基本搭建
修改非标准端口
整个流程需要掌握以下几个:
- nginx 的反向代理(proxy)
- docker-compose 配置知识
- yml 语法
- docker 基本操作
http请求问题 2种解决方案
1、nginx配置ssl证书 (没有实际操作,大概以下几个步骤)
1) 申请域名和免费ssl证书 腾讯云
2) nginx 配置域名和证书
listen 443 ssl;
server_name abc.cn;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /sslcrt/abc/Nginx/1_abc.cn_bundle.crt;
ssl_certificate_key /sslcrt/abc/Nginx/2_abc.cn.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
3) nginx 反向代理到 registry:5000
upstream registry {
server registry:5000
}
-----------------------------------------------
location / {
proxy_pass http://registry;
}
方法一、https实现
- 准备相关域名和ssl证书各一份
- 修改 harbor.cfg
- 第7行
hostname = you.example.com
- 第23行
ssl_cert = /home/sslcrt/d/Nginx/1_you.example.com_bundle.crt
- 第24行
ssl_cert_key = /home/sslcrt/d/Nginx/2_you.example.com.key
- 执行shell脚本
./install.sh
其他的 harbor 都为我们做好了
## Configuration file of Harbor
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version = 1.5.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = you.example.com
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https
#Maximum number of job workers in job service
max_job_workers = 50
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off the default key/cert will be used.
#This flag also controls the creation of the notary signer's cert.
customize_crt = on
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /home/sslcrt/d/Nginx/1_you.example.com_bundle.crt
ssl_cert_key = /home/sslcrt/d/Nginx/2_you.example.com.key
...
方法二、非https 更改配置,如下 (centos7.2)
//step1
vi /etc/docker/daemon.json
//step2
json中加入
"insecure-registries":["189.189.189.189:3000"]
//step3
systemctl restart docker
若看到
docker login 189.189.189.189:3000
Username: admin
Password:
Login Succeeded
恭喜!