misterli's Blog.

阿里云slb https代理harbor 总结

字数统计: 598阅读时长: 3 min
2021/07/13

文章中使用harbor版本为v2.2.0

因为种种原因(甲方爸爸牛逼)导致 harbor 无法直接使用证书提供https访问,于是被迫采用阿里云的负载均衡slb,使用slb的https方式代理访问后端的http协议的harbor ,证书配置到slb上,如下:

user---->slb(HTTPs)-->harbor(http) --> core/protal/registry

使用这种方式我们配置harbor.yml文件时,需要把https段配置注释,否则会发生http自动重定向到https,导致循环重定向,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: XXXXX.XXX.XXX:8443

# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8443

# https related config
#https:
# https port for harbor, default is 443
# port: 8443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path

我们的gitlab ci 是使用google的kaniko进行镜像的打包上传:

1
/kaniko/executor --context="$PWD" --dockerfile="$PWD/Dockerfile" --destination="$HARBOR_IMAGE_TAG"

使用过程中发现有时候会出现

image-20210628141739223

我手动执行push命令发现如下报错

1
2
3
4
5
6
7
8
9
10
[root@lnt-gitlab2 ~]# docker push wqtdv.lingnanpass.com:8443/lnt/backend/biz-system/order-service:12 
The push refers to repository [wqtdv.lingnanpass.com:8443/lnt/backend/biz-system/order-service]
d198a53aea25: Pushing [==================================================>] 63.53MB/63.53MB
6062fe0be0d9: Pushing [==================================================>] 4.096kB
845fd138a201: Pushing [==================================================>] 3.072kB
ae3346816733: Pushing [==================================================>] 62.71MB/62.71MB
f1368d252262: Pushing [==================================================>] 4.719MB/4.719MB
65b25307a005: Waiting
error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"

解决方案

对于类似>400 The plain HTTP request was sent to HTTPS port这样的报错:

编辑common/config/registry/config.yml,添加如下图的字段relativeurls: true

image-20210621224047823

或者修改harbor.yml,然后执行./prepare

image-20210621224205340

对于上面使用kaniko push镜像那样的报错以及push报错:unauthorized: unauthorized to access repository(unauthorized: authentication required) 或者日志里面报错:unknown blob,编辑 common/config/nginx/nginx.conf , 注释掉所有的 proxy_set_header X-Forwarded-Proto $scheme; 重启即可(执行prepare后需要再次修改该文件)

image-20210713221327569

解决方案仅供参考

CATALOG
  1. 1. 解决方案