总体架构
系统:centos7.5
架构:自己装的nginx (主域名,ssl) -> harbor自带的nginx(non-ssl) -> harbor
安装docker
yum install -y docker
安装docker-compose
- 下载最新的docker-compose版本
在https://github.com/docker/compose/releases找到最新的版本号,替换下面1.23.1
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- 添加可执行权限
chmod +x /usr/local/bin/docker-compose
- 测试安装结果
docker-compose --version docker-compose version 1.23.1, build 1719ceb
离线下载Harbor安装包
在https://github.com/goharbor/harbor/releases找到最新的版本号下载并解压
wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.2.tgz tar xvf harbor-offline-installer-v1.6.2.tgz
修改harbor.cfg文件
进入harbor目录,修改harbor.cfg文件
hostname = 主域名
注释nginx配置文件
编辑 harbor/common/templates/nginx/nginx.http.conf
将所有proxy_set_header X-Forwarded-Proto $$scheme;注释掉
修改harbor的存储路径(可选)
harbor.cfg,修改"secretkey"的路径
secretkey_path = /data/harbor-data # 默认是 /data
docker-compose.yml,修改原先所有默认为"/data"的volume的挂载路径
version: '2'
services:
log:
image: goharbor/harbor-log:v1.6.1
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.6.2-v1.6.1
container_name: registry
restart: always
volumes:
- /data/harbor-data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
postgresql:
image: goharbor/harbor-db:v1.6.1
container_name: harbor-db
restart: always
volumes:
- /data/harbor-data/database:/var/lib/postgresql/data:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "postgresql"
adminserver:
image: goharbor/harbor-adminserver:v1.6.1
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/harbor-data/config/:/etc/adminserver/config/:z
- /data/harbor-data/secretkey:/etc/adminserver/key:z
- /data/harbor-data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: goharbor/harbor-ui:v1.6.1
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/harbor-data/secretkey:/etc/ui/key:z
- /data/harbor-data/ca_download/:/etc/ui/ca/:z
- /data/harbor-data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: goharbor/harbor-jobservice:v1.6.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/harbor-data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
depends_on:
- redis
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v1.6.1
container_name: redis
restart: always
volumes:
- /data/harbor-data/redis:/var/lib/redis
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v1.6.1
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- postgresql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
安装Harbor
修改完配置文件后,在的当前目录执行./install.sh,Harbor服务就会根据当期目录下的docker-compose.yml开始下载依赖的镜像,检测并按照顺序依次启动各个服务
自己安装(主域名)的nginx配置参考
server{ listen 80; server_name 主域名; return 301 https://$server_name$request_uri; } server{ listen 443; server_name 主域名; access_log /var/log/nginx/xxx.log main; error_log /var/log/nginx/xxxx.log; charset utf-8; ssl on; ssl_certificate 证书路径; ssl_certificate_key 私钥路径; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; client_max_body_size 0; chunked_transfer_encoding on; location ^~/ { proxy_pass http://harbor-http的地址; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } }