HTTPS nginx proxy HTTP Harbor fail

[huangjun0210]

nginx and harbor are not on the same node, using nginx proxy harbor service:

• The harbor node (IP: 10.129.227.76) is on the intranet and uses the HTTP protocol.
• On another node, nginx is installed and has an external domain name (ccimage. xxxx. com). SSL certificates are also configured on this node, and HTTPS access to Harbor is configured.

but, the proxy fail.

Versions:

• harbor version: v2.10.3
• docker engine version: 26.1.3
• docker-compose version: v2.7.0

Additional context:

Visit Harbor on https://ccimage.***.com

We can successfully login through the portal：

But use docker login command on node cannot login successfully:

harbor.yml

hostname: 10.129.227.76

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 8080

# https related config
#https:
  # https port for harbor, default is 443
  #  port: 443
  # The path of cert and key files for nginx
  #  certificate: /root/harbor/ssl/ccimage.***.com.pem
  #  private_key: /root/harbor/ssl/ccimage.***.com.key
  # enable strong ssl ciphers (default: false)
  # strong_ssl_ciphers: false

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# ...
# ....

nginx.conf

server {
    listen 443 ssl;
    server_name ccimage.***.com;
   client_max_body_size 0;  

    ssl_certificate /etc/nginx/ssl/ccimage.***.com.pem;
    ssl_certificate_key /etc/nginx/ssl/ccimage.***.com.key;

    location / {
        proxy_pass http://10.129.227.76:8080; 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

    }

  location /v2/ {
      proxy_pass http://10.129.227.76:8080/v2/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Log files:

[docooler]

from the docker login response . we can see your registry auth uri is not right. it's directly return the ip address .not the domain address. please check your config file