【Configure HTTPS Access to Harbor】
vim /etc/hosts 127.0.0.1 capacity.com 192.168.10.66 capacity.com cd /data/cert/ openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=capacity.com" \ -key ca.key \ -out ca.crt openssl genrsa -out capacity.com.key 4096 openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=capacity.com" \ -key capacity.com.key \ -out capacity.com.csr cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=capacity.com DNS.2=capacity EOF openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in capacity.com.csr \ -out capacity.com.crt openssl x509 -inform PEM -in capacity.com.crt -out capacity.com.cert mkdir -p /etc/docker/certs.d/capacity.com/ cp capacity.com.cert /etc/docker/certs.d/capacity.com/ cp capacity.com.key /etc/docker/certs.d/capacity.com/ cp ca.crt /etc/docker/certs.d/capacity.com/ systemctl restart docker [root@centos66 harbor]# cd /data/cert/ [root@centos66 cert]# openssl genrsa -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ....................................................................++ .............................................................++ e is 65537 (0x10001) [root@centos66 cert]# openssl req -x509 -new -nodes -sha512 -days 3650 \ > -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=capacity.com" \ > -key ca.key \ > -out ca.crt [root@centos66 cert]# ll total 24 -rw-r--r-- 1 root root 2029 Sep 3 19:06 ca.crt -rw-r--r-- 1 root root 3247 Sep 3 19:05 ca.key -rw-r--r-- 1 root root 1814 Sep 3 18:40 capacity.com.crt -rw-r--r-- 1 root root 3268 Sep 3 18:40 capacity.com.key -rw-r--r-- 1 root root 17 Sep 3 18:40 ca.srl -rw-r--r-- 1 root root 1655 Sep 3 18:40 server.csr [root@centos66 cert]# openssl genrsa -out capacity.com.key 4096 Generating RSA private key, 4096 bit long modulus .............................................................................++ ............++ e is 65537 (0x10001) [root@centos66 cert]# openssl req -sha512 -new \ > -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=capacity.com" \ > -key capacity.com.key \ > -out capacity.com.csr [root@centos66 cert]# cat > v3.ext <<-EOF > authorityKeyIdentifier=keyid,issuer > basicConstraints=CA:FALSE > keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment > extendedKeyUsage = serverAuth > subjectAltName = @alt_names > > [alt_names] > DNS.1=capacity.com > DNS.2=capacity > EOF [root@centos66 cert]# openssl x509 -req -sha512 -days 3650 \ > -extfile v3.ext \ > -CA ca.crt -CAkey ca.key -CAcreateserial \ > -in capacity.com.csr \ > -out capacity.com.crt Signature ok subject=/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=capacity.com Getting CA Private Key [root@centos66 cert]# openssl x509 -inform PEM -in capacity.com.crt -out capacity.com.cert [root@centos66 cert]# mkdir -p /etc/docker/certs.d/capacity.com/ [root@centos66 cert]# cp capacity.com.cert /etc/docker/certs.d/capacity.com/ [root@centos66 cert]# cp capacity.com.key /etc/docker/certs.d/capacity.com/ [root@centos66 cert]# cp ca.crt /etc/docker/certs.d/capacity.com/ [root@centos66 cert]# systemctl restart docker [root@centos66 cert]#
