Home > Others

Harbor configuring Harbor with HTTPS Access

Source: Internet
Author: User
Tags openssl openssl x509
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First, download FQ (Fanqiang) harbor-offline-installer-v1.2.0-rc5.tgz

 tar xvf harbor-offline-installer-<version>.tgz

This article references (HTTPS://GITHUB.COM/VMWARE/HARBOR/BLOB/MASTER/DOCS/CONFIGURE_HTTPS.MD)

    1. Create your own CA certificate:
  openssl req     -newkey rsa:4096 -nodes -sha256 -keyout ca.key     -x509 -days 365 -out ca.crt

    1. Generate a Certificate Signing Request:

If you use the FQDN like reg.yourdomain.com to connect your registry host and then you must use Reg.yourdomain.com as CN (Common Name). Otherwise, if you use the IP address to connect your registry host, CN can is anything like your name and so on:

  openssl req     -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key     -out yourdomain.com.csr

    1. Generate the certificate of your Registry host:

If you ' re using IP, say 10.1.1.5 to connect your registry host, you may instead run the command below:

  echo subjectAltName = IP:10.1.1.50 > extfile.cnf  openssl x509 -req -days 365 -in 10.1.1.5.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 10.1.1.50.com.crt

Configuration and Installation

After obtaining the YOURDOMAIN.COM.CRT and Yourdomain.com.key files, you can put them into directory such as /root/cert/ :

  cp 10.1.1.50.crt /root/cert/

Next, edit the file make/harbor.cfg, update the hostname and the protocol, and update the attributes ssl_cert and ssl_cert_key :

  #set hostname  hostname = 10.1.1.50  #set ui_url_protocol  ui_url_protocol = https  ......  #The path of cert and key files for nginx, they are applied only the protocol is set to https   ssl_cert = /root/cert/10.1.1.50.crt  ssl_cert_key = /root/cert/10.1.1.50.key

Generate configuration files for Harbor:

  ./prepare

Finally, restart Harbor:

  docker-compose up -d


After setting up HTTPS for Harbor, you can verify it by the following steps:

    1. Open a browser and enter the address:https://10.1.1.50. It should display the user interface of Harbor.

docker login reg.yourdomain.com
(admin/Harbor12345) --succeed


Troubleshooting

You could get a intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve the below command:

[

Self-signed CA certificate:
Cd/etc/pki/ca
Touch Index.txt
echo > Serial
OpenSSL GENRSA-OUT/ETC/PKI/CA/PRIVATE/CAKEY.PEM 2048
chmod PRIVATE/CAKEY.PEM
OpenSSL req-new-x509-key/etc/pki/ca/private/cakey.pem-days 7300-out/etc/pki/ca/cacert.pem

cd/etc/docker/certs.d/
mkdir 10.1.1.50
CD 10.1.1.50/
Cp/etc/pki/ca/cacert.pem./
Cat/etc/pki/ca/cacert.pem >>/ETC/PKI/TLS/CERTS/CA-BUNDLE.CRT

Systemctl Restart Docker

Docker-compose stop
Docker-compose up-d
Docker-compose PS

]



Harbor configuring Harbor with HTTPS Access

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
https access paylocity com force https with htaccess using curl with https php replace http with https https 403 forbidden access is denied free https hosting with php support how to make website secure with https

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More