Reputation: 586
Harbor - Configure Http using Cloudflare
I'm making some tests with harbor container registry. In order to publish it to production I wanted to add the ssl support.
As cloudflare provides it I'm wondering if is it possible to make it work.
So far I've created a dns record in cloudflare pointing to my harbor instance, proxied.
I've followed the steps under documentation to configure the https from harbor.
I was able to access the registry with the domain name and the certificates appears to be valid..
But when I tried to push the image to it, it complained about the certificate being invalid
Do you have any clues why?
Upvotes: 0
Views: 1218
Answers (1)
Reputation: 586
I've just found out my mistake.
In order to setup the certificate I needed to use the cloud-flare full strict mode.
I'll leave all my steps here, in case someone needs it.
Cloud flare
Setup dns registry.
SSL/TLS
Go to SSL/TLS => Overview
And change to Full (strict)
Origin Server
Now go to SSl/TLS Origin Server and create a new certificate
Copy the value from Origin Certificate to a text file with .crt extension
Copy the value from Private Key to a text file with .key extension
Save de cloud flare CA certificate in the same place.more info
Harbor(Linux)
Create two folders:
mkdir -p /data/certmkdir -p /etc/docker/certs.d
Copy the files you have created with names:
- cert.crt =>domain.com.crt
- key.key => domain.com.key
- ca.crt=> ca.key
In the harbor hosts run the following commands
openssl x509 -inform PEM -in /data/cert/domain.com.crt -out /data/cert/domain.com.cert
Convert domain.com.crt to yourdomain.com.cert, for use by Docker.
cp /data/cert/domain.com.cert /etc/docker/certs.d/cp /data/cert/domain.com.key /etc/docker/certs.d/cp /data/cert/ca.crt /etc/docker/certs.d/
Copy the server certificate, key and CA files into the Docker certificates folder on the Harbor host. You must create the appropriate folders first.
Edit the harbor.yaml file
In order to make the ssl works you need to uncomment and change the properties in the ssl section
Also it's recommended to change the hostname(both on machine and harbor.yaml) with the same you've set up in your dns
If you have already started the harbor:
- stop with the
docke-compose downcommand - run /harbor/prepare script
- run the
docker-compose up -dcommand
Upvotes: 2
Related Questions
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- Android 8: Cleartext HTTP traffic not permitted
- Nginx & Cloudflare error, too many redirections
- How to add a certificate to a sub-sub-domain with Cloudflare?
- Configure NGINX + CloudFlare + SSL
- While using Harbor create 'New Registry Endpoint' unhealthy issue
- SSL with a CNAME pointing to Cloudflare
- Cloudflare Setup with Azure WebApp
- CNAME from external domain to CloudFlare DNS with HTTPS