harbor开启https

1. 生成证书

mkdir -p /data/cert
cd /data/cert
#生成CA的key
openssl genrsa -out ca.key 4096
#生成CA的crt
openssl req -x509 -new -nodes -sha512 -days 3650 \
    -subj "/C=CN/ST=Shanghai/L=Shanghai/O=greenshore/OU=devops/CN=harbor" \
    -key ca.key \
    -out ca.crt
#生成自己域名的key
openssl genrsa -out 101.71.88.53.key 4096
#生成自己域名的csr
openssl req -sha512 -new \
    -subj "/C=CN/ST=Shanghai/L=Shanghai/O=greenshore/OU=devops/CN=harbor" \
    -key 101.71.88.53.key \
    -out 101.71.88.53.csr 

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
IP=101.71.88.53
EOF

#通过之前准备好的v3.ext和csr生成crt
openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in 101.71.88.53.csr \
    -out 101.71.88.53.crt

#生成客户端
openssl x509 -inform PEM -in 101.71.88.53.crt -out 101.71.88.53.cert

2. 给harbor配置证书
   修改harbor.yml文件

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /data/cert/101.71.88.53.crt
  private_key: /data/cert/101.71.88.53.key

让配置重新生效

./install.sh

3. 给客户端配置公钥
   centos7配置方法

#复制证书文件
cp 101.71.88.53.cert /etc/pki/ca-trust/source/anchors
cp 101.71.88.53.key /etc/pki/ca-trust/source/anchors
cp ca.crt /etc/pki/ca-trust/source/anchors
#更新证书
update-ca-trust
#重启docker
service docker restart

windows配置方法

• 通过证书管理工具（mmc），导入ca.crt和101.71.88.53.crt两个证书到受信任的根证书颁发机构里面。
• 然后重启docker desktop

构建并推送镜像到私有仓库

docker login -u dev -p dev 101.71.88.53
docker build --target production-register -t cowork-reg:0.1 .
docker tag cowork-reg:0.1 101.71.88.53/cowork/reg:0.1
docker push 101.71.88.53/cowork/reg:0.1

harbor部署-ldap-开启https
centos安装指定版本docker或软件
Docker私有仓库Harbor部署与使用