{"id":10741,"date":"2023-02-22T15:00:34","date_gmt":"2023-02-22T07:00:34","guid":{"rendered":"https:\/\/www.gbase8.cn\/?p=10741"},"modified":"2023-06-27T11:40:40","modified_gmt":"2023-06-27T03:40:40","slug":"gcdw%e6%8a%80%e6%9c%af%e6%a0%88%ef%bc%8c%e9%95%9c%e5%83%8f%e4%bb%93%e5%ba%93harbor%e5%ae%89%e8%a3%85%ef%bc%8c%e5%8c%85%e6%8b%achttps-%e6%9c%8d%e5%8a%a1ca%e8%af%81%e4%b9%a6%e7%9a%84%e7%94%9f%e6%88%90o","status":"publish","type":"post","link":"https:\/\/www.gbase8.cn\/en\/10741","title":{"rendered":"\u5357\u5927\u901a\u7528GCDW\u6280\u672f\u6808\uff0c\u955c\u50cf\u4ed3\u5e93harbor\u5b89\u88c5\uff0c\u5305\u62echttps \u670d\u52a1CA\u8bc1\u4e66\u7684\u751f\u6210(openssl)"},"content":{"rendered":"<p>GCDW\u662fGBase \u7684\u4e91\u6570\u4ed3\u7248\u672c(GBase Cloud Database Warehouse)\uff0c \u5176\u8fd0\u884c\u5728k8s\u4e0a\uff0c\u955c\u50cf\u8981\u5148\u4e0a\u4f20\u5230\u955c\u50cf\u4ed3\u5e93\uff0c\u5728\u5b89\u88c5\u90e8\u7f72\u65f6\u5404\u4e2a\u8282\u70b9\u518d\u4ece\u955c\u50cf\u4ed3\u5e93\u540c\u65f6\u62c9\u53d6\u3002\u672c\u6587\u4ecb\u7ecdharbor\u5b89\u88c5\u914d\u7f6e\u65b9\u6cd5\uff0c\u7279\u522b\u662f\u542f\u7528https\u670d\u52a1\u7684\u65b9\u6cd5\u3002<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Directory Navigation<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2b0d327418a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2b0d327418a\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#harbor%E9%9C%80%E8%A6%81%E5%AE%B9%E5%99%A8%E7%8E%AF%E5%A2%83\" >harbor\u9700\u8981\u5bb9\u5668\u73af\u5883<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90CA%E8%AF%81%E4%B9%A6\" >\u751f\u6210CA\u8bc1\u4e66<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90CA%E7%A7%81%E9%92%A5\" >\u751f\u6210CA\u79c1\u94a5<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90CA%E8%AF%81%E4%B9%A6_Generate_the_CA_certificate\" >\u751f\u6210CA\u8bc1\u4e66 Generate the CA certificate.<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E8%AF%81%E4%B9%A6Generate_a_Server_Certificate\" >\u751f\u6210\u670d\u52a1\u5668\u7aef\u8bc1\u4e66Generate a Server Certificate<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90%E7%A7%81%E9%92%A5\" >\u751f\u6210\u79c1\u94a5<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90CSR_Generate_a_certificate_signing_request_CSR\" >\u751f\u6210CSR Generate a certificate signing request (CSR).<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%9F%E6%88%90X509_v3%E7%9A%84%E6%89%A9%E5%B1%95%E6%96%87%E4%BB%B6_Generate_an_x509_v3_extension_file\" >\u751f\u6210X509 v3\u7684\u6269\u5c55\u6587\u4ef6 Generate an x509 v3 extension file.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E7%94%A8v3ext%E7%94%9F%E6%88%90harbor%E4%B8%BB%E6%9C%BA%E7%9A%84%E8%AF%81%E4%B9%A6_Use_the_v3ext_file_to_generate_a_certificate_for_your_Harbor_host\" >\u7528v3.ext\u751f\u6210harbor\u4e3b\u673a\u7684\u8bc1\u4e66 Use the&nbsp;v3.ext&nbsp;file to generate a certificate for your Harbor host.<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%B0%86%E8%AF%81%E4%B9%A6%E5%8F%91%E7%BB%99%E5%AE%B9%E5%99%A8%E5%92%8Charbor\" >\u5c06\u8bc1\u4e66\u53d1\u7ed9\u5bb9\u5668\u548charbor<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%B0%86%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E8%AF%81%E4%B9%A6%E5%92%8C%E7%A7%81%E9%92%A5%E5%A4%8D%E5%88%B6%E5%88%B0harbor%E4%B8%BB%E6%9C%BA\" >\u5c06\u670d\u52a1\u5668\u7aef\u8bc1\u4e66\u548c\u79c1\u94a5\u590d\u5236\u5230harbor\u4e3b\u673a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%B0%86crt%E8%BD%AC%E5%8C%96%E4%B8%BAcert%E6%8F%90%E4%BE%9B%E7%BB%99docker%E4%BD%BF%E7%94%A8\" >\u5c06crt\u8f6c\u5316\u4e3acert,\u63d0\u4f9b\u7ed9docker\u4f7f\u7528<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%B0%86%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E8%AF%81%E4%B9%A6%EF%BC%8C%E7%A7%81%E9%92%A5%E5%92%8CCA%E6%96%87%E4%BB%B6%EF%BC%8C%E5%A4%8D%E5%88%B6%E5%88%B0docker%E7%9A%84harbor%E4%B8%BB%E6%9C%BA%E7%9B%AE%E5%BD%95%E4%B8%8B%E3%80%82\" >\u5c06\u670d\u52a1\u5668\u7aef\u8bc1\u4e66\uff0c\u79c1\u94a5\u548cCA\u6587\u4ef6\uff0c\u590d\u5236\u5230docker\u7684harbor\u4e3b\u673a\u76ee\u5f55\u4e0b\u3002<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%A6%82%E6%9E%9C%E4%BF%AE%E6%94%B9%E4%BA%86SSL%E7%AB%AF%E5%8F%A3\" >\u5982\u679c\u4fee\u6539\u4e86SSL\u7aef\u53e3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E9%87%8D%E5%90%AF%E5%AE%B9%E5%99%A8docker\" >\u91cd\u542f\u5bb9\u5668docker<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E4%B8%8B%E8%BD%BDharbor\" >\u4e0b\u8f7dharbor<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E4%BF%AE%E6%94%B9harbor%E6%94%AF%E6%8C%81https\" >\u4fee\u6539harbor\u652f\u6301https<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6\" >\u4fee\u6539\u914d\u7f6e\u6587\u4ef6<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%90%AF%E5%8A%A8%E6%9C%8D%E5%8A%A1\" >\u542f\u52a8\u670d\u52a1<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E6%B5%8B%E8%AF%95%E6%95%88%E6%9E%9C\" >\u6d4b\u8bd5\u6548\u679c<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%85%B6%E5%AE%83%E8%8A%82%E7%82%B9%E8%BF%9C%E7%A8%8B%E8%AE%BF%E9%97%AEharbor%E7%9A%84%E6%96%B9%E6%B3%95\" >\u5176\u5b83\u8282\u70b9\u8fdc\u7a0b\u8bbf\u95eeharbor\u7684\u65b9\u6cd5<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#docker_login\" >docker login<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%AE%8C%E6%95%B4%E5%AE%89%E8%A3%85%E8%AE%B0%E5%BD%95\" >\u5b8c\u6574\u5b89\u88c5\u8bb0\u5f55<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.gbase8.cn\/en\/10741\/#%E5%8F%82%E8%80%83\" >\u53c2\u8003<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"harbor%E9%9C%80%E8%A6%81%E5%AE%B9%E5%99%A8%E7%8E%AF%E5%A2%83\"><\/span>harbor\u9700\u8981\u5bb9\u5668\u73af\u5883<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin<\/code><\/pre>\n\n\n\n<p>\u8fd8\u9700\u8981docker-compose,\u8fd9\u4e2a\u76f4\u63a5\u4e0b\u8f7d\uff0c\u5c31\u662f\u4e2a\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u6539\u540d\u5230\/usr\/local\/bin\u4e0b\u5c31\u53ef\u4ee5\u4e86<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 harbor]# ll \/usr\/local\/bin\/docker-compose\n-rwxr-xr-x. 1 root root 44953600 Feb 21 00:58 \/usr\/local\/bin\/docker-compose\n&#91;root@vm249 harbor]#<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90CA%E8%AF%81%E4%B9%A6\"><\/span>\u751f\u6210CA\u8bc1\u4e66<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5982\u679c\u4e0d\u5f00\u901ahttps\u670d\u52a1\uff0c\u53ef\u4ee5\u76f4\u63a5\u8df3\u5230<a href=\"#harbor_config\">\u540e\u9762\u90e8\u5206<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90CA%E7%A7%81%E9%92%A5\"><\/span>\u751f\u6210CA\u79c1\u94a5<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# openssl genrsa -out ca.key 4096\nGenerating RSA private key, 4096 bit long modulus\n.........................................++\n........................................................................................................................................++\ne is 65537 (0x10001)\n&#91;root@vm249 ssl]# ll\ntotal 4\n-rw-r--r--. 1 root root 3247 Feb 21 17:23 ca.key\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90CA%E8%AF%81%E4%B9%A6_Generate_the_CA_certificate\"><\/span>\u751f\u6210CA\u8bc1\u4e66 Generate the CA certificate.<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>openssl req -x509 -new -nodes -sha512 -days 3650 \\\n -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=<span class=\"has-inline-color has-luminous-vivid-orange-color\"><strong>yourdomain.com<\/strong><\/span>\" \\\n -key ca.key \\\n -out ca.crt<\/code><\/pre>\n\n\n\n<p>\u5176\u4e2d <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>-subj \u6307\u5b9a\u7ec4\u7ec7\u540d\u79f0\u7b49\uff0c\u5982\u679c\u4f7f\u7528FQDN\u8fde\u63a5Harbor\u4e3b\u673a\uff0c\u5219\u5fc5\u987b\u5c06\u5176\u6307\u5b9a\u4e3a\u901a\u7528\u540d\u79f0\uff08<code>CN<\/code>\uff09\u5c5e\u6027\uff0c\u6bd4\u5982\u4f60\u7684\u4e3b\u673a\u540d\u6216\u8005\u57df\u540d\u7b49\u3002<\/li><li>-key \u662f\u524d\u9762\u751f\u6210\u7684CA\u79c1\u94a5<\/li><li>-out \u662f\u751f\u6210\u7684CA\u8bc1\u4e66\u540d\u5b57<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>openssl req -x509 -new -nodes -sha512 -days 3650 \\\n -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\" \\\n -key ca.key \\\n -out ca.crt<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E8%AF%81%E4%B9%A6Generate_a_Server_Certificate\"><\/span>\u751f\u6210\u670d\u52a1\u5668\u7aef\u8bc1\u4e66Generate a Server Certificate<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90%E7%A7%81%E9%92%A5\"><\/span>\u751f\u6210\u79c1\u94a5<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl genrsa -out <span class=\"has-inline-color has-luminous-vivid-orange-color\">yourdomain.com.<\/span>key 4096<\/code><\/pre>\n\n\n\n<p>\u5176\u4e2d\u57df\u540d\u662fyourdomain.com\uff0c \u4e0b\u9762\u4f60\u662f\u7528IP\u7684\u4f8b\u5b50<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# openssl genrsa -out 172.16.3.249.key 4096\nGenerating RSA private key, 4096 bit long modulus\n................................................++\n.++\ne is 65537 (0x10001)\n&#91;root@vm249 ssl]# ll\ntotal 12\n-rw-r--r--. 1 root root 3247 Feb 21 17:49 172.16.3.249.key\n-rw-r--r--. 1 root root 2029 Feb 21 17:33 ca.crt\n-rw-r--r--. 1 root root 3247 Feb 21 17:23 ca.key\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90CSR_Generate_a_certificate_signing_request_CSR\"><\/span>\u751f\u6210CSR Generate a certificate signing request (CSR).<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>openssl req -sha512 -new \\\n    -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=<span class=\"has-inline-color has-luminous-vivid-orange-color\">yourdomain.com<\/span>\" \\\n    -key yourdomain.com.key \\\n    -out yourdomain.com.csr<\/code><\/pre>\n\n\n\n<p>\u5982\u4e0b\u662f\u7528IP\u4f5c\u4e3a\u4e3b\u673a\u540d<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# openssl req -sha512 -new \\\n&gt;     -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\" \\\n&gt;     -key 172.16.3.249.key \\\n&gt;     -out 172.16.3.249.csr\n&#91;root@vm249 ssl]# ll\ntotal 16\n-rw-r--r--. 1 root root 1704 Feb 21 18:10 172.16.3.249.csr\n-rw-r--r--. 1 root root 3247 Feb 21 17:49 172.16.3.249.key\n-rw-r--r--. 1 root root 2029 Feb 21 17:33 ca.crt\n-rw-r--r--. 1 root root 3247 Feb 21 17:23 ca.key\n&#91;root@vm249 ssl]#<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%9F%E6%88%90X509_v3%E7%9A%84%E6%89%A9%E5%B1%95%E6%96%87%E4%BB%B6_Generate_an_x509_v3_extension_file\"><\/span>\u751f\u6210X509 v3\u7684\u6269\u5c55\u6587\u4ef6 Generate an x509 v3 extension file.<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u5305\u62ec\u57df\u540d\u548cIP\u65b9\u5f0f\u7684\u4e3b\u673a\u540d\uff0c\u7528\u4e8eharbor\u7f16\u8bd1\u65f6\u6307\u5b9a\u4e86SAN\u548cX509 v3\uff08Harbor host that complies with the Subject Alternative Name (SAN) and x509 v3 extension requirements.\uff09<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>cat &gt; v3.ext &lt;&lt;-EOF\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nextendedKeyUsage = serverAuth\nsubjectAltName = @alt_names\n\n&#91;alt_names]\nDNS.1=yourdomain.com\nDNS.2=yourdomain\nDNS.3=hostname\nEOF<\/code><\/pre>\n\n\n\n<p>\u5982\u679c\u7528IP,\u5219\u9700\u8981\u5728subjectAltName\u90e8\u5206\u76f4\u63a5\u5199IP<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# cat &gt; v3.ext &lt;&lt;-EOF\n&gt; authorityKeyIdentifier=keyid,issuer\n&gt; basicConstraints=CA:FALSE\n&gt; keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n&gt; extendedKeyUsage = serverAuth\n&gt; subjectAltName = IP:172.16.3.249\n&gt; EOF\n&#91;root@vm249 ssl]# ll\ntotal 20\n-rw-r--r--. 1 root root 1704 Feb 21 18:10 172.16.3.249.csr\n-rw-r--r--. 1 root root 3247 Feb 21 17:49 172.16.3.249.key\n-rw-r--r--. 1 root root 2029 Feb 21 17:33 ca.crt\n-rw-r--r--. 1 root root 3247 Feb 21 17:23 ca.key\n-rw-r--r--. 1 root root  231 Feb 21 18:32 v3.ext\n&#91;root@vm249 ssl]# cat v3.ext\nauthorityKeyIdentifier=keyid,issuer\n&#91;root@vm249 ssl]# cat v3.ext\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nextendedKeyUsage = serverAuth\nsubjectAltName = IP:172.16.3.249\n\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%94%A8v3ext%E7%94%9F%E6%88%90harbor%E4%B8%BB%E6%9C%BA%E7%9A%84%E8%AF%81%E4%B9%A6_Use_the_v3ext_file_to_generate_a_certificate_for_your_Harbor_host\"><\/span>\u7528v3.ext\u751f\u6210harbor\u4e3b\u673a\u7684\u8bc1\u4e66 Use the&nbsp;<code>v3.ext<\/code>&nbsp;file to generate a certificate for your Harbor host.