本文主要是介绍Harbor 配置https,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
停掉Harbor
···
docker-compose down -v
···
创建私人秘钥
openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 36500 -subj "/CN=k8stest.mmcc.com" -key ca.key -out ca.crtopenssl genrsa -out k8stest.mmcc.com.key 4096openssl req -sha512 -new -subj "/CN=k8stest.mmcc.com" -key k8stest.mmcc.com.key -out k8stest.mmcc.com.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=k8stest.mmcc.com
EOFopenssl x509 -req -sha512 -days 36500 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in k8stest.mmcc.com.csr -out k8stest.mmcc.com.crt
mkdir -p /data/cert/
scp k8stest.mmcc.com.crt /data/cert/
scp k8stest.mmcc.com.key /data/cert/
openssl x509 -inform PEM -in k8stest.mmcc.com.crt -out k8stest.mmcc.com.certmkdir -p /etc/docker/certs.d/k8stest.mmcc.com/scp k8stest.mmcc.com.cert /etc/docker/certs.d/k8stest.mmcc.com/
scp k8stest.mmcc.com.key /etc/docker/certs.d/k8stest.mmcc.com/
scp ca.crt /etc/docker/certs.d/k8stest.mmcc.com/
修改/etc/docker/daemon.json文件添加"insecure-registries" : [“https://k8stest.mmcc.com”]
将秘钥 k8stest.mmcc.com.crt 拷贝到客户端
重启Docker
systemctl daemon-reloadsystemctl restart docker
启动Harbor
./preparedocker-compose up -d
这篇关于Harbor 配置https的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!