harbor icon indicating copy to clipboard operation
harbor copied to clipboard

Published 20 hours ago verified publisher icon goharbor

How to ignore certificate verification to log in to docker successfully

Open ChenJhua opened this issue 2 years ago • 9 comments

I have 2 harbor, I want to use https; build a dual-master model and use a private certificate。 But I want to ignore the certificate in the internal network so, i set --insecure-registry https://10.222.3.156:8443 to docker. but i use docker login:

[root@master-001 harbor]# docker login https://10.222.3.156:8443 -uadmin -pHarbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://10.222.3.156:8443/v2/": Get "https://None:8443/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry": dial tcp: lookup None on 10.96.0.10:53: server misbehaving

version: harbor2.5.2 offline install. use docker-compose

I can configure it according to the official website, but I don't want to use such a complicated certificate operation

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ./harbor.key -out ./harbor.crt -subj "/CN=sina/O=ddr"

i only use key and crt @wy65701436

ChenJhua avatar Jul 07 '22 12:07 ChenJhua

The error doesn't look like a certificate error, but a domain resolution error.

chlins avatar Jul 08 '22 02:07 chlins

The error doesn't look like a certificate error, but a domain resolution error.

yet, i find not set hostname, have this error. I thought it would be 0.0.0.0 if not set

ChenJhua avatar Jul 08 '22 02:07 ChenJhua

The hostname will not be set by default, you should set this value in the harbor.yml.

chlins avatar Jul 08 '22 09:07 chlins

The hostname will not be set by default, you should set this value in the harbor.yml.

I found a problem with harbor2.5.2. When I execute ./prepare as root, the configuration of the root user will appear in common/config, causing the harbor to start abnormally

ChenJhua avatar Jul 08 '22 09:07 ChenJhua

Hello, after systemctl restart docker my harbor no longer listens to 443 but docker-compose ps seems to be healthy, and docker ps is also normal. But harbor is not accessible, and docker exec cannot enter the container can you tell me how to monitor this exception and recover? @chlins

ChenJhua avatar Jul 09 '22 08:07 ChenJhua

You could try to restart harbor service, docker-compose down and docker-compose up -d.

chlins avatar Jul 11 '22 02:07 chlins

Yes, this works, but I don't know if he's abnormal. Because it looks healthy.

ChenJhua avatar Jul 11 '22 11:07 ChenJhua

Hi, I have one more question. That is, I have two primary and secondary docker-compose harbor warehouses. I want to access both at the same time in lb. But there seems to be a problem with the token, how should I do it. @chlins

harbor parse token error, crypto/rsa: verification error

ChenJhua avatar Jul 14 '22 10:07 ChenJhua

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] avatar Sep 13 '22 09:09 github-actions[bot]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.

github-actions[bot] avatar Oct 13 '22 09:10 github-actions[bot]