docker login 私有harbor仓库时,报错,如下:
Error response from daemon: Get "https://x.x.x.x:443/v2/": x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs
SAN 是 subjectAltName 的缩写。
我们在生成证书的时候未指定这项的配置或者指定错误。参考下面两个链接去生成的证书:
Configure HTTPS Access to Harbor
docker-repository-certs
其中有一个配置为:
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF如果我们配置不是域名,而是直接写的IP地址,则应该是如下的方式配置
subjectAltName = IP:x.x.x.x重新生成证书,重新执行harbor的安装运行操作:
./prepare && ./install.sh
然后运行一个获取证书的程序即可How can I fetch a certificate from a URL?
执行docker login x.x.x.x:443
如果出现文章来源:https://uudwc.com/A/vmpng
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
表明登录成功了文章来源地址https://uudwc.com/A/vmpng
