生成ca证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=guangdong/L=shenzhen/O=tangrongxing/OU=trxgrwz/CN=trxgrwz.cn" \
-key ca.key \
-out ca.crt生成服务器证书
openssl genrsa -out trxgrwz.cn.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=guangdong/L=shenzhen/O=tangrongxing/OU=trxgrwz/CN=trxgrwz.cn" \
-key trxgrwz.cn.key \
-out trxgrwz.cn.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.trxgrwz.cn
DNS.2=trxgrwz.cn
DNS.3=trxgrwz
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in trxgrwz.cn.csr \
-out trxgrwz.cn.crt将证书加入到docker
mkdir -p /etc/docker/certs.d/192.168.199.84:443
openssl x509 -inform PEM -in trxgrwz.cn.crt -out trxgrwz.cn.cert
cp trxgrwz.cn.key /etc/docker/certs.d/192.168.199.84:443/
cp trxgrwz.cn.cert /etc/docker/certs.d/192.168.199.84:443/
cp ca.crt /etc/docker/certs.d/192.168.199.84:443/
在“/etc/docker/daemon.json”中加入:
{
"insecure-registries": ["192.168.199.84:443"]
}重启docker