harbor证书更换

企业开发 2023-09-19 08:22:51 阅读次数: 0

harbor域名证书一年一换,上传新证书,然后直接更改/opt/harbor/harbor.yml文件证书配置,重启服务:

cd /opt/harbor/

docker-compose down -v

docker-compose up -d

发现证书并没有更新。

检查docker-comoser.yml文件,参看nginx部分,发现做了持久化

root@harbor harbor]# vim docker-compose.yml 

...
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "redis"
  proxy:
    image: goharbor/nginx-photon:v2.1.0
    container_name: nginx
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - ./common/config/nginx:/etc/nginx:z
      - /harbor_data/secret/cert:/etc/cert:z            //这里,缺省做了持久化     
      - /etc/hosts:/etc/hosts:z
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    dns_search: .
    ports:
      - 80:8080

...

所以更新证书文件到这里,覆盖之前的server.crt和server.key

[root@harbor harbor]# cd /harbor_data/secret/cert/
[root@harbor cert]# ll
total 12
-rw-r--r-- 1 root root 5824 Apr 12 16:10 server.crt
-rw-r--r-- 1 root root 1675 Apr 12 15:10 server.key

也不用使用docker-compose把服务全部重启,只重启ng容器即可

[root@harbor cert]# docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                    PORTS                                         NAMES
6e696e371d67        goharbor/harbor-jobservice:v2.1.0    "/harbor/entrypoint.…"   40 minutes ago      Up 40 minutes (healthy)                                                 harbor-jobservice
ce540caa5355        goharbor/nginx-photon:v2.1.0         "nginx -g 'daemon of…"   40 minutes ago      Up 9 minutes (healthy)    0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp   nginx
c8c71e144c9e        goharbor/harbor-core:v2.1.0          "/harbor/entrypoint.…"   40 minutes ago      Up 40 minutes (healthy)                                                 harbor-core
e5a1c50932f7        goharbor/registry-photon:v2.1.0      "/home/harbor/entryp…"   40 minutes ago      Up 40 minutes (healthy)                                                 registry
6c06ed2b2b20        goharbor/harbor-registryctl:v2.1.0   "/home/harbor/start.…"   40 minutes ago      Up 40 minutes (healthy)                                                 registryctl
b68793f7fecb        goharbor/redis-photon:v2.1.0         "redis-server /etc/r…"   40 minutes ago      Up 40 minutes (healthy)                                                 redis
d570d32629da        goharbor/harbor-portal:v2.1.0        "nginx -g 'daemon of…"   40 minutes ago      Up 40 minutes (healthy)                                                 harbor-portal
99b8537023f9        goharbor/harbor-db:v2.1.0            "/docker-entrypoint.…"   40 minutes ago      Up 40 minutes (healthy)                                                 harbor-db
b2d9a608c46c        goharbor/harbor-log:v2.1.0           "/bin/sh -c /usr/loc…"   40 minutes ago      Up 40 minutes (healthy)   127.0.0.1:1514->10514/tcp                     harbor-log
[root@harbor cert]# docker restart ce540caa5355

上面的ce540caa5355就是nginx 的docker 容器ID

重启完成后验证证书更新完成

猜你喜欢

转载自blog.csdn.net/aligeter/article/details/132477671
今日推荐
周排行
成为C++高手之宏与枚举
在CAD二次开发中使用进度条
Js插件ECharts,HighCharts学习网址整理
Celery提交任务出错(on windows.)
cephfs内核客户端性能追踪
thinkphp中PHPExcel用法
EntityFramework动态组合多排序字段
汇编语言(八)实验9 根据材料编程
安装ubuntu后必须做的事情(对我而言)
JS函数式编程
每日归档
更多
2024-10-22(0)
2024-10-21(0)
2024-10-20(0)
2024-10-19(0)
2024-10-18(0)
2024-10-17(0)
2024-10-16(0)
2024-10-15(0)
2024-10-14(0)
2024-10-13(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022