harbor域名证书一年一换,上传新证书,然后直接更改/opt/harbor/harbor.yml文件证书配置,重启服务:
cd /opt/harbor/
docker-compose down -v
docker-compose up -d
发现证书并没有更新。
检查docker-comoser.yml文件,参看nginx部分,发现做了持久化
root@harbor harbor]# vim docker-compose.yml
...
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.1.0
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- /harbor_data/secret/cert:/etc/cert:z //这里,缺省做了持久化
- /etc/hosts:/etc/hosts:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
ports:
- 80:8080
...
所以更新证书文件