五、配置https证书:
1、安装说明:
https://github.com/vmware/harbor/blob/master/docs/configure_https.md
2、在/home/ubuntu/harbor目录执行docker-compose down,停止并删除容器:
$ docker-compose down
3、本来想通过Let’s Encrypt官方的certbot脚本(certbot.eff.org)安装证书,但是脚本不能成功执行,估计是因为nginx是在容器里造成的,但是通过这个脚本自动安装了一些软件包。然后尝试通过git获取letsencrypt进行安装:
$ git clone https://github.com/letsencrypt/letsencrypt
4、进入letsencrypt目录,生成证书
$ cd letsencrypt
$ sudo ./letsencrypt-auto certonly --standalone --email username@mailserver.com -d docker.MySite.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for docker.MySite.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/docker.MySite.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/docker.MySite.com/privkey.pem
Your cert will expire on 2018-05-15. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew *all* of your
certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
5、证书过期日期为2018-05-15,生成的证书文件位于/etc/letsencrypt/live/docker.MySite.com/文件夹(链接文件):
$ sudo ls /etc/letsencrypt/live/docker.MySite.com/ -l
lrwxrwxrwx 1 root root 40 Feb 14 23:30 cert.pem -> ../../archive/docker.MySite.com/cert1.pem
lrwxrwxrwx 1 root root 41 Feb 14 23:30 chain.pem -> ../../archive/docker.MySite.com/chain1.pem
lrwxrwxrwx 1 root root 45 Feb 14 23:30 fullchain.pem -> ../../archive/docker.MySite.com/fullchain1.pem
lrwxrwxrwx 1 root root 43 Feb 14 23:30 privkey.pem -> ../../archive/docker.MySite.com/privkey1.pem
-rw-r--r-- 1 root root 543 Feb 14 23:30 README
cert.pem - 服务端证书
chain.pem - 浏览器需要的所有证书但不包括服务端证书,比如根证书和中间证书
fullchain.pem - 包括了cert.pem和chain.pem的内容
privkey.pem - 证书的私钥
6、新建目录letsencrypt,并将证书文件拷贝到该目录:
$ mkdir /home/ubuntu/harbor/letsencrypt/ && cd /home/ubuntu/harbor/letsencrypt/
$ sudo cp /etc/letsencrypt/archive/docker.MySite.com/fullchain1.pem docker.MySite.com.crt
$ sudo cp /etc/letsencrypt/archive/docker.MySite.com/privkey1.pem docker.MySite.com.key
7、修改/home/ubuntu/harbor/harbor.cfg配置文件:
#设置ui_url_protocol为https
ui_url_protocol = https
#设置证书文件
ssl_cert = /home/ubuntu/harbor/letsencrypt/docker.MySite.com.crt
ssl_cert_key = /home/ubuntu/harbor/letsencrypt/docker.MySite.com.key
8、用root权限执行一次prepare脚本,并启动docker重建容器:
$ sudo /home/ubuntu/harbor/prepare
$ docker-compose up -d
六、上传镜像:
1、用浏览器打开 ,用普通用户账号登录,并新建一个项目“test”:
2、在客户端登录docker.MySite.com:
$ docker login docker.MySite.com
Username: bytefish
Password: 密码
Login Succeeded
3、将客户端的镜像打tag,然后上传到docker.MySite.com:
格式:
docker tag SOURCE_IMAGE[:TAG] docker.MySite.com/项目名称/IMAGE[:TAG]
docker push docker.MySite.com/项目名称/IMAGE[:TAG]
示例:
$ docker tag hello-world:latest docker.MySite.com/test/hello-world:test
$ docker push docker.MySite.com/test/hello-world:test
The push refers to a repository [docker.MySite.com/test/hello-world]
f999ae22f308: Mounted from library/hello-world
test: digest: sha256:0b1396cdcea05f91f38fc7f5aecd58ccf19fb5743bbb79cff5eb3c747b36d909 size: 524
更多Docker相关教程见以下内容:
在 Linux 上安装和使用 Docker https://www.linuxidc.com/Linux/2018-02/150949.htm