harbor开启https
- 生成证书
mkdir -p /data/cert
cd /data/cert
#生成CA的key
openssl genrsa -out ca.key 4096
#生成CA的crt
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=greenshore/OU=devops/CN=harbor" \
-key ca.key \
-out ca.crt
#生成自己域名的key
openssl genrsa -out 101.71.88.53.key 4096
#生成自己域名的csr
openssl req -sha512 -new \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=greenshore/OU=devops/CN=harbor" \
-key 101.71.88.53.key \
-out 101.71.88.53.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
IP=101.71.88.53
EOF
#通过之前准备好的v3.ext和csr生成crt
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in 101.71.88.53.csr \
-out 101.71.88.53.crt
#生成客户端
openssl x509 -inform PEM -in 101.71.88.53.crt -out 101.71.88.53.cert
- 给harbor配置证书
修改harbor.yml文件
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/101.71.88.53.crt
private_key: /data/cert/101.71.88.53.key
让配置重新生效
./install.sh
- 给客户端配置公钥
centos7配置方法
#复制证书文件
cp 101.71.88.53.cert /etc/pki/ca-trust/source/anchors
cp 101.71.88.53.key /etc/pki/ca-trust/source/anchors
cp ca.crt /etc/pki/ca-trust/source/anchors
#更新证书
update-ca-trust
#重启docker
service docker restart
windows配置方法
- 通过证书管理工具(mmc),导入ca.crt和101.71.88.53.crt两个证书到受信任的根证书颁发机构里面。
- 然后重启docker desktop
构建并推送镜像到私有仓库
docker login -u dev -p dev 101.71.88.53
docker build --target production-register -t cowork-reg:0.1 .
docker tag cowork-reg:0.1 101.71.88.53/cowork/reg:0.1
docker push 101.71.88.53/cowork/reg:0.1
harbor部署-ldap-开启https
centos安装指定版本docker或软件
Docker私有仓库Harbor部署与使用
网友评论