目的:
在harbor本机或者其他主机可以使用docker login +域名 直接连接harbor主机仓库,不用在使用IP地址连接。
环境介绍:
Harbor客户端:172.21.xxx.xxx harbor-images CentOS Linux release 7.6.1810 (Core) Docker 13.1.1 Docker compose 1.25.5 Harbor 1.5.0 Nginx客户端:172.21.ggg.ggg CentOS Linux release 7.6.1810 (Core) Docker 19.03.8 Docker compose 1.18.0
Harbor客户端修改:
1.修改/etc/hosts文件
[root@harbor harbor]# vim /etc/hosts ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 172.21.xxx.xxx iZ8vb4u5g0xxxxxxxxxx harbor-images //添加登录域名
2.修改harbor目录下harbor.cfg文件:
必须在harbor目录下运行,否则会报错。
[root@harbor ~]# cd /mnt/app/harbor/harbor/ [root@harbor harbor]# docker-compose stop //停止harbor服务 [root@harbor harbor]# vim harbor.cfg ... _version = 1.5.0 #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname = harbor-images //修改为域名 [root@harbor harbor]# ./prepare //加载配置文件
3.修改/usr/lib/systemd/system/下的docker.service文件:
[root@harbor harbor]# vim /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target Wants=docker-storage-setup.service Requires=docker-cleanup.timer [Service] Type=notify NotifyAccess=main EnvironmentFile=-/run/containers/registries.conf EnvironmentFile=-/etc/sysconfig/docker EnvironmentFile=-/etc/sysconfig/docker-storage EnvironmentFile=-/etc/sysconfig/docker-network Environment=GOTRACEBACK=crash Environment=DOCKER_HTTP_HOST_COMPAT=1 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin ExecStart=/usr/bin/dockerd-current \ --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ --default-runtime=docker-runc \ --exec-opt native.cgroupdriver=systemd \ --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ --init-path=/usr/libexec/docker/docker-init-current \ --seccomp-profile=/etc/docker/seccomp.json \ --insecure-registry=harbor-images \ //添加为域名 $OPTIONS \ [root@harbor harbor]# systemctl daemon-reload [root@harbor harbor]# systemctl restart docker [root@harbor harbor]# docker-compose start //启动harbor服务
注意:
这里添加的 --insecure-registry=IP/主机名 也是解决连接harbor时https报错的其中一步。
docker login连接https报错解决:https://blog.csdn.net/qq_44895681/article/details/105573702
4.测试本机域名连接
[root@harbor harbor]# docker login harbor-images Username (admin): admin Password: Login Succeeded //登录成功
Nginx客户端修改:
1.修改/etc/hosts文件
[root@nginx ~]# cat /etc/hosts ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 172.21.ggg.ggg iZ8vbg29xxxxxxxxx 172.21.xxx.xxx harbor-images //增加harbor主机的IP及登录的域名
2.修改/etc/docker/目录下daemon.json文件
[root@nginx ~]# vim /etc/docker/daemon.json { "graph":"/mnt/app/docker/data", "registry-mirrors": ["https://b34xxxxx.mirror.aliyuncs.com"], "insecure-registries":["harbor-images"] } [root@nginx ~]# systemctl daemon-reload [root@nginx ~]# systemctl restart docker
添加"insecure-registries":["harbor-images"]中harbor主机设置的登录域名,这里的insecure参数如果是写在/usr/lib/systemd/system/docker.service中,如上面harbor主机那样,那么就直接修改/usr/lib/systemd/system/docker.service中该项配置即可,这个参数只能在docker.service或者daemon.json其中一个配置文件中。
3.测试nginx客户端域名连接harbor主机:
[root@nginx ~]# docker login harbor-images Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded //登录成功
如果更改完配置并且重启docker成功后还是无法使用域名连接harbor主机服务,可以尝试断开nginx客户端SSH连接,重新连接nginx客户端再进行域名连接harbor主机服务。
