# Search in the directory where the previously checked docker-compose.yml is located.grep-A20'nginx-photon'docker-compose.yml#Checkthecertdirectoryinthevolumesbelow.volumes:-./common/config/nginx:/etc/nginx:z-/data/harbor/secret/cert:/etc/cert:z-type:bindsource:./common/config/shared/trust-certificatestarget:/harbor_cust_cert
5. Replace the certificate with the public SSL certificate.
$cd/app/data/harbor/secret/cert$ls-lrt-rw-------110000100005055Apr1111:10server.crt-rw-------110000100001679Apr1111:11server.key#Backuptherespectivecertificates.$sudocpserver.crtold_server.crt$sudocpserver.keyold_server.key# Replace the file with the assigned certificate.#(The permissions of the actual certificate should be set to 10000:10000.)#(PEM format file for Nginx) -ex) Wildcard.k-paas.io_pem.pem$sudotee/app/data/harbor/secret/cert/server.crt<<EOF-----BEGIN CERTIFICATE-----MIIGSDCCBTCgAwIBAgIMD/LYBjs... (Skip)-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIET... (Skip)-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==-----END CERTIFICATE-----EOFsudotee/app/data/harbor/secret/cert/server.key<<EOF-----BEGIN RSA PRIVATE KEY-----MIIEpAI....(Skip)-----END RSA PRIVATE KEY-----EOF
6. Confirm that the SSL certificate is correctly configured in Nginx.
# The docker-compose.yml file is written in the path confirmed above.# Stop Harborsudodockercompose-f/var/lib/cubectl/harbor/docker-compose.ymldown-v# Start Harborsudodockercompose-f/var/lib/cubectl/harbor/docker-compose.ymlup-d또는 (cube 5.2.5)sudosystemctlrestartcube-harbor
8. Verify the connection.
9. Create a directory with the domain name in the /etc/containerd/certs.d directory on all nodes.
10. In the hosts.toml file of all directories in /etc/containerd/certs.d, change the part with an IP to the domain.
$cd/etc/containerd/certs.d/docker.io$vihosts.toml## Before the changesserver="https://docker.io"[host."https://172.25.1.172/v2/docker.io/"]capabilities= ["pull", "resolve"]ca="/etc/docker/certs.d/172.25.1.172/ca.crt"override_path=true----------------------------------------------------------## After the changesserver="https://docker.io"[host."https://paas-regi.cocktailcloud.io/v2/docker.io/"]capabilities= ["pull", "resolve"]ca="/etc/docker/certs.d/paas-regi.cocktailcloud.io/ca.crt"override_path=true
11. Copy the directory with the IP in /etc/docker/certs.d to the domain.
$ cd /etc/docker/certs.d
$ cp -r 172.25.1.172 pass-regi.cocktailcloud.io
