文章中使用harbor版本为v2.2.0
因为种种原因(甲方爸爸牛逼)导致 harbor 无法直接使用证书提供https访问,于是被迫采用阿里云的负载均衡slb,使用slb的https方式代理访问后端的http协议的harbor ,证书配置到slb上,如下:
user---->slb(HTTPs)-->harbor(http) --> core/protal/registry
使用这种方式我们配置harbor.yml文件时,需要把https段配置注释,否则会发生http自动重定向到https,导致循环重定向,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 # Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: XXXXX.XXX.XXX:8443 # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 8443 # https related config #https: # https port for harbor, default is 443 # port: 8443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path
我们的gitlab ci 是使用google的kaniko进行镜像的打包上传:
1 /kaniko/executor --context="$PWD" --dockerfile="$PWD/Dockerfile" --destination="$HARBOR_IMAGE_TAG"
使用过程中发现有时候会出现
我手动执行push命令发现如下报错
1 2 3 4 5 6 7 8 9 10 [root@lnt-gitlab2 ~]# docker push wqtdv.lingnanpass.com:8443/lnt/backend/biz-system/order-service:12 The push refers to repository [wqtdv.lingnanpass.com:8443/lnt/backend/biz-system/order-service] d198a53aea25: Pushing [==================================================>] 63.53MB/63.53MB 6062fe0be0d9: Pushing [==================================================>] 4.096kB 845fd138a201: Pushing [==================================================>] 3.072kB ae3346816733: Pushing [==================================================>] 62.71MB/62.71MB f1368d252262: Pushing [==================================================>] 4.719MB/4.719MB 65b25307a005: Waiting error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
解决方案 对于类似>400 The plain HTTP request was sent to HTTPS port
这样的报错:
编辑common/config/registry/config.yml,添加如下图的字段relativeurls: true
或者修改harbor.yml,然后执行./prepare
对于上面使用kaniko push镜像那样的报错以及push报错:unauthorized: unauthorized to access repository(unauthorized: authentication required) 或者日志里面报错:unknown blob,编辑 common/config/nginx/nginx.conf , 注释掉所有的 proxy_set_header X-Forwarded-Proto $scheme; 重启即可(执行prepare后需要再次修改该文件)
解决方案仅供参考