<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>openssl x509 -req -sha512 -days 3650 \\\n    -extfile v3.ext \\\n    -CA ca.crt -CAkey ca.key -CAcreateserial \\\n    -in yourdomain.com.csr \\\n    -out yourdomain.com.crt<\/code><\/pre>\n\n\n\n<p>\u5982\u4e0b\u662f\u4f7f\u7528IP\u7684\u4f8b\u5b50<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>openssl x509 -req -sha512 -days 3650 \\\n    -extfile v3.ext \\\n    -CA ca.crt -CAkey ca.key -CAcreateserial \\\n    -in 172.16.3.249.csr \\\n    -out 172.16.3.249.crt<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# openssl x509 -req -sha512 -days 3650 \\\n&gt;     -extfile v3.ext \\\n&gt;     -CA ca.crt -CAkey ca.key -CAcreateserial \\\n&gt;     -in 172.16.3.249.csr \\\n&gt;     -out 172.16.3.249.crt\nSignature ok\nsubject=\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\nGetting CA Private Key\n&#91;root@vm249 ssl]#\n&#91;root@vm249 ssl]# ll\ntotal 28\n-rw-r--r--. 1 root root 2061 Feb 21 18:34 172.16.3.249.crt\n-rw-r--r--. 1 root root 1704 Feb 21 18:10 172.16.3.249.csr\n-rw-r--r--. 1 root root 3247 Feb 21 17:49 172.16.3.249.key\n-rw-r--r--. 1 root root 2029 Feb 21 17:33 ca.crt\n-rw-r--r--. 1 root root 3247 Feb 21 17:23 ca.key\n-rw-r--r--. 1 root root   17 Feb 21 18:34 ca.srl\n-rw-r--r--. 1 root root  231 Feb 21 18:32 v3.ext\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%B0%86%E8%AF%81%E4%B9%A6%E5%8F%91%E7%BB%99%E5%AE%B9%E5%99%A8%E5%92%8Charbor\"><\/span>\u5c06\u8bc1\u4e66\u53d1\u7ed9\u5bb9\u5668\u548charbor<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%B0%86%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E8%AF%81%E4%B9%A6%E5%92%8C%E7%A7%81%E9%92%A5%E5%A4%8D%E5%88%B6%E5%88%B0harbor%E4%B8%BB%E6%9C%BA\"><\/span>\u5c06\u670d\u52a1\u5668\u7aef\u8bc1\u4e66\u548c\u79c1\u94a5\u590d\u5236\u5230harbor\u4e3b\u673a<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Copy the server certificate and key into the certficates folder on your Harbor host.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp yourdomain.com.crt \/data\/cert\/\ncp yourdomain.com.key \/data\/cert\/<\/code><\/pre>\n\n\n\n<p>\u5982\u4e0b\u662fIP\u7684\u64cd\u4f5c\u8bb0\u5f55\u3002 \u76ee\u5f55\u5982\u679c\u4e0d\u5b58\u5728\uff0c\u53ef\u4ee5\u521b\u5efa\u4e0a\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# mkdir -p \/data\/cert\n&#91;root@vm249 ssl]# cp 172.16.3.249.crt  \/data\/cert\/\n&#91;root@vm249 ssl]# cp 172.16.3.249.key  \/data\/cert\/\n&#91;root@vm249 ssl]# ll \/data\/cert\/\ntotal 8\n-rw-r--r--. 1 root root 2061 Feb 21 19:13 172.16.3.249.crt\n-rw-r--r--. 1 root root 3247 Feb 21 19:13 172.16.3.249.key\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%B0%86crt%E8%BD%AC%E5%8C%96%E4%B8%BAcert%E6%8F%90%E4%BE%9B%E7%BB%99docker%E4%BD%BF%E7%94%A8\"><\/span>\u5c06crt\u8f6c\u5316\u4e3acert,\u63d0\u4f9b\u7ed9docker\u4f7f\u7528<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Convert&nbsp;<code>yourdomain.com.crt<\/code>&nbsp;to&nbsp;<code>yourdomain.com.cert<\/code>, for use by Docker.<\/p>\n\n\n\n<p>The Docker daemon interprets&nbsp;<code>.crt<\/code>&nbsp;files as CA certificates and&nbsp;<code>.cert<\/code>&nbsp;files as client certificates.<\/p>\n\n\n\n<p>docker\u8fdb\u7a0b\u5c06crt\u4f5c\u4e3aCA\u8bc1\u4e66\uff0c cert\u4f5c\u4e3a\u5ba2\u6237\u7aef\u8bc1\u4e66\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert<\/code><\/pre>\n\n\n\n<p>\u8fd0\u884c\u8bb0\u5f55<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# openssl x509 -inform PEM -in 172.16.3.249.crt -out 172.16.3.249.cert\n&#91;root@vm249 ssl]# ll\ntotal 32\n-rw-r--r--. 1 root root 2061 Feb 21 19:17 172.16.3.249.cert\n-rw-r--r--. 1 root root 2061 Feb 21 18:34 172.16.3.249.crt\n-rw-r--r--. 1 root root 1704 Feb 21 18:10 172.16.3.249.csr\n-rw-r--r--. 1 root root 3247 Feb 21 17:49 172.16.3.249.key\n-rw-r--r--. 1 root root 2029 Feb 21 17:33 ca.crt\n-rw-r--r--. 1 root root 3247 Feb 21 17:23 ca.key\n-rw-r--r--. 1 root root   17 Feb 21 18:34 ca.srl\n-rw-r--r--. 1 root root  231 Feb 21 18:32 v3.ext\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%B0%86%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E8%AF%81%E4%B9%A6%EF%BC%8C%E7%A7%81%E9%92%A5%E5%92%8CCA%E6%96%87%E4%BB%B6%EF%BC%8C%E5%A4%8D%E5%88%B6%E5%88%B0docker%E7%9A%84harbor%E4%B8%BB%E6%9C%BA%E7%9B%AE%E5%BD%95%E4%B8%8B%E3%80%82\"><\/span>\u5c06\u670d\u52a1\u5668\u7aef\u8bc1\u4e66\uff0c\u79c1\u94a5\u548cCA\u6587\u4ef6\uff0c\u590d\u5236\u5230docker\u7684harbor\u4e3b\u673a\u76ee\u5f55\u4e0b\u3002<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Copy the server certificate, key and CA files into the Docker certificates folder on the Harbor host. You must create the appropriate folders first.<\/p>\n\n\n\n<p>\u6ce8\u610f\uff0c\u9ed8\u8ba4\u662f443\u7aef\u53e3\uff0c\u5982\u679c\u4e0d\u662f\u9ed8\u8ba4\u503c\uff0c\u5219\u540e\u9762\u521b\u5efa\u7684\u76ee\u5f55\uff0c\u8981\u5e26\u4e0a\u7aef\u53e3\u53f7\u3002 \u6bd4\u5982\u6709\u4ece172.16.3.249\uff0c\u53d8\u6210172.16.3.249:8443<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>cp yourdomain.com.cert \/etc\/docker\/certs.d\/yourdomain.com\/\ncp yourdomain.com.key \/etc\/docker\/certs.d\/yourdomain.com\/\ncp ca.crt \/etc\/docker\/certs.d\/yourdomain.com\/<\/code><\/pre>\n\n\n\n<p>\u8fd0\u884c\u8bb0\u5f55<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# mkdir -p \/etc\/docker\/certs.d\/172.16.3.249\/\n&#91;root@vm249 ssl]# cp 172.16.3.249.cert \/etc\/docker\/certs.d\/172.16.3.249\/\n&#91;root@vm249 ssl]# cp 172.16.3.249.key \/etc\/docker\/certs.d\/172.16.3.249\/\n&#91;root@vm249 ssl]# cp ca.crt \/etc\/docker\/certs.d\/172.16.3.249\/\n&#91;root@vm249 ssl]# ll \/etc\/docker\/certs.d\/172.16.3.249\/\ntotal 12\n-rw-r--r--. 1 root root 2061 Feb 21 19:20 172.16.3.249.cert\n-rw-r--r--. 1 root root 3247 Feb 21 19:20 172.16.3.249.key\n-rw-r--r--. 1 root root 2029 Feb 21 19:20 ca.crt\n&#91;root@vm249 ssl]#\n<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%A6%82%E6%9E%9C%E4%BF%AE%E6%94%B9%E4%BA%86SSL%E7%AB%AF%E5%8F%A3\"><\/span>\u5982\u679c\u4fee\u6539\u4e86SSL\u7aef\u53e3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u5982\u679c\u4e0d\u662f\u9ed8\u8ba4\u7684443,\u5219\u524d\u9762\u521b\u5efa\u7684\u76ee\u5f55\uff0c\u8981\u52a0\u4e0a\u7aef\u53e3,\u6bd4\u5982\u3002 \u5e76\u4e14\u6240\u6709\u7684CA\u6587\u4ef6\u4e5f\u662f\u8981\u653e\u5230\u8fd9\u4e2a\u76ee\u5f55\u4e0b\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@vm249 ssl]# mkdir \/etc\/docker\/certs.d\/172.16.3.249:8443\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E9%87%8D%E5%90%AF%E5%AE%B9%E5%99%A8docker\"><\/span>\u91cd\u542f\u5bb9\u5668docker<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart docker<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E4%B8%8B%E8%BD%BDharbor\"><\/span>\u4e0b\u8f7dharbor<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/goharbor.io\/\">https:\/\/goharbor.io\/<\/a><\/p>\n\n\n\n<p>\u5982\u679c\u7f51\u901f\u5feb\uff0c\u53ef\u4ee5\u9009\u62e9offline\u7684\u7248\u672c\u3002 \u6211\u8fd9\u91cc\u7528\u7684\u662fonline\u7684\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1073\" height=\"418\" src=\"https:\/\/www.gbase8.cn\/wp-content\/uploads\/2023\/06\/image-10.png\" alt=\"\" class=\"wp-image-12224\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"harbor_config\"><span class=\"ez-toc-section\" id=\"%E4%BF%AE%E6%94%B9harbor%E6%94%AF%E6%8C%81https\"><\/span>\u4fee\u6539harbor\u652f\u6301https<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u89e3\u538b\u7f29\u540e\uff0c\u5c06harbor\u76ee\u5f55\u4e0b\u7684harbor.yml.tmp\u590d\u5236\u4e00\u4efd\u4e3aharbor.yml<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6\"><\/span>\u4fee\u6539\u914d\u7f6e\u6587\u4ef6<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u5305\u62ec&nbsp;<code>hostname<\/code>&nbsp;\u548c&nbsp;<code>https<\/code> \u90e8\u5206\uff0c\u5176\u4e2d\u8bc1\u4e66\u548c\u79c1\u94a5\u6b63\u786e\u914d\u7f6e\u3002 \u5982\u679c\u4e0d\u5f00\u901ahttps\u670d\u52a1\uff0c\u53ef\u4ee5\u6ce8\u91ca\u6389\u76f8\u5173\u90e8\u5206\u3002 \u6ce8\u610f\u914d\u7f6e\u6587\u4ef6\u7f29\u8fdb\u683c\u5f0f\uff0c\u4e0d\u8981\u51fa\u73b0\u65e0\u6548\u7684\u989d\u5916\u7a7a\u683c\u7b49\uff0c\u5426\u5219\u4f1a\u9020\u6210\u89e3\u6790\u9519\u8bef\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 ssl]# cat ..\/harbor.yml\n# Configuration file of Harbor\n\n# The IP address or hostname to access admin UI and registry service.\n# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.\n<span class=\"has-inline-color has-luminous-vivid-orange-color\">hostname: 172.16.3.249<\/span>\n\n# http related config\nhttp:\n  # port for http, default is 80. If https enabled, this port will redirect to https port\n  <span class=\"has-inline-color has-luminous-vivid-orange-color\">port: 8088<\/span>\n\n# https related config\nhttps:\n  # https port for harbor, default is 443\n <span class=\"has-inline-color has-luminous-vivid-orange-color\"> port: 8443<\/span>\n  # The path of cert and key files for nginx\n<span class=\"has-inline-color has-luminous-vivid-orange-color\">  certificate: \/data\/cert\/172.16.3.249.crt\n  private_key: \/data\/cert\/172.16.3.249.key<\/span>\n\u3002\u3002\u3002\u3002\u3002\u3002<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"766\" height=\"311\" src=\"https:\/\/www.gbase8.cn\/wp-content\/uploads\/2023\/06\/image-11.png\" alt=\"\" class=\"wp-image-12228\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%90%AF%E5%8A%A8%E6%9C%8D%E5%8A%A1\"><\/span>\u542f\u52a8\u670d\u52a1<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u5982\u679c\u6ca1\u6709\u8fd0\u884c\u5728http\u6a21\u5f0f\u4e0b\uff0c\u53ef\u4ee5\u76f4\u63a5install.sh\u5b89\u88c5<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/install.sh<\/code><\/pre>\n\n\n\n<p>\u5982\u679c\u5df2\u7ecf\u90e8\u7f72\u4e86http\u6a21\u5f0f\uff0c\u53ef\u4ee5\u91cd\u65b0\u90e8\u7f72<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/prepare\ndocker-compose down -v\ndocker-compose up -d<\/code><\/pre>\n\n\n\n<p>\u6267\u884c\u8bb0\u5f55<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 harbor]# .\/prepare\nprepare base dir is set to \/root\/harbor\nClearing the configuration file: \/config\/portal\/nginx.conf\nClearing the configuration file: \/config\/log\/logrotate.conf\nClearing the configuration file: \/config\/log\/rsyslog_docker.conf\nClearing the configuration file: \/config\/nginx\/nginx.conf\nClearing the configuration file: \/config\/core\/env\nClearing the configuration file: \/config\/core\/app.conf\nClearing the configuration file: \/config\/registry\/passwd\nClearing the configuration file: \/config\/registry\/config.yml\nClearing the configuration file: \/config\/registryctl\/env\nClearing the configuration file: \/config\/registryctl\/config.yml\nClearing the configuration file: \/config\/db\/env\nClearing the configuration file: \/config\/jobservice\/env\nClearing the configuration file: \/config\/jobservice\/config.yml\nGenerated configuration file: \/config\/portal\/nginx.conf\nGenerated configuration file: \/config\/log\/logrotate.conf\nGenerated configuration file: \/config\/log\/rsyslog_docker.conf\nGenerated configuration file: \/config\/nginx\/nginx.conf\nGenerated configuration file: \/config\/core\/env\nGenerated configuration file: \/config\/core\/app.conf\nGenerated configuration file: \/config\/registry\/config.yml\nGenerated configuration file: \/config\/registryctl\/env\nGenerated configuration file: \/config\/registryctl\/config.yml\nGenerated configuration file: \/config\/db\/env\nGenerated configuration file: \/config\/jobservice\/env\nGenerated configuration file: \/config\/jobservice\/config.yml\nloaded secret from file: \/data\/secret\/keys\/secretkey\nGenerated configuration file: \/compose_location\/docker-compose.yml\nClean up the input dir\n&#91;root@vm249 harbor]# ll -rt\ntotal 56\n-rwxr-xr-x. 1 root root  1881 Dec 14 20:29 prepare\n-rwxr-xr-x. 1 root root  3171 Dec 14 20:29 install.sh\n-rw-r--r--. 1 root root 11567 Dec 14 20:29 harbor.yml.tmpl\n-rw-r--r--. 1 root root  3639 Dec 14 20:29 common.sh\n-rw-r--r--. 1 root root 11347 Dec 14 20:29 LICENSE\ndrwxr-xr-x. 3 root root    20 Feb 21 00:33 common\ndrwxr-xr-x. 2 root root   159 Feb 21 19:17 ssl\n-rw-r--r--. 1 root root 11576 Feb 21 21:42 harbor.yml\n-rw-r--r--. 