Configure HTTPS proxy if the Harbor registry load balancer IP is not publicly accessible
Article ID: 335040
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
The embedded Harbor registry is exposed via a kubernetes load balancer, in some customer's environments, the load balancer IP might not be publicly accessible outside the workload kubernetes cluster. Setting up an HTTPS proxy can make the embedded Harbor registry be accessible outside the kubernetes cluster so that developers can push images to the registry.
Environment
VMware vSphere ESXi 7.0.0
Resolution
Install an HTTPS proxy on a machine that has the access to the load balancer IP of the embedded Harbor registry, then configure the installed proxy on the client machines that needs access to the registry.
You can install and use the HTTPS proxy that you prefer, below are the steps to setup a sample tinyproxy on Debian / Ubuntu linux machine, note that this proxy should not be used for production:
You can install and use the HTTPS proxy that you prefer, below are the steps to setup a sample tinyproxy on Debian / Ubuntu linux machine, note that this proxy should not be used for production:
- Run the following bash command to install tinyproxy:
apt-get install tinyproxy
- Copy the attached (attachment section) tinyproxy.conf to /etc/tinyproxy.conf, this configures the proxy on port 8888.
- Run the following bash command to restart tinyproxy, now the proxy is configured:
systemctl restart tinyproxy.service
- Proxy should be configured in the browser that is used to show the embedded Harbor registry UI by following typical browser specific browser proxy configurations. The proxy configuration for docker clients that pull / push images on the Harbor registry should follow the instructions from docker Configure Docker to use a proxy server.
Attachments
Feedback
Yes
No
Powered by
