> For the complete documentation index, see [llms.txt](https://cocktailcloud.gitbook.io/cocktail-cloud-online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cocktailcloud.gitbook.io/cocktail-cloud-online/advanced-course/harbor.md).

# Harbor 공인 인증서 구성

## 1. Harbor 공인 인증서 등록

### 1. hosts 파일 변경 <a href="#fb56e845-1c80-4b7a-8d41-52e269a4511b" id="fb56e845-1c80-4b7a-8d41-52e269a4511b"></a>

```sh
vi /etc/hosts

[IP] 인증서 domain
[IP] 인증서 domain
```

### 2. harbor docker-compose.yml 위치 확인 <a href="#da486126-6f83-4eaf-9346-248c4a1ba7db" id="da486126-6f83-4eaf-9346-248c4a1ba7db"></a>

```bash
$ sudo find / -name 'docker-compose.yml'​
cocktail@priv-registry:~$ sudo find / -name 'docker-compose.yml'/var/lib/cubectl/harbor/docker-compose.yml
cocktail@priv-registry:~$
```

### 3. harbor 인증서의 domain 수정 <a href="#c1684ece-e476-4694-a5db-7ac9786fc45c" id="c1684ece-e476-4694-a5db-7ac9786fc45c"></a>

```bash
$ cd /var/lib/cubectl/harbor/common/config/core
$ vi env​

# AS-IS
EXT_ENDPOINT=https://10.1.1.50
​# TO-BE (접속될 접속주소, 예시:)
EXT_ENDPOINT=https://harbor.cocktailcloud.io
```

### 4. harbor 인증서 위치 확인 <a href="#b3bae97e-573b-42c9-b9fc-4ddebcb51739" id="b3bae97e-573b-42c9-b9fc-4ddebcb51739"></a>

```bash
# 위에서 확인한 docker-compose.yml이 위치한 디렉토리에서 검색
​grep -A 20 'nginx-photon' docker-compose.yml
​# 아래 volumes에서 cert 디렉토리 확인 가능
volumes:
    - ./common/config/nginx:/etc/nginx:z
    - /data/harbor/secret/cert:/etc/cert:z
    - type: bind
    source: ./common/config/shared/trust-certificates
    target: /harbor_cust_cert
```

### 5. 공인 인증서로 인증서 교체 <a href="#c66aed65-513a-46d5-b137-babbb099c034" id="c66aed65-513a-46d5-b137-babbb099c034"></a>

```bash
$ cd /app/data/harbor/secret/cert
$ ls -lrt
-rw------- 1 10000 10000 5055 Apr 11 11:10 server.crt
-rw------- 1 10000 10000 1679 Apr 11 11:11 server.key

​# 해당 인증서들 백업
$ sudo cp server.crt old_server.crt
$ sudo cp server.key old_server.key​

# 할당받은 인증서로 해당 파일 교체
#(실제 사용될 인증서의 권한은 10000:10000으로 설정이 되어있어야 함)
#(nginx용 PEM형식 파일) -ex) Wildcard.k-paas.io_pem.pem
$ sudo tee /app/data/harbor/secret/cert/server.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIGSDCCBTCgAwIBAgIMD/LYBjs
... (생략)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIET
... (생략)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
EOF

sudo tee /app/data/harbor/secret/cert/server.key  <<EOF 
-----BEGIN RSA PRIVATE KEY-----
MIIEpAI....(생략)
-----END RSA PRIVATE KEY-----
EOF
```

### 6. 정상적으로 인증서가 nginx에 설정되었는지 확인 <a href="#id-5677b14f-cb6c-4abc-9366-8a07a1f6b0d4" id="id-5677b14f-cb6c-4abc-9366-8a07a1f6b0d4"></a>

```bash
$ docker exec -it nginx nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

$ sudo docker exec -it redis redis-cli FLUSHALL
OK
```

### 7. harbor 재시작 <a href="#bbb32856-50cc-45bb-a8c9-d122072d22e0" id="bbb32856-50cc-45bb-a8c9-d122072d22e0"></a>

```bash
# docker-compose.yml 파일은 위에서 확인된 경로로 작성

# harbor 중지
sudo docker compose -f /var/lib/cubectl/harbor/docker-compose.yml down -v

# harbor 기동
sudo docker compose -f /var/lib/cubectl/harbor/docker-compose.yml up -d
또는 (cube 5.2.5)
sudo systemctl restart cube-harbor
```

### 8. 접속 확인 <a href="#id-926b36c4-f545-4bfb-82af-9570665f7383" id="id-926b36c4-f545-4bfb-82af-9570665f7383"></a>

![](https://2500958789-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwqxTfA9RA1lGrfzU2Oaz%2Fuploads%2FcFH7UPN9uQ0xgZQOVys0%2FUntitled.png?alt=media\&token=f2a58a55-f0c1-4c39-9a17-9d8fdd60782c)

### 9. 모든 노드의 /etc/containerd/certs.d 디렉토리에 domain으로 디렉토리 생성 <a href="#id-1e6b12b5-7d19-4f31-a121-e7214b88edbb" id="id-1e6b12b5-7d19-4f31-a121-e7214b88edbb"></a>

```bash
$ cd /etc/containerd/certs.d
$ cp -r 172.25.1.172 pass-regi.cocktailcloud.io
```

### 10. /etc/containerd/certs.d/ 에 있는 모든 디렉토리의 hosts.toml 파일에 IP로 되어있는 부분을 domain으로 변경 <a href="#id-8a898313-c9f7-4ed4-9093-8f76b69d10d3" id="id-8a898313-c9f7-4ed4-9093-8f76b69d10d3"></a>

```bash
$ cd /etc/containerd/certs.d/docker.io
$ vi hosts.toml

## 변경 전
server = "https://docker.io"

[host."https://172.25.1.172/v2/docker.io/"]
  capabilities = ["pull", "resolve"]
  ca = "/etc/docker/certs.d/172.25.1.172/ca.crt"
  override_path = true
----------------------------------------------------------

## 변경 후
server = "https://docker.io"

[host."https://paas-regi.cocktailcloud.io/v2/docker.io/"]
  capabilities = ["pull", "resolve"]
  ca = "/etc/docker/certs.d/paas-regi.cocktailcloud.io/ca.crt"
  override_path = true
```

### 11. /etc/docker/certs.d 디렉토리의 IP 로 되어있는 디렉토리를 도메인으로 복사 <a href="#id-0681aa71-0bdb-4a97-8fcd-e0804218c492" id="id-0681aa71-0bdb-4a97-8fcd-e0804218c492"></a>

```
$ cd /etc/docker/certs.d
$ cp -r 172.25.1.172 pass-regi.cocktailcloud.io
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://cocktailcloud.gitbook.io/cocktail-cloud-online/advanced-course/harbor.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.