重要提醒:使用的是域名形式访问Harbor。通过https://harbor.top访问网址。
1、首先在自己windows电脑
“此磁盘C->Windows->System32->drivers->etc”
修改hosts文件 添加“ip harbor.top”例如:“172.33.33.33 harbor.top”
2、进入内网服务器 172.33.33.33
修改
vi /etc/hosts
172.33.33.33 harbor.top
1、生成证书
harbor文件在/root/harbor/
然后再次文件夹下创建mkdir cert文件夹
cd cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Shanghai/O=dev/OU=IT/CN=harbor.top" -key ca.key -out ca.crt
openssl genrsa -out harbor.key 4096
openssl req -new -sha512 -subj "/C=CN/ST=Shanghai/O=dev/OU=IT/CN=harbor.top" -key harbor.key -out harbor.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.top
EOF
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.csr -out harbor.crt
会生成 ca.crt ca.key ca.srl harbor.crt harbor.csr harbor.key v3.ext
接下来将客户端的证书复制到docker文件夹下
mkdir -p /etc/docker/certs.d/harbor.top/
scp harbor.crt 172.33.33.33:/etc/docker/certs.d/harbor.top/
2、配置安装HTTPS证书
cd /root/harbor/
vi harbor.yml
修改harbor.yml文件
hostname: harbor.top
https:
port: 443
certificate: /root/harbor/harbor.crt
private_key: /root/harbor/harbor.key
进入harbor文件,重新编译启动harbor
cd /root/harbor/
./prepare
./install.sh
3、docker
修改docker.service
vim /lib/systemd/system/docker.service
修改ExecStart 内容
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry
4、登录
172.33.33.33
docker login harbor.top
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4、常见问题
1、在https双向验证时出现错误:文章来源:https://www.toymoban.com/news/detail-641579.html
x509: cannot validate certificate for 172.33.33.33 because it doesn't contain any IP SANs
这个问题是:
(1)harbor.yml里面配置的hostname 是IP地址。
(2)登录的时候使用的是 docker login 172.33.33.33方式登录
网上参考的解决方式:
https://blog.csdn.net/qq_35078688/article/details/124945817
该方式不好解决。建议按照文章。按照文章方式。文章来源地址https://www.toymoban.com/news/detail-641579.html
到了这里,关于Harbor内网离线安装使用HTTPS访问的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!