1 root root  5947 Feb 21 21:47 docker-compose.yml\n&#91;root@vm249 harbor]# systemctl daemon-reload\n&#91;root@vm249 harbor]# docker-compose down -v^C\n&#91;root@vm249 harbor]# systemctl restart docker\n&#91;root@vm249 harbor]# docker-compose down -v\n&#91;+] Running 10\/10\n \u283f Container harbor-jobservice  Removed                                                                                                                        11.3s\n \u283f Container registryctl        Removed                                                                                                                        10.4s\n \u283f Container nginx              Removed                                                                                                                         1.3s\n \u283f Container harbor-portal      Removed                                                                                                                         0.3s\n \u283f Container harbor-core        Removed                                                                                                                         3.4s\n \u283f Container harbor-db          Removed                                                                                                                         1.0s\n \u283f Container registry           Removed                                                                                                                         0.9s\n \u283f Container redis              Removed                                                                                                                         1.0s\n \u283f Container harbor-log         Removed                                                                                                                        10.3s\n \u283f Network harbor_harbor        Removed                                                                                                                         0.2s\n&#91;root@vm249 harbor]# docker-compose down -v^C\n&#91;root@vm249 harbor]# docker-compose up -d\n&#91;+] Running 10\/10\n \u283f Network harbor_harbor        Created                                                                                                                         0.3s\n \u283f Container harbor-log         Started                                                                                                                         2.2s\n \u283f Container registry           Started                                                                                                                         5.4s\n \u283f Container harbor-db          Started                                                                                                                         6.2s\n \u283f Container registryctl        Started                                                                                                                         5.9s\n \u283f Container harbor-portal      Started                                                                                                                         6.1s\n \u283f Container redis              Started                                                                                                                         5.8s\n \u283f Container harbor-core        Started                                                                                                                         6.8s\n \u283f Container nginx              Started                                                                                                                         9.2s\n \u283f Container harbor-jobservice  Started                                                                                                                         9.1s\n&#91;root@vm249 harbor]#\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E6%B5%8B%E8%AF%95%E6%95%88%E6%9E%9C\"><\/span>\u6d4b\u8bd5\u6548\u679c<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5982\u679c\u8bbf\u95ee\u7684\u662f8088\u7aef\u53e3\uff0c\u4e5f\u4f1a\u81ea\u52a8\u8f6c\u52308443\u7684https\u3002<\/p>\n\n\n\n<p>\u9ed8\u8ba4\u8bbf\u95ee\u5bc6\u7801\uff0c\u53ef\u4ee5\u4eceharbor.yml\u91cc\u770b\u5230\uff0c\u641c\u7d22\uff1a harbor_admin_password<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"655\" height=\"356\" src=\"https:\/\/www.gbase8.cn\/wp-content\/uploads\/2023\/02\/1677045069892.png\" alt=\"\" class=\"wp-image-10763\"\/><\/figure>\n\n\n\n<p>\u589e\u52a0https\u7684docker daemon.json\u914d\u7f6e<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@vm249 harbor]# vi \/etc\/docker\/daemon.json\n&#91;root@vm249 harbor]# cat \/etc\/docker\/daemon.json\n{\n \"registry-mirrors\": &#91;\n    \"https:\/\/registry.docker-cn.com\",\n    \"http:\/\/hub-mirror.c.163.com\",\n    \"https:\/\/docker.mirrors.ustc.edu.cn\",\n    \"https:\/\/172.16.3.249:8443\"\n  ],\n  \"insecure-registries\": &#91;   \n  ],\n\n  \"log-opts\": {\n              \"max-size\": \"10m\"\n            }\n}\n\n&#91;root@vm249 harbor]#\n&#91;root@vm249 harbor]# systemctl daemon-reload\n&#91;root@vm249 harbor]# systemctl restart docker\n&#91;root@vm249 harbor]# systemctl restart harbor\n&#91;root@vm249 harbor]# docker login 172.16.3.249:8443\nUsername: admin\nPassword:\nWARNING! Your password will be stored unencrypted in \/root\/.docker\/config.json.\nConfigure a credential helper to remove this warning. See\nhttps:&#47;&#47;docs.docker.com\/engine\/reference\/commandline\/login\/#credentials-store\n\nLogin Succeeded\n&#91;root@vm249 harbor]#\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%85%B6%E5%AE%83%E8%8A%82%E7%82%B9%E8%BF%9C%E7%A8%8B%E8%AE%BF%E9%97%AEharbor%E7%9A%84%E6%96%B9%E6%B3%95\"><\/span>\u5176\u5b83\u8282\u70b9\u8fdc\u7a0b\u8bbf\u95eeharbor\u7684\u65b9\u6cd5<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u9700\u8981\u5c06\u6240\u9700\u7684\/etc\/docker\/cert.d\u4e0b\u5bf9\u5e94\u7684\u5730\u5740\u7684\u8bc1\u4e66\u590d\u5236\u8fc7\u53bb\u3002 \u5176\u4e2d\u7684daemon.json\uff0c\u6839\u636e\u9700\u8981\u8fdb\u884c\u4fee\u6539\u3002 \u5982\u679c\u76ee\u5f55\u4e0d\u5b58\u5728\uff0c\u53ef\u4ee5\u63d0\u524d\u521b\u5efa\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"docker_login\"><\/span>docker login<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>docker\u8bbf\u95eeharbor\u9700\u8981\u5148login,\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 \u9ed8\u8ba4\u4f1a\u5c06\u767b\u5f55\u4fe1\u606f\u4fdd\u5b58\u5230\/root\/.docker\/config.json.<\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@k8s-81 ~]# docker login https:\/\/172.16.3.249:8443\nUsername: admin\nPassword:\nError response from daemon: Get \"https:\/\/172.16.3.249:8443\/v2\/\": x509: certificate signed by unknown authority\n&#91;root@k8s-81 ~]#<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>&#91;root@k8s-81 ~]# docker login https:\/\/172.16.3.249:8443\nUsername: admin\nPassword:\nError response from daemon: Get \"https:\/\/172.16.3.249:8443\/v2\/\": x509: certificate signed by unknown authority\n&#91;root@k8s-81 ~]# cd \/etc\/docker\/\n&#91;root@k8s-81 docker]# ll\ntotal 0\n&#91;root@k8s-81 docker]# scp -r 172.16.3.249:\/etc\/docker\/cert.d\/172.16.3.249:8443 .\/certd.d\/\nThe authenticity of host '172.16.3.249 (172.16.3.249)' can't be established.\nECDSA key fingerprint is SHA256:Xs1gi6NKPEsAxLRIL2NHIv7jG1vt68oBlWZ0YUe\/Swk.\nECDSA key fingerprint is MD5:b4:9c:dd:e1:3c:42:28:8d:db:c5:a0:73:30:2f:60:78.\nAre you sure you want to continue connecting (yes\/no)? yes\nWarning: Permanently added '172.16.3.249' (ECDSA) to the list of known hosts.\nroot@172.16.3.249's password:\nPermission denied, please try again.\nroot@172.16.3.249's password:\n172.16.3.249.cert                                                                               100% 2053    36.5KB\/s   00:00\n172.16.3.249.crt                                                                                100% 2053    44.7KB\/s   00:00\n172.16.3.249.key                                                                                100% 3247   597.2KB\/s   00:00\nca.crt                                                                                          100% 2029    29.0KB\/s   00:00\ndaemon.json                                                                                     100%  276    42.9KB\/s   00:00\n&#91;root@k8s-81 docker]# ll\ntotal 4\ndrwxr-xr-x. 3 root root  31 Feb 23 08:59 certs.d\n-rw-r--r--. 1 root root 276 Feb 23 08:59 daemon.json\n&#91;root@k8s-81 docker]# cat daemon.json\n{\n \"registry-mirrors\": &#91;\n    \"https:\/\/registry.docker-cn.com\",\n    \"http:\/\/hub-mirror.c.163.com\",\n    \"https:\/\/docker.mirrors.ustc.edu.cn\",\n    \"https:\/\/172.16.3.249:8443\"\n  ],\n  \"insecure-registries\": &#91;\n  ],\n\n  \"log-opts\": {\n              \"max-size\": \"10m\"\n            }\n}\n\n&#91;root@k8s-81 docker]# ll\ntotal 4\ndrwxr-xr-x. 3 root root  31 Feb 23 08:59 certs.d\n-rw-r--r--. 1 root root 276 Feb 23 08:59 daemon.json\n&#91;root@k8s-81 docker]# cd certs.d\/\n&#91;root@k8s-81 certs.d]# ll\ntotal 0\ndrwxr-xr-x. 2 root root 93 Feb 23 08:59 172.16.3.249:8443\n&#91;root@k8s-81 certs.d]# systemctl daemon-reload\n&#91;root@k8s-81 certs.d]# docker login https:\/\/172.16.3.249:8443\nUsername: admin\nPassword:\nWARNING! Your password will be stored unencrypted in \/root\/.docker\/config.json.\nConfigure a credential helper to remove this warning. See\nhttps:&#47;&#47;docs.docker.com\/engine\/reference\/commandline\/login\/#credentials-store\n\nLogin Succeeded\n&#91;root@k8s-81 certs.d]# ll\ntotal 0\ndrwxr-xr-x. 2 root root 93 Feb 23 08:59 172.16.3.249:8443\n&#91;root@k8s-81 certs.d]# cd ..\n&#91;root@k8s-81 docker]# ll\ntotal 4\ndrwxr-xr-x. 3 root root  31 Feb 23 08:59 certs.d\n-rw-r--r--. 1 root root 276 Feb 23 08:59 daemon.json\n&#91;root@k8s-81 docker]#\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%AE%8C%E6%95%B4%E5%AE%89%E8%A3%85%E8%AE%B0%E5%BD%95\"><\/span>\u5b8c\u6574\u5b89\u88c5\u8bb0\u5f55<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<pre class=\"wp-block-code has-small-font-size\"><code>     \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\r\n     \u2502                        \u2022 MobaXterm 10.4 \u2022                          \u2502\r\n     \u2502            (SSH client, X-server and networking tools)             \u2502\r\n     \u2502                                                                    \u2502\r\n     \u2502 \u27a4 SSH session to root@172.16.3.249                                 \u2502\r\n     \u2502   \u2022 SSH compression : \u2714                                            \u2502\r\n     \u2502   \u2022 SSH-browser     : \u2714                                            \u2502\r\n     \u2502   \u2022 X11-forwarding  : \u2714  (remote display is forwarded through SSH) \u2502\r\n     \u2502   \u2022 DISPLAY         : \u2714  (automatically set on remote server)      \u2502\r\n     \u2502                                                                    \u2502\r\n     \u2502 \u27a4 For more info, ctrl+click on help or visit our website           \u2502\r\n     \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\r\n\r\nLast login: Mon Jun 26 02:53:46 2023 from 172.16.35.241\r\n&#91;root@vm249 ~]# docker\r\nbash: docker: command not found...\r\n&#91;root@vm249 ~]# cat \/etc\/hosts\r\n127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4\r\n::1         localhost localhost.localdomain localhost6 localhost6.localdomain6\r\n&#91;root@vm249 ~]# vi \/etc\/hosts\r\n&#91;root@vm249 ~]# yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin\r\nLoaded plugins: fastestmirror, langpacks\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.nju.edu.cn\r\n * extras: mirrors.bfsu.edu.cn\r\n * updates: mirrors.bfsu.edu.cn\r\nbase                                                                                                                                          | 3.6 kB  00:00:00\r\nextras                                                                                                                                        | 2.9 kB  00:00:00\r\nupdates                                                                                                                                       | 2.9 kB  00:00:00\r\nupdates\/7\/x86_64\/primary_db                                                                                                                   |  22 MB  00:00:09\r\nNo package docker-ce available.\r\nNo package docker-ce-cli available.\r\nNo package containerd.io available.\r\nNo package docker-compose-plugin available.