为什么要配置https?
因为后续你将镜像打包好放入到harbor仓库中,若是生产环境的镜像,会包含很多隐私的配置文件(db,redis等),需要用到https进行加密
参考文档:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
下载:https://github.com/goharbor/harbor/releases
下载:docker-compose
https://docs.docker.com/compose/install/#install-compose
配置如下
1、在harbor的目录中新建ssl目录,用来存放自签证书
[root@docker harbor]# mkdir ssl
2、[root@docker harbor]# cd ssl/
3、[root@docker ssl]# openssl genrsa -out ca.key 4096
4、主要是这里的域名test.com 就是待会访问harbor的域名
[root@docker ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=GZ/ST=Guangd/L=Taipei/O=example/OU=Personal/CN=test.com" \
-key ca.key \
-out ca.crt
5、[root@docker ssl]# openssl genrsa -out test.com.key 4096
6、[root@docker ssl]# openssl req -sha512 -new \
-subj "/C=GZ/ST=Guangd/L=Taipei/O=example/OU=Personal/CN=test.com" \
-key test.com.key \
-out test.com.csr
7、[root@docker ssl]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=test.com
DNS.2=test
DNS.3=hostname
EOF
8、[root@docker ssl]# openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in test.com.csr \
-out test.com.crt
9、修改配置文件
[root@docker harbor]# vi harbor.cfg
hostname = test.com #这个就是你访问的地址
ui_url_protocol = https
ssl_cert = ./ssl/test.com.crt
ssl_cert_key = ./ssl/test.com.key
harbor_admin_password = 123456
10、重载配置文件
[root@docker harbor]# ./prepare
11、安装,这个过程需要等5分钟
[root@docker harbor]# ./install.sh 
12、结果正常
13、绑定hosts,访问
docker拉取镜像验证:
1、[root@docker ~]# vi /etc/docker/daemon.json
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],"insecure-registries":["https://test.com","192.168.1.13"]}
2、绑定hosts
3、重启docker
[root@docker ~]# systemctl restart docker
4、[root@docker ~]# docker login https://test.com
原文:http://blog.51cto.com/jacksoner/2334355