需求:使用 Nginx(配置ssl证书) 转发到后端 Harbor
这里使用虚拟机,IP为 172.16.16.109,事先安装好 docker 和 docker-compose
部署 Harbor
# 可以在 https://github.com/goharbor/harbor/releases 页面找到最新的版本
mkdir -p /data/software && cd /data/software
# 下载版本到该目录下
tar zxvf harbor-offline-installer-v2.4.1.tgz
mkdir /data/docker-compose/
mv harbor /data/docker-compose
cd /data/docker-compose/harbor
# 配置, 修改 harbor.yml
cp harbor.yml.tmpl harbor.yml
vi harbor.yml
hostname: 172.16.16.109
port: 88
# 注释 https 相关配置
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# 配置对应的 url
external_url: https://devharbor.xxx.com
# 配置数据存储目录
data_volume: /data/docker-compose/harbor/data
# 其他按需修改,特别需要注意格式问题
# 安装启动
./install.sh --with-chartmuseum --with-trivy
可以通过访问 http://172.16.16.109:88/ 查看
部署 nginx
yum install gcc gcc-c++ pcre pcre-devel openssl openssl-devel -y
useradd nginx -s /sbin/nologin -M
cd /data/software
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --user=nginx --group=nginx --prefix=/usr/local/nginx-1.20.1 --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module
make && make install
ln -s /usr/local/nginx-1.20.1 /usr/local/nginx
cd /usr/local/nginx/conf/
cat nginx.conf
worker_processes auto;
events {
worker_connections 1024;
use epoll;
}
http {
server_tokens off;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_comp_level 3;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 20m;
include ../conf.d/*.conf;
include ../conf.d/*/*.conf;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
mkdir -p /usr/local/nginx/{conf.d,cert}
# 把对应的证书上传到 /usr/local/nginx/cert
cd /usr/local/nginx/conf.d
cat devharbor.xxx.com.conf
server {
listen 80;
listen 443 ssl;
server_name devharbor.xxx.com;
ssl_certificate ../cert/xxx.com/xxx.com.pem;
ssl_certificate_key ../cert/xxx.com/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 2049m;
location /
{
proxy_pass http://172.16.16.109:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 必须加入下面这个参数,不然 docker push 的时候会报 unauthorized: authentication required 错误
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# 启动 nginx
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx
解析域名,进行测试
默认用户名和密码为:admin/Harbor12345