\r\nError: Nothing to do\r\n&#91;root@vm249 ~]# curl -o \/etc\/yum.repos.d\/Centos-7.repo http:\/\/mirrors.aliyun.com\/repo\/Centos-7.repo\r\ncat &lt;&lt;EOF > \/etc\/yum.repos.d\/kubernetes.repo\r\n&#91;kubernetes]\r\nname=Kubernetes\r\nbaseurl=http:\/\/mirrors.aliyun.com\/kubernetes\/yum\/repos\/kubernetes-el7-x86_64\r\nenabled=1\r\ngpgcheck=0\r\nrepo_gpgcheck=0\r\ngpgkey=http:\/\/mirrors.aliyun.com\/kubernetes\/yum\/doc\/yum-key.gpg\r\n        http:&#47;&#47;mirrors.aliyun.com\/kubernetes\/yum\/doc\/rpm-package-key.gpg\r\nEOF  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\r\n                                 Dload  Upload   Total   Spent    Left  Speed\r\n100  2523  100  2523    0     0  10864      0 --:--:-- --:--:-- --:--:-- 10922\r\n&#91;root@vm249 ~]# curl -o \/etc\/yum.repos.d\/docker-ce.repo http:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/docker-ce.repo\r\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\r\n                                 Dload  Upload   Total   Spent    Left  Speed\r\n100  2081  100  2081    0     0  11384      0 --:--:-- --:--:-- --:--:-- 11434\r\n&#91;root@vm249 ~]# cat &lt;&lt;EOF > \/etc\/yum.repos.d\/kubernetes.repo\r\n> &#91;kubernetes]\r\n> name=Kubernetes\r\n> baseurl=http:\/\/mirrors.aliyun.com\/kubernetes\/yum\/repos\/kubernetes-el7-x86_64\r\n> enabled=1\r\n> gpgcheck=0\r\n> repo_gpgcheck=0\r\n> gpgkey=http:\/\/mirrors.aliyun.com\/kubernetes\/yum\/doc\/yum-key.gpg\r\n>         http:\/\/mirrors.aliyun.com\/kubernetes\/yum\/doc\/rpm-package-key.gpg\r\n> EOF\r\n&#91;root@vm249 ~]# yum clean all &amp;&amp; yum makecache\r\nLoaded plugins: fastestmirror, langpacks\r\nRepository base is listed more than once in the configuration\r\nRepository updates is listed more than once in the configuration\r\nRepository extras is listed more than once in the configuration\r\nRepository centosplus is listed more than once in the configuration\r\nCleaning repos: base docker-ce-stable extras kubernetes updates\r\nCleaning up list of fastest mirrors\r\nLoaded plugins: fastestmirror, langpacks\r\nRepository base is listed more than once in the configuration\r\nRepository updates is listed more than once in the configuration\r\nRepository extras is listed more than once in the configuration\r\nRepository centosplus is listed more than once in the configuration\r\nDetermining fastest mirrors\r\n * base: mirrors.bfsu.edu.cn\r\n * extras: mirrors.bfsu.edu.cn\r\n * updates: mirrors.bfsu.edu.cn\r\nbase                                                                                                                                          | 3.6 kB  00:00:00\r\ndocker-ce-stable                                                                                                                              | 3.5 kB  00:00:00\r\nextras                                                                                                                                        | 2.9 kB  00:00:00\r\nkubernetes                                                                                                                                    | 1.4 kB  00:00:00\r\nupdates                                                                                                                                       | 2.9 kB  00:00:00\r\n(1\/17): docker-ce-stable\/7\/x86_64\/filelists_db                                                                                                |  45 kB  00:00:00\r\n(2\/17): docker-ce-stable\/7\/x86_64\/updateinfo                                                                                                  |   55 B  00:00:00\r\n(3\/17): base\/7\/x86_64\/group_gz                                                                                                                | 153 kB  00:00:00\r\n(4\/17): docker-ce-stable\/7\/x86_64\/primary_db                                                                                                  | 111 kB  00:00:00\r\n(5\/17): extras\/7\/x86_64\/filelists_db                                                                                                          | 276 kB  00:00:00\r\n(6\/17): docker-ce-stable\/7\/x86_64\/other_db                                                                                                    | 133 kB  00:00:00\r\n(7\/17): extras\/7\/x86_64\/primary_db                                                                                                            | 249 kB  00:00:00\r\n(8\/17): extras\/7\/x86_64\/other_db                                                                                                              | 149 kB  00:00:00\r\n(9\/17): kubernetes\/filelists                                                                                                                  |  43 kB  00:00:00\r\n(10\/17): base\/7\/x86_64\/filelists_db                                                                                                           | 7.2 MB  00:00:04\r\n(11\/17): kubernetes\/primary                                                                                                                   | 132 kB  00:00:02\r\n(12\/17): kubernetes\/other                                                                                                                     |  86 kB  00:00:03\r\n(13\/17): base\/7\/x86_64\/other_db                                                                                                               | 2.6 MB  00:00:08\r\n(14\/17): updates\/7\/x86_64\/primary_db                                                                                                          |  22 MB  00:00:12\r\n(15\/17): updates\/7\/x86_64\/filelists_db                                                                                                        |  12 MB  00:00:14\r\n(16\/17): updates\/7\/x86_64\/other_db                                                                                                            | 1.4 MB  00:00:18\r\n(17\/17): base\/7\/x86_64\/primary_db                                                                                                             | 6.1 MB  00:01:01\r\nkubernetes                                                                                                                                                   980\/980\r\nkubernetes                                                                                                                                                   980\/980\r\nkubernetes                                                                                                                                                   980\/980\r\nMetadata Cache Created\r\n&#91;root@vm249 ~]# yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin\r\nLoaded plugins: fastestmirror, langpacks\r\nRepository base is listed more than once in the configuration\r\nRepository updates is listed more than once in the configuration\r\nRepository extras is listed more than once in the configuration\r\nRepository centosplus is listed more than once in the configuration\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.bfsu.edu.cn\r\n * extras: mirrors.bfsu.edu.cn\r\n * updates: mirrors.bfsu.edu.cn\r\nResolving Dependencies\r\n--> Running transaction check\r\n---> Package containerd.io.x86_64 0:1.6.21-3.1.el7 will be installed\r\n--> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.6.21-3.1.el7.x86_64\r\n---> Package docker-ce.x86_64 3:24.0.2-1.el7 will be installed\r\n--> Processing Dependency: docker-ce-rootless-extras for package: 3:docker-ce-24.0.2-1.el7.x86_64\r\n---> Package docker-ce-cli.x86_64 1:24.0.2-1.el7 will be installed\r\n--> Processing Dependency: docker-buildx-plugin for package: 1:docker-ce-cli-24.0.2-1.el7.x86_64\r\n---> Package docker-compose-plugin.x86_64 0:2.18.1-1.el7 will be installed\r\n--> Running transaction check\r\n---> Package container-selinux.noarch 2:2.119.2-1.911c772.el7_8 will be installed\r\n---> Package docker-buildx-plugin.x86_64 0:0.10.5-1.el7 will be installed\r\n---> Package docker-ce-rootless-extras.x86_64 0:24.0.2-1.el7 will be installed\r\n--> Processing Dependency: fuse-overlayfs >= 0.7 for package: docker-ce-rootless-extras-24.0.2-1.el7.x86_64\r\n--> Processing Dependency: slirp4netns >= 0.4 for package: docker-ce-rootless-extras-24.0.2-1.el7.x86_64\r\n--> Running transaction check\r\n---> Package fuse-overlayfs.x86_64 0:0.7.2-6.el7_8 will be installed\r\n--> Processing Dependency: libfuse3.so.3(FUSE_3.2)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64\r\n--> Processing Dependency: libfuse3.so.3(FUSE_3.0)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64\r\n--> Processing Dependency: libfuse3.so.3()(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64\r\n---> Package slirp4netns.x86_64 0:0.4.3-4.el7_8 will be installed\r\n--> Running transaction check\r\n---> Package fuse3-libs.x86_64 0:3.6.1-4.el7 will be installed\r\n--> Finished Dependency Resolution\r\n\r\nDependencies Resolved\r\n\r\n=====================================================================================================================================================================\r\n Package                                       Arch                       Version                                         Repository                            Size\r\n=====================================================================================================================================================================\r\nInstalling:\r\n containerd.io                                 x86_64                     1.6.21-3.1.el7                                  docker-ce-stable                      34 M\r\n docker-ce                                     x86_64                     3:24.0.2-1.el7                                  docker-ce-stable                      24 M\r\n docker-ce-cli                                 x86_64                     1:24.0.2-1.el7                                  docker-ce-stable                      13 M\r\n docker-compose-plugin                         x86_64                     2.18.1-1.el7                                    docker-ce-stable                      12 M\r\nInstalling for dependencies:\r\n container-selinux                             noarch                     2:2.119.2-1.911c772.el7_8                       extras                                40 k\r\n docker-buildx-plugin                          x86_64                     0.10.5-1.el7                                    docker-ce-stable                      12 M\r\n docker-ce-rootless-extras                     x86_64                     24.0.2-1.el7                                    docker-ce-stable                     9.1 M\r\n fuse-overlayfs                                x86_64                     0.7.2-6.el7_8                                   extras                                54 k\r\n fuse3-libs                                    x86_64                     3.6.1-4.el7                                     extras                                82 k\r\n slirp4netns                                   x86_64                     0.4.3-4.el7_8                                   extras                                81 k\r\n\r\nTransaction Summary\r\n=====================================================================================================================================================================\r\nInstall  4 Packages (+6 Dependent packages)\r\n\r\nTotal download size: 105 M\r\nInstalled size: 372 M\r\nIs this ok &#91;y\/d\/N]: y\r\nDownloading packages:\r\n(1\/10): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm                                                                                  |  40 kB  00:00:00\r\nwarning: \/var\/cache\/yum\/x86_64\/7\/docker-ce-stable\/packages\/docker-buildx-plugin-0.10.5-1.el7.x86_64.rpm: Header V4 RSA\/SHA512 Signature, key ID 621e9f35: NOKEY0 ETA\r\nPublic key for docker-buildx-plugin-0.10.5-1.el7.x86_64.rpm is not installed\r\n(2\/10): docker-buildx-plugin-0.10.5-1.el7.x86_64.rpm                                                                                          |  12 MB  00:00:43\r\n(3\/10): containerd.io-1.6.21-3.1.el7.x86_64.rpm                                                                                               |  34 MB  00:02:11\r\n(4\/10): docker-ce-24.0.2-1.el7.x86_64.rpm                                                                                                     |  24 MB  00:01:42\r\n(5\/10): docker-ce-rootless-extras-24.0.2-1.el7.x86_64.rpm                                                                                     | 9.1 MB  00:00:40\r\n(6\/10): fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm                                                                                               |  54 kB  00:00:00\r\n(7\/10): fuse3-libs-3.6.1-4.el7.x86_64.rpm                                                                                                     |  82 kB  00:00:00\r\n(8\/10): docker-ce-cli-24.0.2-1.el7.x86_64.rpm                                                                                                 |  13 MB  00:00:57\r\nslirp4netns-0.4.3-4.el7_8.x86_ FAILED                                          ==================================================  ] 276 kB\/s | 102 MB  00:00:11 ETA\r\nhttp:\/\/mirror.lzu.edu.cn\/centos\/7.9.2009\/extras\/x86_64\/Packages\/slirp4netns-0.4.3-4.el7_8.x86_64.rpm: &#91;Errno 12] Timeout on http:\/\/mirror.lzu.edu.cn\/centos\/7.9.2009\/extras\/x86_64\/Packages\/slirp4netns-0.4.3-4.el7_8.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes\/sec transferred the last 30 seconds')\r\nTrying other mirror.