本节主要是把nginx 反向代理设置为https ,但后端还是http的。见图:
nginx的配置文件,在笔记三中添加一节如下:
# HTTPS
server {
listen 443 ssl;
listen [::]:443 ssl;
#访问的域名
server_name hubproxy.xxx.com;
#ssl 证书配置
ssl_certificate "/opt/nginx/cert/xxx.com.pem";
ssl_certificate_key "/opt/nginx/cert/xxx.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 2000m;
location / {
proxy_pass http://hub.xxx.com:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /v1/ {
return 404;
}
location /v2/ {
proxy_pass http://hub.xxx.com:5000/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {
proxy_pass http://hub.xxx.com:5000/service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
}
重启nginx后使和https://hubproxy.xxx.com访问。
访问如下:
测试PUSH。
docker commit -m "test2" fshjdk hubproxy.xxx.com:443/httpspush/jdk443:1.0
1.修改/etc/docker/daemon.json
{
"registry-mirrors": ["https://v5e3e45v.mirror.aliyuncs.com"],
"insecure-registries": ["4x.xx.xx.4x:5000","hub.xx.com:5000","hubproxy.xx.com:31923","hubproxy.xx.com"]
}
2.修改后重启docker
systemctl restart docker
3.重新启动harbor
docker-compose down -v
docker-compose up -d
4.进行push
可一直一直报错。。。。
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx/1.17.2</center>\r\n</body>\r\n</html>
Get https://hubproxy.xxx.com:443/v2/: http: server gave HTTP response to HTTPS client
从错误中,可以知道V2这个被强制转为https处理,但因私有的harbor并没有开启https访问。所以。。。。。好吧,这种方式先放一下吧,暂时找不到解决方案。记下先。下一笔记直接上harbor的https先。