- 1matlab流体仿真_simulink流体仿真
- 2MySQL 之JDBC编程_javax.sql.datasource
- 3Ubuntu18.04安装ros保姆级教程,附带rosdep init / rosdep update终极解决方案_ros最新密钥
- 4tensorflow2.0:ValueError: Operands could not be broadcast together with shapes_keras 'together with shapes ' + str(shape1) + ' '
- 5【Neo4j系列】Neo4j之CQL语句和函数介绍_neo4j cql
- 6python读入图片,可视化展示图片_python显示图片
- 7双链表(线性表的链式存储)---C语言版_双链表在最后处加入节点的时间复杂度
- 8【稳定检索|投稿优惠】2024年船舶、海洋工程与航海技术国际会议(ICSMENT 2024)_icsntme 2024
- 9NanoPi NEO2 GPIO控制驱动
- 10Python中的KFold与StratifiedKFold_python stratifiedkfold
反代服务器硬件,Nginx反代Harbor配置(Docker)
赞
踩
方式一:
说明:Docker安装Harbor,Nginx和Harbor在同一台服务器,Nginx反代到Docker的Harbor访问.
环境:
IP地址(内网):192.168.193.121
服务器版本:CentOS Linux release 7.4.1708 (Core)
Harbor版本:harbor-offline-installer-v2.1.2.tgz
Docker-compose版本:
[root@ebs-26562 conf]# docker-compose version
docker-compose version 1.27.4, build 40524192docker-py version: 4.3.1CPython version:3.7.7OpenSSL version: OpenSSL1.1.0l 10 Sep 2019
Docker 版本:
[root@ebs-26562conf]# docker version
Client: Docker Engine-Community
Version:19.03.5API version:1.40Go version: go1.12.12Git commit: 633a0ea
Built: Wed Nov13 07:25:41 2019OS/Arch: linux/amd64
Experimental:falseServer: Docker Engine-Community
Engine:
Version:19.03.5API version:1.40 (minimum version 1.12)
Go version: go1.12.12Git commit: 633a0ea
Built: Wed Nov13 07:24:18 2019OS/Arch: linux/amd64
Experimental:falsecontainerd:
Version:1.2.10GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version:1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version:0.18.0GitCommit: fec3683
解压Harbor修改Harbor.yml安装配置.
[root@ebs-26562harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.xxx.com
# http related config
http:
# portfor http, default is 80. If https enabled, thisport will redirect to https port
port:899 #端口可以自定义.# https related config
#https:
# https portfor harbor, default is 443# port:443# The path of cert and key filesfornginx
# certificate:/your/certificate/path
# private_key:/your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# #set enabled to true means internal tls isenabled
# enabled:true# # put your cert and key files on dir
# dir:/etc/harbor/tls/internal# Uncomment external_urlifyou want to enable external proxy
# And when it enabled the hostname will no longer used
external_url: http://harbor.xxx.com #这个位置一定要这样写,不能写https
# The initial password of Harbor admin
# It only worksinfirst time to install harbor
# Remember Change the admin passwordfromUI after launching Harbor.
harbor_admin_password: Harborxxx
Nginx反代配置
server {
listen443ssl;
listen80;
server_name harbor.xxx.com;
ssl_certificate cert/harbor.xxx.com.pem;
ssl_certificate_key cert/harbor.xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location/{
proxy_pass http://127.0.0.1:899;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://$scheme://;
client_max_body_size 0;
}
}
方式二:
说明:harbor和Nginx在2台服务器上,通过内网反代.
Harbor:192.168.191.121
Nginx:192.168.191.80
Harbor.yml配置
[root@ebs-26562harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.xxx.com
# http related config
http:
# portfor http, default is 80. If https enabled, thisport will redirect to https port
port:899# https related config
#https:
# https portfor harbor, default is 443# port:443# The path of cert and key filesfornginx
# certificate:/your/certificate/path
# private_key:/your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# #set enabled to true means internal tls isenabled
# enabled:true# # put your cert and key files on dir
# dir:/etc/harbor/tls/internal# Uncomment external_urlifyou want to enable external proxy
# And when it enabled the hostname will no longer used
external_url: http://harbor.xxx.com #这一句可注释掉,也可以不注释.
# The initial password of Harbor admin
# It only worksinfirst time to install harbor
# Remember Change the admin passwordfromUI after launching Harbor.
harbor_admin_password: Harbor12345
Nginx配置:
upstream harbor {
server192.168.193.121:899 weight=1;
}
server {
listen80;
listen443ssl;
server_name harbor.xxx.com;
ssl_certificate cert/harbor.xxx.com.pem;
ssl_certificate_key cert/harbor.xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location/{
proxy_pass http://harbor;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 20m;
client_body_buffer_size 128k;
proxy_connect_timeout90;
proxy_read_timeout90;
proxy_buffer_size 4k;
proxy_buffers632k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
原文:https://www.cnblogs.com/bretzhao/p/14681934.html
