nginx配置
1.修改harbor配置文件
|
1 2 3 4 |
hostname: ycr.yyiuap.com http: port: 81 external_url: https://ycr.yyiuap.com |
2.nginx配置
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
upstream harbor { server x.x.x.246:81; } server { listen 81; server_name ycr.yyiuap.com; location / { proxy_pass http://harbor; client_max_body_size 0; proxy_connect_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 6 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } server { listen 443 ssl; listen [::]:443; server_name ycr.yyiuap.com; ssl_certificate /usr/local/nginx/conf/certs/ycr.yyiuap.com/ycr.yyiuap.com.cert; ssl_certificate_key /usr/local/nginx/conf/certs/ycr.yyiuap.com/ycr.yyiuap.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; client_max_body_size 0; chunked_transfer_encoding on; location /v2/ { proxy_pass http://harbor/v2/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } location / { proxy_pass http://harbor; client_max_body_size 0; proxy_connect_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 6 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect http:// $scheme://; } } |
另:
创建证书脚本:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
#!/bin/bash registry_url="ycr.yyiuap.com" # 生成使用的相关证书 openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=$registry_url" \ -key ca.key \ -out ca.crt openssl genrsa -out $registry_url.key 4096 openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=$registry_url" \ -key $registry_url.key \ -out $registry_url.csr cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=$registry_url DNS.2=reg.yyuap DNS.3=`hostname` EOF openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in $registry_url.csr \ -out $registry_url.crt openssl x509 -inform PEM -in $registry_url.crt -out $registry_url.cert mkdir -p /etc/docker/certs.d/$registry_url/ cp $registry_url.cert /etc/docker/certs.d/$registry_url/ cp $registry_url.key /etc/docker/certs.d/$registry_url/ cp ca.crt /etc/docker/certs.d/$registry_url/ #将证书加入系统级别信任 cp /etc/docker/certs.d/ca.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust extract systemctl daemon-reload && systemctl restart docker |
问题:
docker pull ycr.yyiuap.com/base/golang:alphine-node-3
Error response from daemon: received unexpected HTTP status: 503 Service Unavailable
解决:
去掉 http_proxy代理即可
参考:https://blog.csdn.net/oscarun/article/details/121395218
1、request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)错误:
[root@iZrj9j76z8dlull9vqa4tqZ ~]# docker pull harbor.xxx.cn:443/1-1/mytomcat:8.5.52
Error response from daemon: Head https://harbor.xxx.cn:443/v2/1-1/mytomcat/manifests/8.5.52: Get http://10.20.31.104:5000/service/token?scope=repository%3A1-1%2Fmytomcat%3Apull&service=harbor-registry: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
解决方案:修改harbor.yml配置文件,取消external_url注释,设置为:external_url: https://harbor.xxx.cn,注意https://harbor.xxx.cn后面不能写端口。
然后,docker-compose down停止所有服务,删除当前配置目录:rm -rf ./common/config下配置清单,重新执行install.sh生成配置,即可解决
2、dial tcp: lookup harbor.xxx.cn;: no such host错误:
解决方案:修改harbor.yml配置文件,hostname字段只写harbor.xxx.cn,域名前面不要写http/https协议。
3、Harbor重启失败,报ERROR: for harbor-portal Cannot start service portal: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused错误
解决方案:https://blog.csdn.net/qq_39680564/article/details/107237110
注意:只要修改了harbor.yml,要想让配置生效,需要删除当前配置目录:rm -rf ./common/config下配置清单,重新执行install.sh生成配置。
0 Comments