\r\n(9\/10): slirp4netns-0.4.3-4.el7_8.x86_64.rpm                                                                                                  |  81 kB  00:00:00\r\n(10\/10): docker-compose-plugin-2.18.1-1.el7.x86_64.rpm                                                                                        |  12 MB  00:00:45\r\n---------------------------------------------------------------------------------------------------------------------------------------------------------------------\r\nTotal                                                                                                                                463 kB\/s | 105 MB  00:03:51\r\nRetrieving key from https:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/gpg\r\nImporting GPG key 0x621E9F35:\r\n Userid     : \"Docker Release (CE rpm) &lt;docker@docker.com>\"\r\n Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35\r\n From       : https:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/gpg\r\nIs this ok &#91;y\/N]: y\r\nRunning transaction check\r\nRunning transaction test\r\nTransaction test succeeded\r\nRunning transaction\r\n  Installing : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch                                                                                               1\/10\r\n  Installing : containerd.io-1.6.21-3.1.el7.x86_64                                                                                                              2\/10\r\n  Installing : docker-buildx-plugin-0.10.5-1.el7.x86_64                                                                                                         3\/10\r\n  Installing : slirp4netns-0.4.3-4.el7_8.x86_64                                                                                                                 4\/10\r\n  Installing : fuse3-libs-3.6.1-4.el7.x86_64                                                                                                                    5\/10\r\n  Installing : fuse-overlayfs-0.7.2-6.el7_8.x86_64                                                                                                              6\/10\r\n  Installing : docker-compose-plugin-2.18.1-1.el7.x86_64                                                                                                        7\/10\r\n  Installing : 1:docker-ce-cli-24.0.2-1.el7.x86_64                                                                                                              8\/10\r\n  Installing : docker-ce-rootless-extras-24.0.2-1.el7.x86_64                                                                                                    9\/10\r\n  Installing : 3:docker-ce-24.0.2-1.el7.x86_64                                                                                                                 10\/10\r\n  Verifying  : 3:docker-ce-24.0.2-1.el7.x86_64                                                                                                                  1\/10\r\n  Verifying  : docker-compose-plugin-2.18.1-1.el7.x86_64                                                                                                        2\/10\r\n  Verifying  : fuse3-libs-3.6.1-4.el7.x86_64                                                                                                                    3\/10\r\n  Verifying  : fuse-overlayfs-0.7.2-6.el7_8.x86_64                                                                                                              4\/10\r\n  Verifying  : containerd.io-1.6.21-3.1.el7.x86_64                                                                                                              5\/10\r\n  Verifying  : slirp4netns-0.4.3-4.el7_8.x86_64                                                                                                                 6\/10\r\n  Verifying  : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch                                                                                               7\/10\r\n  Verifying  : 1:docker-ce-cli-24.0.2-1.el7.x86_64                                                                                                              8\/10\r\n  Verifying  : docker-ce-rootless-extras-24.0.2-1.el7.x86_64                                                                                                    9\/10\r\n  Verifying  : docker-buildx-plugin-0.10.5-1.el7.x86_64                                                                                                        10\/10\r\n\r\nInstalled:\r\n  containerd.io.x86_64 0:1.6.21-3.1.el7    docker-ce.x86_64 3:24.0.2-1.el7    docker-ce-cli.x86_64 1:24.0.2-1.el7    docker-compose-plugin.x86_64 0:2.18.1-1.el7\r\n\r\nDependency Installed:\r\n  container-selinux.noarch 2:2.119.2-1.911c772.el7_8        docker-buildx-plugin.x86_64 0:0.10.5-1.el7        docker-ce-rootless-extras.x86_64 0:24.0.2-1.el7\r\n  fuse-overlayfs.x86_64 0:0.7.2-6.el7_8                     fuse3-libs.x86_64 0:3.6.1-4.el7                   slirp4netns.x86_64 0:0.4.3-4.el7_8\r\n\r\nComplete!\r\n&#91;root@vm249 ~]# yum install systemd-resolved\r\nLoaded plugins: fastestmirror, langpacks\r\nRepository base is listed more than once in the configuration\r\nRepository updates is listed more than once in the configuration\r\nRepository extras is listed more than once in the configuration\r\nRepository centosplus is listed more than once in the configuration\r\nLoading mirror speeds from cached hostfile\r\n * base: mirrors.bfsu.edu.cn\r\n * extras: mirrors.bfsu.edu.cn\r\n * updates: mirrors.bfsu.edu.cn\r\nResolving Dependencies\r\n--> Running transaction check\r\n---> Package systemd-resolved.x86_64 0:219-78.el7_9.7 will be installed\r\n--> Processing Dependency: systemd = 219-78.el7_9.7 for package: systemd-resolved-219-78.el7_9.7.x86_64\r\n--> Running transaction check\r\n---> Package systemd.x86_64 0:219-78.el7 will be updated\r\n--> Processing Dependency: systemd = 219-78.el7 for package: systemd-python-219-78.el7.x86_64\r\n--> Processing Dependency: systemd = 219-78.el7 for package: systemd-sysv-219-78.el7.x86_64\r\n---> Package systemd.x86_64 0:219-78.el7_9.7 will be an update\r\n--> Processing Dependency: systemd-libs = 219-78.el7_9.7 for package: systemd-219-78.el7_9.7.x86_64\r\n--> Running transaction check\r\n---> Package systemd-libs.x86_64 0:219-78.el7 will be updated\r\n--> Processing Dependency: systemd-libs = 219-78.el7 for package: libgudev1-219-78.el7.x86_64\r\n---> Package systemd-libs.x86_64 0:219-78.el7_9.7 will be an update\r\n---> Package systemd-python.x86_64 0:219-78.el7 will be updated\r\n---> Package systemd-python.x86_64 0:219-78.el7_9.7 will be an update\r\n---> Package systemd-sysv.x86_64 0:219-78.el7 will be updated\r\n---> Package systemd-sysv.x86_64 0:219-78.el7_9.7 will be an update\r\n--> Running transaction check\r\n---> Package libgudev1.x86_64 0:219-78.el7 will be updated\r\n---> Package libgudev1.x86_64 0:219-78.el7_9.7 will be an update\r\n--> Finished Dependency Resolution\r\n\r\nDependencies Resolved\r\n\r\n=====================================================================================================================================================================\r\n Package                                     Arch                              Version                                      Repository                          Size\r\n=====================================================================================================================================================================\r\nInstalling:\r\n systemd-resolved                            x86_64                            219-78.el7_9.7                               updates                            422 k\r\nUpdating for dependencies:\r\n libgudev1                                   x86_64                            219-78.el7_9.7                               updates                            110 k\r\n systemd                                     x86_64                            219-78.el7_9.7                               updates                            5.1 M\r\n systemd-libs                                x86_64                            219-78.el7_9.7                               updates                            419 k\r\n systemd-python                              x86_64                            219-78.el7_9.7                               updates                            146 k\r\n systemd-sysv                                x86_64                            219-78.el7_9.7                               updates                             97 k\r\n\r\nTransaction Summary\r\n=====================================================================================================================================================================\r\nInstall  1 Package\r\nUpgrade             ( 5 Dependent packages)\r\n\r\nTotal download size: 6.2 M\r\nIs this ok &#91;y\/d\/N]: y\r\nDownloading packages:\r\nNo Presto metadata available for updates\r\n(1\/6): libgudev1-219-78.el7_9.7.x86_64.rpm                                                                                                    | 110 kB  00:00:00\r\n(2\/6): systemd-python-219-78.el7_9.7.x86_64.rpm                                                                                               | 146 kB  00:00:00\r\n(3\/6): systemd-sysv-219-78.el7_9.7.x86_64.rpm                                                                                                 |  97 kB  00:00:00\r\n(4\/6): systemd-resolved-219-78.el7_9.7.x86_64.rpm                                                                                             | 422 kB  00:00:00\r\n(5\/6): systemd-219-78.el7_9.7.x86_64.rpm                                                                                                      | 5.1 MB  00:00:02\r\nsystemd-libs-219-78.el7_9.7.x8 FAILED\r\nhttp:\/\/ftp.ksu.edu.tw\/pub\/CentOS\/7.9.2009\/updates\/x86_64\/Packages\/systemd-libs-219-78.el7_9.7.x86_64.rpm: &#91;Errno 12] Timeout on http:\/\/ftp.ksu.edu.tw\/pub\/CentOS\/7.9.2009\/updates\/x86_64\/Packages\/systemd-libs-219-78.el7_9.7.x86_64.rpm: (28, 'Connection timed out after 30001 milliseconds')\r\nTrying other mirror.\r\n(6\/6): systemd-libs-219-78.el7_9.7.x86_64.rpm                                                                                                 | 419 kB  00:00:00\r\n---------------------------------------------------------------------------------------------------------------------------------------------------------------------\r\nTotal                                                                                                                                211 kB\/s | 6.2 MB  00:00:30\r\nRunning transaction check\r\nRunning transaction test\r\nTransaction test succeeded\r\nRunning transaction\r\n  Updating   : systemd-libs-219-78.el7_9.7.x86_64                                                                                                               1\/11\r\n  Updating   : systemd-219-78.el7_9.7.x86_64                                                                                                                    2\/11\r\n  Updating   : systemd-sysv-219-78.el7_9.7.x86_64                                                                                                               3\/11\r\n  Installing : systemd-resolved-219-78.el7_9.7.x86_64                                                                                                           4\/11\r\n  Updating   : systemd-python-219-78.el7_9.7.x86_64                                                                                                             5\/11\r\n  Updating   : libgudev1-219-78.el7_9.7.x86_64                                                                                                                  6\/11\r\n  Cleanup    : systemd-sysv-219-78.el7.x86_64                                                                                                                   7\/11\r\n  Cleanup    : systemd-python-219-78.el7.x86_64                                                                                                                 8\/11\r\n  Cleanup    : systemd-219-78.el7.x86_64                                                                                                                        9\/11\r\n  Cleanup    : libgudev1-219-78.el7.x86_64                                                                                                                     10\/11\r\n  Cleanup    : systemd-libs-219-78.el7.x86_64                                                                                                                  11\/11\r\n  Verifying  : systemd-libs-219-78.el7_9.7.x86_64                                                                                                               1\/11\r\n  Verifying  : systemd-219-78.el7_9.7.x86_64                                                                                                                    2\/11\r\n  Verifying  : systemd-sysv-219-78.el7_9.7.x86_64                                                                                                               3\/11\r\n  Verifying  : systemd-resolved-219-78.el7_9.7.x86_64                                                                                                           4\/11\r\n  Verifying  : systemd-python-219-78.el7_9.7.x86_64                                                                                                             5\/11\r\n  Verifying  : libgudev1-219-78.el7_9.7.x86_64                                                                                                                  6\/11\r\n  Verifying  : systemd-python-219-78.el7.x86_64                                                                                                                 7\/11\r\n  Verifying  : systemd-sysv-219-78.el7.x86_64                                                                                                                   8\/11\r\n  Verifying  : systemd-libs-219-78.el7.x86_64                                                                                                                   9\/11\r\n  Verifying  : libgudev1-219-78.el7.x86_64                                                                                                                     10\/11\r\n  Verifying  : systemd-219-78.el7.x86_64                                                                                                                       11\/11\r\n\r\nInstalled:\r\n  systemd-resolved.x86_64 0:219-78.el7_9.7\r\n\r\nDependency Updated:\r\n  libgudev1.x86_64 0:219-78.el7_9.7        systemd.x86_64 0:219-78.el7_9.7     systemd-libs.x86_64 0:219-78.el7_9.7     systemd-python.x86_64 0:219-78.el7_9.7\r\n  systemd-sysv.x86_64 0:219-78.el7_9.7\r\n\r\nComplete!