Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Creation and use of harbor based on http and https

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

One http mode

The   harbor project is now hosted on github, where harbor v1.7.5 is demonstrated as an example.

   1 downloads the harbor binaries to the / usr/local/src directory

   2 unzips tar xvf harbor.v.1.7.5.tar

   3 enter into the decompressed harbor directory and modify the harbor.cfg file

1 # # Configuration file of Harbor 2 3 # This attribute is for migrator to detect the version of the. CFG file, DO NOT MODIFY! 4 _ version = 1.7.05 # The IP address or hostname to access admin UI and registry service. 6 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be access ed by external clients. 7 # DO NOT comment out this line, modify the value of "hostname" directl y, or the installation will fail. 8 hostname = 192.168.238.7 9 10 # The protocol for accessing the UI and token/notification service, by default it is http. 11 # It can be set to https if ssl is enabled on nginx. 12 ui_url_protocol = http 13 14 # Maximum number of job workers in job service 15 max_job_workers = 10... 58 email_server = smtp.mydomain.com 59 email_server_port = 25 60 email_username = sample_admin@mydomain.com 61 email_password = abc 62 email_from = admin 63 email_ssl = false 64 email_insecure = false 65 66 # # The initial password of Harbor admin, only works for the first time when Harbor starts. 67 # It has no effect after the first launch of Harbor. 68 # Change the admin password from UI after launching Harbor. 69 harbor_admin_password = 123456

   mainly modifies hostname and adminpasswd.

   4 view the install.sh file and the environment required to install harbor

#! / bin/bash#docker version: 1.11.2 # docker-compose version: 1.7.1 # Harbor version: 0.4.0

   this is the minimum version requirement. Docker can be installed step by step at Ali image station, but if you want to install the latest version of docker-compose, you need to download python-pip, a tool similar to yum or apt, and then install it using pip install docker-compose.

   5 runs the install.sh script to install, and the installation is complete

The uploaded image will be stored in the host docker/registry/v2/repositories/. The docker server that needs to upload and download the harbor image needs to add the trusted and unreliable image original vim / lib/systemd/system/docker.serviceExecStart=/usr/bin/dockerd-H fd://-- containerd=/run/containerd/containerd.sock-- insecure-registry 192.168.238.12 (harbor address) to the docker startup script. When restarting the harbor upload image, log in to the harbor server first.

Docker login 192.168.238.7

Enter the account number as admin password and the password configured in harbor.cfg to log in successfully, and then re-type tag for the created image, for example

Tag nginx:laste 192.168.238.7/NGINX/nginx:5.2

Among them, NGINX must have this project before you can upload it to the web page, open 192.168.238.7, enter the account password, and create a NGINX project.

Docker push 192.168.238.7/NGINX/nginx:5.2    2 implements highly available harbor

Create a new harbor service with      1 configuration as above

     2 adds the addresses of two harbor servers to the startup script of docker

     3 does the following on the web page of the main harbor server

Follow the prompts to add another harbor step by step

II. Https mode

  1 is deployed as http as above. You just don't have to add a trusted address to the startup script of docker

two。 Create a certs directory under the harbor installation directory

Mkdir certs

  3 generates a private key and a public key (note: the address of the public key should be the same as the hostname in harbor.cfg)

Openssl genrsa-out harbor-ca.key

Touch / root/.rnd

Openssl req-x509-new-nodes-key harbor-ca.key-subj "/ CN=harbor.magedu.net"-days 7120-out harbor-ca.crt

  4 modify harbor.cfg configuration file

1 # # Configuration file of Harbor 2 3 # This attribute is for migrator to detect the version of the. CFG file, DO NOT MODIFY! 4 _ version = 1.7.05 # The IP address or hostname to access admin UI and registry service. 6 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be access ed by external clients. 7 # DO NOT comment out this line, modify the value of "hostname" directl y, or the installation will fail. 8 hostname = harbor.magedu.net 9 10 # The protocol for accessing the UI and token/notification service, by default it is http. 11 # It can be set to https if ssl is enabled on nginx. 12 ui_url_protocol = https13 14 # Maximum number of job workers in job service 15 max_job_workers = 10 16 17 # Determine whether or not to generate certificate for the registry's token. 18 # If the value is on, the prepare script creates new root cert and pri vate key 19 # for generating token to access the registry. If the value is off the default key/cert will be used. 20 # This flag also controls the creation of the notary signer's cert. 21 customize_crt = on 22 23 # The path of cert and key files for nginx, they are applied only the protocol is set to https 24 ssl_cert = / usr/local/src/harbor/certs/harbor-ca.crt 25 ssl_cert_key = / usr/local/src/harbor/certs/harbor-ca.key 26 * 67 # It has no effect after the first launch of Harbor. 68 # Change the admin password from UI after launching Harbor. 69 harbor_admin_password = 123456 *

This domain name needs to have dns resolution or hosts file.

  5 ·docker client distributes public keys

Mkdir-p / etc/docker/certs.d/ (hostname in harbor.cfg)

Just copy the public key of harbor / etc/docker/certs.d/ (hostname in harbor.cfg) and restart docker.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report