实现Harbor https认证

时间 2019-11-06

标签实现 harbor https 认证繁體版

原文原文链接

简介：

实现harbor的https，用于数据加密传输，官方文档：https://github.com/vmware/harbor/blob/master/docs/configure_https.mdnode

部署架构：

用两台服务器，一台harbor服务器，一台业务服务器做为harbor的测试机linux

部署过程

在服务器自制证书

制做CA私钥和自签名CA证书git

[root@node1 ~]#mkdir mkdir -pv  /usr/local/src/harbor/certs/
[root@node1 ~]#cd mkdir -pv  /usr/local/src/harbor/certs/
[root@node1 certs]#openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key
[root@node1 cetrs]# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key  -subj "/CN=harbor.linux.com" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt

查看证书文件github

[root@node1 certs]#ll
总用量 8
-rw-r--r-- 1 root root 1107 7月  11 08:43 harbor-ca.crt
-rw-r--r-- 1 root root 1679 7月  11 08:42 harbor-ca.key

编辑harbor配置文件，添加证书redis

[root@node1 ~]#vim /usr/local/src/harbor/harbor.cfg 
21：customize_crt = on
24：ssl_cert =  /usr/local/src/harbor/certs/harbor-ca.crt
25：ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key 
28：secretkey_path = /usr/local/src/harbor/certs/

建立目录sql

[root@node1 ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[root@node1 ~]#cp /usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

启动harbordocker

[root@node1 harbor]#pwd
/usr/local/src/harbor
[root@node1 harbor]#docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting adminserver ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done

配置harbor测试机vim

[root@node2 ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[root@node2 ~]#scp 192.168.8.134:/usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

上传测试服务器

[root@node2 ~]#docker tag alpine:latest harbor.linux.com/kubernetes/alpine
[root@node2 ~]#docker push harbor.linux.com/kubernetes/alpine