$ cd /var/lib/cubectl/harbor/common/config/core
$ vi env
# AS-IS
EXT_ENDPOINT=https://10.1.1.50
# TO-BE (Connection address, example:)
EXT_ENDPOINT=https://harbor.cocktailcloud.io
4. Verify the location of the Harbor certificate.
# Search in the directory where the previously checked docker-compose.yml is located.
grep -A 20 'nginx-photon' docker-compose.yml
# Check the cert directory in the volumes below.
volumes:
- ./common/config/nginx:/etc/nginx:z
- /data/harbor/secret/cert:/etc/cert:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
5. Replace the certificate with the public SSL certificate.
$ cd /app/data/harbor/secret/cert
$ ls -lrt
-rw------- 1 10000 10000 5055 Apr 11 11:10 server.crt
-rw------- 1 10000 10000 1679 Apr 11 11:11 server.key
# Backup the respective certificates.
$ sudo cp server.crt old_server.crt
$ sudo cp server.key old_server.key
# Replace the file with the assigned certificate.
#(The permissions of the actual certificate should be set to 10000:10000.)
#(PEM format file for Nginx) -ex) Wildcard.k-paas.io_pem.pem
$ sudo tee /app/data/harbor/secret/cert/server.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIGSDCCBTCgAwIBAgIMD/LYBjs
... (Skip)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIET
... (Skip)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
EOF
sudo tee /app/data/harbor/secret/cert/server.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIEpAI....(Skip)
-----END RSA PRIVATE KEY-----
EOF
6. Confirm that the SSL certificate is correctly configured in Nginx.
$ docker exec -it nginx nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo docker exec -it redis redis-cli FLUSHALL
OK
7. Restart Harbor.
# The docker-compose.yml file is written in the path confirmed above.
# Stop Harbor
sudo docker compose -f /var/lib/cubectl/harbor/docker-compose.yml down -v
# Start Harbor
sudo docker compose -f /var/lib/cubectl/harbor/docker-compose.yml up -d
또는 (cube 5.2.5)
sudo systemctl restart cube-harbor
8. Verify the connection.
9. Create a directory with the domain name in the /etc/containerd/certs.d directory on all nodes.
$ cd /etc/containerd/certs.d
$ cp -r 172.25.1.172 pass-regi.cocktailcloud.io
10. In the hosts.toml file of all directories in /etc/containerd/certs.d, change the part with an IP to the domain.
$ cd /etc/containerd/certs.d/docker.io
$ vi hosts.toml
## Before the changes
server = "https://docker.io"
[host."https://172.25.1.172/v2/docker.io/"]
capabilities = ["pull", "resolve"]
ca = "/etc/docker/certs.d/172.25.1.172/ca.crt"
override_path = true
----------------------------------------------------------
## After the changes
server = "https://docker.io"
[host."https://paas-regi.cocktailcloud.io/v2/docker.io/"]
capabilities = ["pull", "resolve"]
ca = "/etc/docker/certs.d/paas-regi.cocktailcloud.io/ca.crt"
override_path = true
11. Copy the directory with the IP in /etc/docker/certs.d to the domain.
$ cd /etc/docker/certs.d
$ cp -r 172.25.1.172 pass-regi.cocktailcloud.io