\r\n&#91;root@vm249 ~]# swapoff -a\r\n&#91;root@vm249 ~]# vi \/etc\/fstab\r\n&#91;root@vm249 ~]# setenforce 0\r\n&#91;root@vm249 ~]# sed -i 's\/^SELINUX=enforcing$\/SELINUX=permissive\/' \/etc\/selinux\/config\r\n&#91;root@vm249 ~]# systemctl stop firewalld\r\n&#91;root@vm249 ~]# systemctl disable firewalld\r\n&#91;root@vm249 ~]# cat &lt;&lt;EOF | sudo tee \/etc\/modules-load.d\/k8s.conf\r\n> overlay\r\n> br_netfilter\r\n> EOF\r\noverlay\r\nbr_netfilter\r\n&#91;root@vm249 ~]#\r\n&#91;root@vm249 ~]# sudo modprobe overlay\r\n&#91;root@vm249 ~]# sudo modprobe br_netfilter\r\n&#91;root@vm249 ~]# cat &lt;&lt;EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\r\n> net.bridge.bridge-nf-call-iptables  = 1\r\n> net.bridge.bridge-nf-call-ip6tables = 1\r\n> net.ipv4.ip_forward                 = 1\r\n> EOF\r\nnet.bridge.bridge-nf-call-iptables  = 1\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nnet.ipv4.ip_forward                 = 1\r\n&#91;root@vm249 ~]#\r\n&#91;root@vm249 ~]# # \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\r\n&#91;root@vm249 ~]# sudo sysctl --system\r\n* Applying \/usr\/lib\/sysctl.d\/00-system.conf ...\r\nnet.bridge.bridge-nf-call-ip6tables = 0\r\nnet.bridge.bridge-nf-call-iptables = 0\r\nnet.bridge.bridge-nf-call-arptables = 0\r\n* Applying \/usr\/lib\/sysctl.d\/10-default-yama-scope.conf ...\r\nkernel.yama.ptrace_scope = 0\r\n* Applying \/usr\/lib\/sysctl.d\/50-default.conf ...\r\nkernel.sysrq = 16\r\nkernel.core_uses_pid = 1\r\nkernel.kptr_restrict = 1\r\nnet.ipv4.conf.default.rp_filter = 1\r\nnet.ipv4.conf.all.rp_filter = 1\r\nnet.ipv4.conf.default.accept_source_route = 0\r\nnet.ipv4.conf.all.accept_source_route = 0\r\nnet.ipv4.conf.default.promote_secondaries = 1\r\nnet.ipv4.conf.all.promote_secondaries = 1\r\nfs.protected_hardlinks = 1\r\nfs.protected_symlinks = 1\r\n* Applying \/usr\/lib\/sysctl.d\/60-libvirtd.conf ...\r\nfs.aio-max-nr = 1048576\r\n* Applying \/etc\/sysctl.d\/99-sysctl.conf ...\r\n* Applying \/etc\/sysctl.d\/k8s.conf ...\r\nnet.bridge.bridge-nf-call-iptables = 1\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nnet.ipv4.ip_forward = 1\r\n* Applying \/etc\/sysctl.conf ...\r\n&#91;root@vm249 ~]# openssl genrsa -out ca.key 4096\r\nGenerating RSA private key, 4096 bit long modulus\r\n..............................................................................................................++\r\n......................................................................................++\r\ne is 65537 (0x10001)\r\n&#91;root@vm249 ~]# ll\r\ntotal 16\r\n-rw-------. 1 root root 4682 Feb  8 12:16 anaconda-ks.cfg\r\n-rw-r--r--. 1 root root 3243 Jun 26 16:59 ca.key\r\n-rw-------. 1 root root 3711 Feb  8 12:16 original-ks.cfg\r\ndrwxr-xr-x. 3 root root   49 Jun 25 20:04 software\r\n&#91;root@vm249 ~]# openssl req -x509 -new -nodes -sha512 -days 3650 \\\r\n>  -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\" \\\r\n>  -key ca.key \\\r\n>  -out ca.crt\r\n&#91;root@vm249 ~]# ll\r\ntotal 20\r\n-rw-------. 1 root root 4682 Feb  8 12:16 anaconda-ks.cfg\r\n-rw-r--r--. 1 root root 2029 Jun 26 17:00 ca.crt\r\n-rw-r--r--. 1 root root 3243 Jun 26 16:59 ca.key\r\n-rw-------. 1 root root 3711 Feb  8 12:16 original-ks.cfg\r\ndrwxr-xr-x. 3 root root   49 Jun 25 20:04 software\r\n&#91;root@vm249 ~]# openssl genrsa -out 172.16.3.249.key 4096\r\nGenerating RSA private key, 4096 bit long modulus\r\n................................++\r\n............................++\r\ne is 65537 (0x10001)\r\n&#91;root@vm249 ~]# openssl req -sha512 -new \\\r\n> >     -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\" \\\r\n> >     -key 172.16.3.249.key \\\r\n> >     -out 172.16.3.249.csr\r\nunknown option \/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\r\nreq &#91;options] &lt;infile >outfile\r\nwhere options  are\r\n -inform arg    input format - DER or PEM\r\n -outform arg   output format - DER or PEM\r\n -in arg        input file\r\n -out arg       output file\r\n -text          text form of request\r\n -pubkey        output public key\r\n -noout         do not output REQ\r\n -verify        verify signature on REQ\r\n -modulus       RSA modulus\r\n -nodes         don't encrypt the output key\r\n -engine e      use engine e, possibly a hardware device\r\n -subject       output the request's subject\r\n -passin        private key password source\r\n -key file      use the private key contained in file\r\n -keyform arg   key file format\r\n -keyout arg    file to send the key to\r\n -rand file:file:...\r\n                load the file (or the files in the directory) into\r\n                the random number generator\r\n -newkey rsa:bits generate a new RSA key of 'bits' in size\r\n -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\r\n -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\r\n -&#91;digest]      Digest to sign with (see openssl dgst -h for list)\r\n -config file   request template file.\r\n -subj arg      set or modify request subject\r\n -multivalue-rdn enable support for multivalued RDNs\r\n -new           new request.\r\n -batch         do not ask anything during request generation\r\n -x509          output a x509 structure instead of a cert. req.\r\n -days          number of days a certificate generated by -x509 is valid for.\r\n -set_serial    serial number to use for a certificate generated by -x509.\r\n -newhdr        output \"NEW\" in the header lines\r\n -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\r\n                have been reported as requiring\r\n -extensions .. specify certificate extension section (override value in config file)\r\n -reqexts ..    specify request extension section (override value in config file)\r\n -utf8          input characters are UTF8 (default ASCII)\r\n -nameopt arg    - various certificate name options\r\n -reqopt arg    - various request text options\r\n\r\n&#91;root@vm249 ~]# openssl req -sha512 -new >     -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\" >     -key 172.16.3.249.key >     -out 172.16.3.249.csr^C\r\n&#91;root@vm249 ~]# openssl req -sha512 -new \\\r\n>      -subj \"\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\" \\\r\n>      -key 172.16.3.249.key \\\r\n>      -out 172.16.3.249.csr\r\n&#91;root@vm249 ~]# ll\r\ntotal 28\r\n-rw-r--r--. 1 root root 1704 Jun 26 17:01 172.16.3.249.csr\r\n-rw-r--r--. 1 root root 3247 Jun 26 17:00 172.16.3.249.key\r\n-rw-------. 1 root root 4682 Feb  8 12:16 anaconda-ks.cfg\r\n-rw-r--r--. 1 root root 2029 Jun 26 17:00 ca.crt\r\n-rw-r--r--. 1 root root 3243 Jun 26 16:59 ca.key\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -key\r\n-rw-------. 1 root root 3711 Feb  8 12:16 original-ks.cfg\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -out\r\ndrwxr-xr-x. 3 root root   49 Jun 25 20:04 software\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -subj\r\n&#91;root@vm249 ~]# cat > v3.ext &lt;&lt;-EOF\r\n> authorityKeyIdentifier=keyid,issuer\r\n> basicConstraints=CA:FALSE\r\n> keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\r\n> extendedKeyUsage = serverAuth\r\n> subjectAltName = IP:172.16.3.249\r\n> EOF\r\n&#91;root@vm249 ~]# openssl x509 -req -sha512 -days 3650 \\\r\n>     -extfile v3.ext \\\r\n>     -CA ca.crt -CAkey ca.key -CAcreateserial \\\r\n>     -in 172.16.3.249.csr \\\r\n>     -out 172.16.3.249.crt\r\nSignature ok\r\nsubject=\/C=CN\/ST=Beijing\/L=Beijing\/O=example\/OU=Personal\/CN=172.16.3.249\r\nGetting CA Private Key\r\n&#91;root@vm249 ~]# mkdir -p \/data\/cert\r\n&#91;root@vm249 ~]# cp 172.16.3.249.crt  \/data\/cert\/\r\n&#91;root@vm249 ~]# cp 172.16.3.249.key  \/data\/cert\/\r\n&#91;root@vm249 ~]# ll\r\ntotal 40\r\n-rw-r--r--. 1 root root 2053 Jun 26 17:02 172.16.3.249.crt\r\n-rw-r--r--. 1 root root 1704 Jun 26 17:01 172.16.3.249.csr\r\n-rw-r--r--. 1 root root 3247 Jun 26 17:00 172.16.3.249.key\r\n-rw-------. 1 root root 4682 Feb  8 12:16 anaconda-ks.cfg\r\n-rw-r--r--. 1 root root 2029 Jun 26 17:00 ca.crt\r\n-rw-r--r--. 1 root root 3243 Jun 26 16:59 ca.key\r\n-rw-r--r--. 1 root root   17 Jun 26 17:02 ca.srl\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -key\r\n-rw-------. 1 root root 3711 Feb  8 12:16 original-ks.cfg\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -out\r\ndrwxr-xr-x. 3 root root   49 Jun 25 20:04 software\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -subj\r\n-rw-r--r--. 1 root root  204 Jun 26 17:02 v3.ext\r\n&#91;root@vm249 ~]# openssl x509 -inform PEM -in 172.16.3.249.crt -out 172.16.3.249.cert\r\n&#91;root@vm249 ~]# ll\r\ntotal 44\r\n-rw-r--r--. 1 root root 2053 Jun 26 17:03 172.16.3.249.cert\r\n-rw-r--r--. 1 root root 2053 Jun 26 17:02 172.16.3.249.crt\r\n-rw-r--r--. 1 root root 1704 Jun 26 17:01 172.16.3.249.csr\r\n-rw-r--r--. 1 root root 3247 Jun 26 17:00 172.16.3.249.key\r\n-rw-------. 1 root root 4682 Feb  8 12:16 anaconda-ks.cfg\r\n-rw-r--r--. 1 root root 2029 Jun 26 17:00 ca.crt\r\n-rw-r--r--. 1 root root 3243 Jun 26 16:59 ca.key\r\n-rw-r--r--. 1 root root   17 Jun 26 17:02 ca.srl\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -key\r\n-rw-------. 1 root root 3711 Feb  8 12:16 original-ks.cfg\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -out\r\ndrwxr-xr-x. 3 root root   49 Jun 25 20:04 software\r\n-rw-r--r--. 1 root root    0 Jun 26 17:01 -subj\r\n-rw-r--r--. 1 root root  204 Jun 26 17:02 v3.ext\r\n&#91;root@vm249 ~]# mkdir -p \/etc\/docker\/certs.d\/172.16.3.249\/\r\n&#91;root@vm249 ~]# cp 172.16.3.249.cert \/etc\/docker\/certs.d\/172.16.3.249\/\r\n&#91;root@vm249 ~]# cp 172.16.3.249.key \/etc\/docker\/certs.d\/172.16.3.249\/\r\n&#91;root@vm249 ~]# cp ca.crt \/etc\/docker\/certs.d\/172.16.3.249\/\r\n&#91;root@vm249 ~]# ll \/etc\/docker\/certs.d\/172.16.3.249\/\r\ntotal 12\r\n-rw-r--r--. 1 root root 2053 Jun 26 17:04 172.16.3.249.cert\r\n-rw-r--r--. 1 root root 3247 Jun 26 17:04 172.16.3.249.key\r\n-rw-r--r--. 1 root root 2029 Jun 26 17:04 ca.crt\r\n&#91;root@vm249 ~]# mkdir \/etc\/docker\/certs.d\/172.16.3.249:8443^C\r\n&#91;root@vm249 ~]# cd \/etc\/docker\/certs.d\/\r\n&#91;root@vm249 certs.d]# ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 69 Jun 26 17:04 172.16.3.249\r\n&#91;root@vm249 certs.d]# mv 172.16.3.249 172.16.3.249:8443\r\n&#91;root@vm249 certs.d]# ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 69 Jun 26 17:04 172.16.3.249:8443\r\n&#91;root@vm249 certs.d]# systemctl restart docker\r\n&#91;root@vm249 certs.d]# journalctl  -u docker.service\r\n-- Logs begin at Thu 2023-02-09 06:20:43 PST, end at Mon 2023-06-26 17:05:42 PDT. --\r\nJun 26 17:05:42 vm249 systemd&#91;1]: Starting Docker Application Container Engine...\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.156371597-07:00\" level=info msg=\"Starting up\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.191182327-07:00\" level=info msg=\"Loading containers: start.\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.415895163-07:00\" level=info msg=\"Loading containers: done.\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.437600858-07:00\" level=info msg=\"Docker daemon\" commit=659604f graphdriver=overlay2 version=24.0.2\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.438899998-07:00\" level=info msg=\"Daemon has completed initialization\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.478909857-07:00\" level=info msg=\"API listen on \/run\/docker.sock\"\r\nJun 26 17:05:42 vm249 systemd&#91;1]: Started Docker Application Container Engine.