目的:
在harbor本機或者其他主機可以使用docker login +域名 直接連接配接harbor主機倉庫,不用在使用IP位址連接配接。
環境介紹:
Harbor用戶端:172.21.xxx.xxx harbor-images
CentOS Linux release 7.6.1810 (Core)
Docker 13.1.1
Docker compose 1.25.5
Harbor 1.5.0
Nginx用戶端:172.21.ggg.ggg
CentOS Linux release 7.6.1810 (Core)
Docker 19.03.8
Docker compose 1.18.0
複制
Harbor用戶端修改:
1.修改/etc/hosts檔案
[root@harbor harbor]# vim /etc/hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
172.21.xxx.xxx iZ8vb4u5g0xxxxxxxxxx harbor-images //添加登入域名
複制
2.修改harbor目錄下harbor.cfg檔案:
必須在harbor目錄下運作,否則會報錯。
[root@harbor ~]# cd /mnt/app/harbor/harbor/
[root@harbor harbor]# docker-compose stop //停止harbor服務
[root@harbor harbor]# vim harbor.cfg
...
_version = 1.5.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = harbor-images //修改為域名
[root@harbor harbor]# ./prepare //加載配置檔案
複制
3.修改/usr/lib/systemd/system/下的docker.service檔案:
[root@harbor harbor]# vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--init-path=/usr/libexec/docker/docker-init-current \
--seccomp-profile=/etc/docker/seccomp.json \
--insecure-registry=harbor-images \ //添加為域名
$OPTIONS \
[root@harbor harbor]# systemctl daemon-reload
[root@harbor harbor]# systemctl restart docker
[root@harbor harbor]# docker-compose start //啟動harbor服務
複制
注意:
這裡添加的 --insecure-registry=IP/主機名 也是解決連接配接harbor時https報錯的其中一步。
docker login連接配接https報錯解決:https://blog.csdn.net/qq_44895681/article/details/105573702
4.測試本機域名連接配接
[root@harbor harbor]# docker login harbor-images
Username (admin): admin
Password:
Login Succeeded //登入成功
複制
Nginx用戶端修改:
1.修改/etc/hosts檔案
[root@nginx ~]# cat /etc/hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
172.21.ggg.ggg iZ8vbg29xxxxxxxxx
172.21.xxx.xxx harbor-images //增加harbor主機的IP及登入的域名
複制
2.修改/etc/docker/目錄下daemon.json檔案
[root@nginx ~]# vim /etc/docker/daemon.json
{
"graph":"/mnt/app/docker/data",
"registry-mirrors": ["https://b34xxxxx.mirror.aliyuncs.com"],
"insecure-registries":["harbor-images"]
}
[root@nginx ~]# systemctl daemon-reload
[root@nginx ~]# systemctl restart docker
複制
添加"insecure-registries":["harbor-images"]中harbor主機設定的登入域名,這裡的insecure參數如果是寫在/usr/lib/systemd/system/docker.service中,如上面harbor主機那樣,那麼就直接修改/usr/lib/systemd/system/docker.service中該項配置即可,這個參數隻能在docker.service或者daemon.json其中一個配置檔案中。
3.測試nginx用戶端域名連接配接harbor主機:
[root@nginx ~]# docker login harbor-images
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded //登入成功
複制
如果更改完配置并且重新開機docker成功後還是無法使用域名連接配接harbor主機服務,可以嘗試斷開nginx用戶端SSH連接配接,重新連接配接nginx用戶端再進行域名連接配接harbor主機服務。