先退出来并先停止harbor。

[root@kube-node-1 harbor]# docker logout reg.harbor.com:80
Removing login credentials for reg.harbor.com:80
[root@kube-node-1 harbor]# docker-compose stop
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping registry          ... done
Stopping harbor-portal     ... done
Stopping redis             ... done
Stopping registryctl       ... done
Stopping harbor-db         ... done
Stopping harbor-log        ... done

创建证书

[root@kube-node-1 harbor]# mkdir harbor-cert
[root@kube-node-1 harbor]# cd harbor-cert/
[root@kube-node-1 harbor-cert]# pwd
/opt/harbor/harbor-cert
[root@kube-node-1 harbor-cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout test-harbor.com.key -x509 -days 365 -out test-harbor.com.crt
Generating a 4096 bit RSA private key
................................................................................................................................................................................++
...........................................................................................................++
writing new private key to 'test-harbor.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:xx
Locality Name (eg, city) [Default City]:yy
Organization Name (eg, company) [Default Company Ltd]:SMART
Organizational Unit Name (eg, section) []:OPERATION
Common Name (eg, your name or your server's hostname) []:reg.harbor.com
Email Address []:123@qq.com

修改harbor.yml文件

重新执行脚本

[root@kube-node-1 harbor]# ./prepare
[root@kube-node-1 harbor]# ./install.sh

启动成功后，谷歌浏览器访问就会弹出风险提示

docker重新登录

[root@kube-node-2 reg.test.com]# docker login reg.harbor.com
Username: admin
Password:
Error response from daemon: Get https://reg.harbor.com/v2/: x509: certificate signed by unknown authority

提示证书不是权威机构发布
此时我们还是要修改docker的启动参数

注意：如果有看我上一篇文章的朋友，配置这里时注意不要用=号

重启docker后登录成功

[root@kube-node-1 harbor]# systemctl daemon-reload
[root@kube-node-1 harbor]# systemctl restart docker
[root@kube-node-1 harbor]# docker login reg.harbor.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

提示：如果其他节点的docker要登录harbor，也需要在启动项添加以上参数。