\r\n&#91;root@vm249 certs.d]# journalctl  -u docker.service  -n 100 -f\r\n-- Logs begin at Thu 2023-02-09 06:20:43 PST. --\r\nJun 26 17:05:42 vm249 systemd&#91;1]: Starting Docker Application Container Engine...\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.156371597-07:00\" level=info msg=\"Starting up\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.191182327-07:00\" level=info msg=\"Loading containers: start.\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.415895163-07:00\" level=info msg=\"Loading containers: done.\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.437600858-07:00\" level=info msg=\"Docker daemon\" commit=659604f graphdriver=overlay2 version=24.0.2\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.438899998-07:00\" level=info msg=\"Daemon has completed initialization\"\r\nJun 26 17:05:42 vm249 dockerd&#91;129391]: time=\"2023-06-26T17:05:42.478909857-07:00\" level=info msg=\"API listen on \/run\/docker.sock\"\r\nJun 26 17:05:42 vm249 systemd&#91;1]: Started Docker Application Container Engine.\r\n^C\r\n&#91;root@vm249 certs.d]# date\r\nMon Jun 26 17:06:13 PDT 2023\r\n&#91;root@vm249 certs.d]# cd\r\n&#91;root@vm249 ~]# wget https:\/\/github.com\/goharbor\/harbor\/releases\/download\/v2.8.2\/harbor-online-installer-v2.8.2.tgz\r\n--2023-06-26 17:09:40--  https:\/\/github.com\/goharbor\/harbor\/releases\/download\/v2.8.2\/harbor-online-installer-v2.8.2.tgz\r\nResolving github.com (github.com)... 20.205.243.166\r\nConnecting to github.com (github.com)|20.205.243.166|:443... connected.\r\n^C\r\n&#91;root@vm249 ~]# wget https:\/\/github.com\/goharbor\/harbor\/releases\/download\/v2.8.2\/harbor-online-installer-v2.8.2.tgz\r\n--2023-06-26 17:10:04--  https:\/\/github.com\/goharbor\/harbor\/releases\/download\/v2.8.2\/harbor-online-installer-v2.8.2.tgz\r\nResolving github.com (github.com)... 20.205.243.166\r\nConnecting to github.com (github.com)|20.205.243.166|:443... connected.\r\n^C\r\n&#91;root@vm249 ~]# ll\r\ntotal 56\r\n-rw-r--r--. 1 root root  2053 Jun 26 17:03 172.16.3.249.cert\r\n-rw-r--r--. 1 root root  2053 Jun 26 17:02 172.16.3.249.crt\r\n-rw-r--r--. 1 root root  1704 Jun 26 17:01 172.16.3.249.csr\r\n-rw-r--r--. 1 root root  3247 Jun 26 17:00 172.16.3.249.key\r\n-rw-------. 1 root root  4682 Feb  8 12:16 anaconda-ks.cfg\r\n-rw-r--r--. 1 root root  2029 Jun 26 17:00 ca.crt\r\n-rw-r--r--. 1 root root  3243 Jun 26 16:59 ca.key\r\n-rw-r--r--. 1 root root    17 Jun 26 17:02 ca.srl\r\n-rw-r--r--. 1 root root 11032 Jun 26 17:10 harbor-online-installer-v2.8.2.tgz\r\n-rw-r--r--. 1 root root     0 Jun 26 17:01 -key\r\n-rw-------. 1 root root  3711 Feb  8 12:16 original-ks.cfg\r\n-rw-r--r--. 1 root root     0 Jun 26 17:01 -out\r\ndrwxr-xr-x. 3 root root    49 Jun 25 20:04 software\r\n-rw-r--r--. 1 root root     0 Jun 26 17:01 -subj\r\n-rw-r--r--. 1 root root   204 Jun 26 17:02 v3.ext\r\n&#91;root@vm249 ~]# tar xvf harbor-online-installer-v2.8.2.tgz\r\nharbor\/prepare\r\nharbor\/LICENSE\r\nharbor\/install.sh\r\nharbor\/common.sh\r\nharbor\/harbor.yml.tmpl\r\n&#91;root@vm249 ~]# cd harbor\/\r\n&#91;root@vm249 harbor]# ll\r\ntotal 36\r\n-rw-r--r--. 1 root root  3639 Jun  2 04:46 common.sh\r\n-rw-r--r--. 1 root root 11736 Jun  2 04:46 harbor.yml.tmpl\r\n-rwxr-xr-x. 1 root root  2725 Jun  2 04:46 install.sh\r\n-rw-r--r--. 1 root root 11347 Jun  2 04:46 LICENSE\r\n-rwxr-xr-x. 1 root root  1881 Jun  2 04:46 prepare\r\n&#91;root@vm249 harbor]# vi harbor.yml.tmpl ^C\r\n&#91;root@vm249 harbor]# cp harbor.yml.tmpl  harbor.yml\r\n&#91;root@vm249 harbor]# vi harbor.yml\r\n&#91;root@vm249 harbor]# .\/install.sh\r\n\r\n&#91;Step 0]: checking if docker is installed ...\r\n\r\nNote: docker version: 24.0.2\r\n\r\n&#91;Step 1]: checking docker-compose is installed ...\r\n\r\nNote: Docker Compose version v2.18.1\r\n\r\n\r\n&#91;Step 2]: preparing environment ...\r\n\r\n&#91;Step 3]: preparing harbor configs ...\r\nprepare base dir is set to \/root\/harbor\r\nUnable to find image 'goharbor\/prepare:v2.8.2' locally\r\nv2.8.2: Pulling from goharbor\/prepare\r\n06212d50621c: Pull complete\r\nc43a11a41dd8: Pull complete\r\n9e83342251c5: Pull complete\r\n628dbbe4d69c: Pull complete\r\ne02a6cdc2a2e: Pull complete\r\n74305682af4e: Pull complete\r\nd714712cc6df: Pull complete\r\n2e443303cc8f: Pull complete\r\n7b608b2485a2: Pull complete\r\ndcd76662a9cc: Pull complete\r\nDigest: sha256:72252d93c32f774567400834b95e5446706106ff51efac2a20523238617d760d\r\nStatus: Downloaded newer image for goharbor\/prepare:v2.8.2\r\nGenerated configuration file: \/config\/portal\/nginx.conf\r\nGenerated configuration file: \/config\/log\/logrotate.conf\r\nGenerated configuration file: \/config\/log\/rsyslog_docker.conf\r\nGenerated configuration file: \/config\/nginx\/nginx.conf\r\nGenerated configuration file: \/config\/core\/env\r\nGenerated configuration file: \/config\/core\/app.conf\r\nGenerated configuration file: \/config\/registry\/config.yml\r\nGenerated configuration file: \/config\/registryctl\/env\r\nGenerated configuration file: \/config\/registryctl\/config.yml\r\nGenerated configuration file: \/config\/db\/env\r\nGenerated configuration file: \/config\/jobservice\/env\r\nGenerated configuration file: \/config\/jobservice\/config.yml\r\nGenerated and saved secret to file: \/data\/secret\/keys\/secretkey\r\nSuccessfully called func: create_root_cert\r\nGenerated configuration file: \/compose_location\/docker-compose.yml\r\nClean up the input dir\r\n\r\n\r\nNote: stopping existing Harbor instance ...\r\n\r\n\r\n&#91;Step 4]: starting Harbor ...\r\n&#91;+] Running 60\/11\r\n \u2714 proxy 2 layers &#91;\u28ff\u28ff]      0B\/0B      Pulled                                                                                                                  27.1s\r\n \u2714 portal 3 layers &#91;\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                               115.4s\r\n \u2714 log 7 layers &#91;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                              133.2s\r\n \u2714 postgresql 10 layers &#91;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                    69.9s\r\n \u2714 core 9 layers &#91;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                            43.6s\r\n \u2714 registry 5 layers &#91;\u28ff\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                            16.0s\r\n \u2714 registryctl 6 layers &#91;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                        99.7s\r\n \u2714 redis 4 layers &#91;\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                               128.6s\r\n \u2714 jobservice 5 layers &#91;\u28ff\u28ff\u28ff\u28ff\u28ff]      0B\/0B      Pulled                                                                                                          88.9s\r\n\r\n\r\n&#91;+] Building 0.0s (0\/0)\r\n&#91;+] Running 10\/10\r\n \u2714 Network harbor_harbor        Created                                                                                                                         0.1s\r\n \u2714 Container harbor-log         Started                                                                                                                         1.2s\r\n \u2714 Container registryctl        Started                                                                                                                         1.9s\r\n \u2714 Container harbor-portal      Started                                                                                                                         1.5s\r\n \u2714 Container redis              Started                                                                                                                         2.1s\r\n \u2714 Container harbor-db          Started                                                                                                                         1.9s\r\n \u2714 Container registry           Started                                                                                                                         1.8s\r\n \u2714 Container harbor-core        Started                                                                                                                         2.4s\r\n \u2714 Container nginx              Started                                                                                                                         3.6s\r\n \u2714 Container harbor-jobservice  Started                                                                                                                         3.5s\r\n\u2714 ----Harbor has been installed and started successfully.----\r\n&#91;root@vm249 harbor]# cat harbor.yml\r\n# Configuration file of Harbor\r\n\r\n# The IP address or hostname to access admin UI and registry service.\r\n# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.\r\nhostname: 172.16.3.249\r\n\r\n# http related config\r\nhttp:\r\n  # port for http, default is 80. If https enabled, this port will redirect to https port\r\n  port: 8080\r\n\r\n# https related config\r\nhttps:\r\n  # https port for harbor, default is 443\r\n  port: 8443\r\n  # The path of cert and key files for nginx\r\n  certificate: \/data\/cert\/172.16.3.249.crt\r\n  private_key: \/data\/cert\/172.16.3.249.key\r\n\r\n# # Uncomment following will enable tls communication between all harbor components\r\n# internal_tls:\r\n#   # set enabled to true means internal tls is enabled\r\n#   enabled: true\r\n#   # put your cert and key files on dir\r\n#   dir: \/etc\/harbor\/tls\/internal\r\n\r\n# Uncomment external_url if you want to enable external proxy\r\n# And when it enabled the hostname will no longer used\r\n# external_url: https:\/\/reg.mydomain.com:8433\r\n\r\n# The initial password of Harbor admin\r\n# It only works in first time to install harbor\r\n# Remember Change the admin password from UI after launching Harbor.\r\nharbor_admin_password: Harbor12345\r\n\r\n# Harbor DB configuration\r\ndatabase:\r\n  # The password for the root user of Harbor DB. Change this before any production use.\r\n  password: root123\r\n  # The maximum number of connections in the idle connection pool. If it &lt;=0, no idle connections are retained.\r\n  max_idle_conns: 100\r\n  # The maximum number of open connections to the database. If it &lt;= 0, then there is no limit on the number of open connections.\r\n  # Note: the default number of connections is 1024 for postgres of harbor.\r\n  max_open_conns: 900\r\n  # The maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse. If it &lt;= 0, connections are not closed due to a connection's age.\r\n  # The value is a duration string. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".\r\n  conn_max_lifetime: 5m\r\n  # The maximum amount of time a connection may be idle. Expired connections may be closed lazily before reuse. If it &lt;= 0, connections are not closed due to a connection's idle time.\r\n  # The value is a duration string. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".\r\n  conn_max_idle_time: 0\r\n\r\n# The default data volume\r\ndata_volume: \/data\r\n\r\n# Harbor Storage settings by default is using \/data dir on local filesystem\r\n# Uncomment storage_service setting If you want to using external storage\r\n# storage_service:\r\n#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore\r\n#   # of registry's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.\r\n#   ca_bundle:\r\n\r\n#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss\r\n#   # for more info about this configuration please refer https:\/\/docs.docker.com\/registry\/configuration\/\r\n#   filesystem:\r\n#     maxthreads: 100\r\n#   # set disable to true when you want to disable registry redirect\r\n#   redirect:\r\n#     disable: false\r\n\r\n# Trivy configuration\r\n#\r\n# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.\r\n# It is downloaded by Trivy from the GitHub release page https:\/\/github.com\/aquasecurity\/trivy-db\/releases and cached\r\n# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it\r\n# should download a newer version from the Internet or use the cached one. Currently, the database is updated every\r\n# 12 hours and published as a new release to GitHub.\r\ntrivy:\r\n  # ignoreUnfixed The flag to display only fixed vulnerabilities\r\n  ignore_unfixed: false\r\n  # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub\r\n  #\r\n  # You might want to enable this flag in test or CI\/CD environments to avoid GitHub rate limiting issues.\r\n  # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and\r\n  # `metadata.json` files and mount them in the `\/home\/scanner\/.cache\/trivy\/db` path.\r\n  skip_update: false\r\n  #\r\n  # The offline_scan option prevents Trivy from sending API requests to identify dependencies.\r\n  # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.