需求:使用 Nginx(配置ssl證書) 轉發到后端 Harbor
這里使用虛擬機,IP為 172.16.16.109,事先安裝好 docker 和 docker-compose
部署 Harbor
# 可以在 https://github.com/goharbor/harbor/releases 頁面找到最新的版本
mkdir -p /data/software && cd /data/software
# 下載版本到該目錄下
tar zxvf harbor-offline-installer-v2.4.1.tgz
mkdir /data/docker-compose/
mv harbor /data/docker-compose
cd /data/docker-compose/harbor
# 配置, 修改 harbor.yml
cp harbor.yml.tmpl harbor.yml
vi harbor.yml
hostname: 172.16.16.109
port: 88
# 注釋 https 相關配置
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# 配置對應的 url,這里頂格
external_url: https://devharbor.xxx.com
# 配置數據存儲目錄
data_volume: /data/docker-compose/harbor/data
# 其他按需修改,特別需要注意格式問題
# 安裝啟動
./install.sh --with-chartmuseum --with-trivy
可以通過訪問 http://172.16.16.109:88/ 查看,登陸的需要通過 https,http 無法登陸
部署 nginx
yum install gcc gcc-c++ pcre pcre-devel openssl openssl-devel -y
useradd nginx -s /sbin/nologin -M
cd /data/software
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --user=nginx --group=nginx --prefix=/usr/local/nginx-1.20.1 --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module
make && make install
ln -s /usr/local/nginx-1.20.1 /usr/local/nginx
cd /usr/local/nginx/conf/
cat nginx.conf
worker_processes auto;
events {
worker_connections 1024;
use epoll;
}
http {
server_tokens off;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_comp_level 3;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 20m;
include ../conf.d/*.conf;
include ../conf.d/*/*.conf;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
mkdir -p /usr/local/nginx/{conf.d,cert}
# 把對應的證書上傳到 /usr/local/nginx/cert
cd /usr/local/nginx/conf.d
cat devharbor.xxx.com.conf
server {
listen 80;
listen 443 ssl;
server_name devharbor.xxx.com;
ssl_certificate ../cert/xxx.com/xxx.com.pem;
ssl_certificate_key ../cert/xxx.com/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 2049m;
location /
{
proxy_pass http://172.16.16.109:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 必須加入下面這個參數,不然 docker push 的時候會報 unauthorized: authentication required 錯誤
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# 啟動 nginx
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx
解析域名,進行測試
默認用戶名和密碼為:admin/Harbor12345