\r\n  # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't\r\n  # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode.\r\n  # It would work if all the dependencies are in local.\r\n  # This option doesn't affect DB download. You need to specify \"skip-update\" as well as \"offline-scan\" in an air-gapped environment.\r\n  offline_scan: false\r\n  #\r\n  # Comma-separated list of what security issues to detect. Possible values are `vuln`, `config` and `secret`. Defaults to `vuln`.\r\n  security_check: vuln\r\n  #\r\n  # insecure The flag to skip verifying registry certificate\r\n  insecure: false\r\n  # github_token The GitHub access token to download Trivy DB\r\n  #\r\n  # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough\r\n  # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000\r\n  # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult\r\n  # https:\/\/developer.github.com\/v3\/#rate-limiting\r\n  #\r\n  # You can create a GitHub token by following the instructions in\r\n  # https:\/\/help.github.com\/en\/github\/authenticating-to-github\/creating-a-personal-access-token-for-the-command-line\r\n  #\r\n  # github_token: xxx\r\n\r\njobservice:\r\n  # Maximum number of job workers in job service\r\n  max_job_workers: 10\r\n  # The jobLogger sweeper duration (ignored if `jobLogger` is `stdout`)\r\n  logger_sweeper_duration: 1 #days\r\n\r\nnotification:\r\n  # Maximum retry count for webhook job\r\n  webhook_job_max_retry: 3\r\n  # HTTP client timeout for webhook job\r\n  webhook_job_http_client_timeout: 3 #seconds\r\n\r\n# Log configurations\r\nlog:\r\n  # options are debug, info, warning, error, fatal\r\n  level: info\r\n  # configs for logs in local storage\r\n  local:\r\n    # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.\r\n    rotate_count: 50\r\n    # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.\r\n    # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G\r\n    # are all valid.\r\n    rotate_size: 200M\r\n    # The directory on your host that store log\r\n    location: \/var\/log\/harbor\r\n\r\n  # Uncomment following lines to enable external syslog endpoint.\r\n  # external_endpoint:\r\n  #   # protocol used to transmit log to external endpoint, options is tcp or udp\r\n  #   protocol: tcp\r\n  #   # The host of external endpoint\r\n  #   host: localhost\r\n  #   # Port of external endpoint\r\n  #   port: 5140\r\n\r\n#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!\r\n_version: 2.8.0\r\n\r\n# Uncomment external_database if using external database.\r\n# external_database:\r\n#   harbor:\r\n#     host: harbor_db_host\r\n#     port: harbor_db_port\r\n#     db_name: harbor_db_name\r\n#     username: harbor_db_username\r\n#     password: harbor_db_password\r\n#     ssl_mode: disable\r\n#     max_idle_conns: 2\r\n#     max_open_conns: 0\r\n#   notary_signer:\r\n#     host: notary_signer_db_host\r\n#     port: notary_signer_db_port\r\n#     db_name: notary_signer_db_name\r\n#     username: notary_signer_db_username\r\n#     password: notary_signer_db_password\r\n#     ssl_mode: disable\r\n#   notary_server:\r\n#     host: notary_server_db_host\r\n#     port: notary_server_db_port\r\n#     db_name: notary_server_db_name\r\n#     username: notary_server_db_username\r\n#     password: notary_server_db_password\r\n#     ssl_mode: disable\r\n\r\n# Uncomment external_redis if using external Redis server\r\n# external_redis:\r\n#   # support redis, redis+sentinel\r\n#   # host for redis: &lt;host_redis>:&lt;port_redis>\r\n#   # host for redis+sentinel:\r\n#   #  &lt;host_sentinel1>:&lt;port_sentinel1>,&lt;host_sentinel2>:&lt;port_sentinel2>,&lt;host_sentinel3>:&lt;port_sentinel3>\r\n#   host: redis:6379\r\n#   password:\r\n#   # Redis AUTH command was extended in Redis 6, it is possible to use it in the two-arguments AUTH &lt;username> &lt;password> form.\r\n#   # username:\r\n#   # sentinel_master_set must be set to support redis+sentinel\r\n#   #sentinel_master_set:\r\n#   # db_index 0 is for core, it's unchangeable\r\n#   registry_db_index: 1\r\n#   jobservice_db_index: 2\r\n#   trivy_db_index: 5\r\n#   idle_timeout_seconds: 30\r\n\r\n# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.\r\n# uaa:\r\n#   ca_file: \/path\/to\/ca\r\n\r\n# Global proxy\r\n# Config http proxy for components, e.g. http:\/\/my.proxy.com:3128\r\n# Components doesn't need to connect to each others via http proxy.\r\n# Remove component from `components` array if want disable proxy\r\n# for it. If you want use proxy for replication, MUST enable proxy\r\n# for core and jobservice, and set `http_proxy` and `https_proxy`.\r\n# Add domain to the `no_proxy` field, when you want disable proxy\r\n# for some special registry.\r\nproxy:\r\n  http_proxy:\r\n  https_proxy:\r\n  no_proxy:\r\n  components:\r\n    - core\r\n    - jobservice\r\n    - trivy\r\n\r\n# metric:\r\n#   enabled: false\r\n#   port: 9090\r\n#   path: \/metrics\r\n\r\n# Trace related config\r\n# only can enable one trace provider(jaeger or otel) at the same time,\r\n# and when using jaeger as provider, can only enable it with agent mode or collector mode.\r\n# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed\r\n# if using jaeger agetn mode uncomment agent_host and agent_port\r\n# trace:\r\n#   enabled: true\r\n#   # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth\r\n#   sample_rate: 1\r\n#   # # namespace used to differenciate different harbor services\r\n#   # namespace:\r\n#   # # attributes is a key value dict contains user defined attributes used to initialize trace provider\r\n#   # attributes:\r\n#   #   application: harbor\r\n#   # # jaeger should be 1.26 or newer.\r\n#   # jaeger:\r\n#   #   endpoint: http:\/\/hostname:14268\/api\/traces\r\n#   #   username:\r\n#   #   password:\r\n#   #   agent_host: hostname\r\n#   #   # export trace data by jaeger.thrift in compact mode\r\n#   #   agent_port: 6831\r\n#   # otel:\r\n#   #   endpoint: hostname:4318\r\n#   #   url_path: \/v1\/traces\r\n#   #   compression: false\r\n#   #   insecure: true\r\n#   #   timeout: 10s\r\n\r\n# Enable purge _upload directories\r\nupload_purging:\r\n  enabled: true\r\n  # remove files in _upload directories which exist for a period of time, default is one week.\r\n  age: 168h\r\n  # the interval of the purge operations\r\n  interval: 24h\r\n  dryrun: false\r\n\r\n# Cache layer configurations\r\n# If this feature enabled, harbor will cache the resource\r\n# `project\/project_metadata\/repository\/artifact\/manifest` in the redis\r\n# which can especially help to improve the performance of high concurrent\r\n# manifest pulling.\r\n# NOTICE\r\n# If you are deploying Harbor in HA mode, make sure that all the harbor\r\n# instances have the same behaviour, all with caching enabled or disabled,\r\n# otherwise it can lead to potential data inconsistency.\r\ncache:\r\n  # not enabled by default\r\n  enabled: false\r\n  # keep cache for one day by default\r\n  expire_hours: 24\r\n&#91;root@vm249 harbor]# cat harbor.yml | grep pass\r\n# The initial password of Harbor admin\r\n# Remember Change the admin password from UI after launching Harbor.\r\nharbor_admin_password: Harbor12345\r\n  # The password for the root user of Harbor DB. Change this before any production use.\r\n  password: root123\r\n#     password: harbor_db_password\r\n#     password: notary_signer_db_password\r\n#     password: notary_server_db_password\r\n#   password:\r\n#   # Redis AUTH command was extended in Redis 6, it is possible to use it in the two-arguments AUTH &lt;username> &lt;password> form.\r\n# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed\r\n#   #   password:\r\n&#91;root@vm249 harbor]# docker ps\r\nCONTAINER ID   IMAGE                                COMMAND                  CREATED              STATUS                        PORTS                                                                                  NAMES\r\nfacae319c827   goharbor\/nginx-photon:v2.8.2         \"nginx -g 'daemon of\u2026\"   About a minute ago   Up About a minute (healthy)   0.0.0.0:8080->8080\/tcp, :::8080->8080\/tcp, 0.0.0.0:8443->8443\/tcp, :::8443->8443\/tcp   nginx\r\ne1ac0a3eeba4   goharbor\/harbor-jobservice:v2.8.2    \"\/harbor\/entrypoint.\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          harbor-jobservice\r\n3768487b45f7   goharbor\/harbor-core:v2.8.2          \"\/harbor\/entrypoint.\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          harbor-core\r\nea1996570673   goharbor\/harbor-db:v2.8.2            \"\/docker-entrypoint.\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          harbor-db\r\n7a69890bf969   goharbor\/registry-photon:v2.8.2      \"\/home\/harbor\/entryp\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          registry\r\ne2d7461138fc   goharbor\/harbor-registryctl:v2.8.2   \"\/home\/harbor\/start.\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          registryctl\r\nc3948d042541   goharbor\/harbor-portal:v2.8.2        \"nginx -g 'daemon of\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          harbor-portal\r\na88cf970d5fa   goharbor\/redis-photon:v2.8.2         \"redis-server \/etc\/r\u2026\"   About a minute ago   Up About a minute (healthy)                                                                                          redis\r\n3cca3b17f6da   goharbor\/harbor-log:v2.8.2           \"\/bin\/sh -c \/usr\/loc\u2026\"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514\/tcp                                                              harbor-log\r\n&#91;root@vm249 harbor]# ll \/etc\/docker\/\r\ntotal 0\r\ndrwxr-xr-x. 3 root root 31 Jun 26 17:05 certs.d\r\n&#91;root@vm249 harbor]# vi \/etc\/docker\/^C\r\n&#91;root@vm249 harbor]# ll\r\ntotal 56\r\ndrwxr-xr-x. 3 root root    20 Jun 26 17:17 common\r\n-rw-r--r--. 1 root root  3639 Jun  2 04:46 common.sh\r\n-rw-r--r--. 1 root root  5892 Jun 26 17:17 docker-compose.yml\r\n-rw-r--r--. 1 root root 11745 Jun 26 17:16 harbor.yml\r\n-rw-r--r--. 1 root root 11736 Jun  2 04:46 harbor.yml.tmpl\r\n-rwxr-xr-x. 1 root root  2725 Jun  2 04:46 install.sh\r\n-rw-r--r--. 1 root root 11347 Jun  2 04:46 LICENSE\r\n-rwxr-xr-x. 1 root root  1881 Jun  2 04:46 prepare\r\n&#91;root@vm249 harbor]# docker images\r\nREPOSITORY                    TAG       IMAGE ID       CREATED       SIZE\r\ngoharbor\/redis-photon         v2.8.2    6f4498a430ca   3 weeks ago   121MB\r\ngoharbor\/harbor-registryctl   v2.8.2    fa61a236a6d6   3 weeks ago   142MB\r\ngoharbor\/registry-photon      v2.8.2    f80e71363231   3 weeks ago   79.3MB\r\ngoharbor\/nginx-photon         v2.8.2    3d009028f260   3 weeks ago   120MB\r\ngoharbor\/harbor-log           v2.8.2    2914d282d9bf   3 weeks ago   127MB\r\ngoharbor\/harbor-jobservice    v2.8.2    40118f1568a8   3 weeks ago   141MB\r\ngoharbor\/harbor-core          v2.8.2    0bbbd1f379fc   3 weeks ago   165MB\r\ngoharbor\/harbor-portal        v2.8.2    3e74e0758aa4   3 weeks ago   127MB\r\ngoharbor\/harbor-db            v2.8.2    5126635ae9f0   3 weeks ago   174MB\r\ngoharbor\/prepare              v2.8.2    eb3cf3cdd17a   3 weeks ago   163MB\r\n&#91;root@vm249 harbor]#\r\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%8F%82%E8%80%83\"><\/span>\u53c2\u8003<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>https:\/\/goharbor.io\/docs\/2.0.0\/install-config\/configure-https\/<\/p>\n\n\n\n<p><a href=\"https:\/\/blog.csdn.net\/networken\/article\/details\/107502461\">https:\/\/blog.csdn.net\/networken\/article\/details\/107502461<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>GCDW\u662fGBase \u7684\u4e91\u6570\u4ed3\u7248\u672c(GBase Cloud Database Warehouse)\uff0c \u5176\u8fd0\u884c\u5728k8s\u4e0a\uff0c\u955c\u50cf\u8981\u4ece\u4e0a\u4f20\u5230\u955c\u50cf\u4ed3\u5e93\uff0c\u5728\u5b89\u88c5\u90e8\u7f72\u65f6\u5404\u4e2a\u8282\u70b9\u518d\u4ece\u955c\u50cf\u4ed3\u5e93\u540c\u65f6\u62c9\u53d6\u3002\u672c\u6587\u4ecb\u7ecdharbor\u5b89\u88c5\u914d\u7f6e\u65b9\u6cd5\uff0c\u7279\u522b\u662f\u542f\u7528https\u670d\u52a1\u7684\u65b9\u6cd5\u3002<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[115,120],"class_list":["post-10741","post","type-post","status-publish","format-standard","hentry","category-gbase8a","tag-gcdw","tag-docker"],"_links":{"self":[{"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/posts\/10741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/comments?post=10741"}],"version-history":[{"count":54,"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/posts\/10741\/revisions"}],"predecessor-version":[{"id":12232,"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/posts\/10741\/revisions\/12232"}],"wp:attachment":[{"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/media?parent=10741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/categories?post=10741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gbase8.cn\/en\/wp-json\/wp\/v2\/tags?post=10741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}