1.在arrch64环境下安装docker服务(略)
2.下载bitnami/harbor-portal基础镜像,并
// 下载bitnami官方压缩包
[root@test ~]# wget https://github.com/bitnami/containers/archive/main.tar.gz
// 解压
[root@cd20 ~]# tar zxvf main.tar.gz
// 将harbor-portal目录移动到我们的当前目录
[root@cd20 ~]# mv containers-main/bitnami/harbor-portal /home
[root@cd20 ~]# cd /home && mv harbor-portal harbor
3.解压缩,创建配置挂在卷的文件
//创建挂载卷
[root@cd20 ~]# cd /home/harbor
[root@cd20 ~]# mkdir chartmuseum core jobservice postgresql registry
[root@cd20 ~]# chown -R 1001:1001 ./postgresql && chown -R 1001:1001 ./jobservice
[root@cd20 ~]# chown -R 1001:1001 ./registry && chown -R 1001:1001 ./core
4.处理docker-compse.yml文件
version: '2'
services:
registry:
image: docker.io/bitnami/harbor-registry:2
privileged: true
environment:
- REGISTRY_HTTP_SECRET=CHANGEME
volumes:
- /home/harbor/registry/data:/storage
- ./config/registry/:/etc/registry/:ro
registryctl:
image: docker.io/bitnami/harbor-registryctl:2
privileged: true
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- REGISTRY_HTTP_SECRET=CHANGEME
volumes:
- /home/harbor/registry/data:/storage
- ./config/registry/:/etc/registry/:ro
- ./config/registryctl/config.yml:/etc/registryctl/config.yml:ro
postgresql:
image: docker.io/bitnami/postgresql:13
container_name: harbor-db
privileged: true
environment:
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_DATABASE=registry
volumes:
- /home/harbor/postgresql:/bitnami/postgresql
core:
image: docker.io/bitnami/harbor-core:2
container_name: harbor-core
depends_on:
- registry
- chartmuseum
environment:
- CORE_KEY=change-this-key
- _REDIS_URL_CORE=redis://redis:6379/0
- SYNC_REGISTRY=false
- CHART_CACHE_DRIVER=redis
- _REDIS_URL_REG=redis://redis:6379/1
- PORT=8080
- LOG_LEVEL=info
- EXT_ENDPOINT=https://registry.com
- DATABASE_TYPE=postgresql
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- POSTGRESQL_HOST=postgresql
- POSTGRESQL_PORT=5432
- POSTGRESQL_DATABASE=registry
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_SSLMODE=disable
- REGISTRY_URL=http://registry:5000
- TOKEN_SERVICE_URL=http://core:8080/service/token
- HARBOR_ADMIN_PASSWORD=Harbor12345
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- ADMIRAL_URL=
- WITH_NOTARY=False
- WITH_CHARTMUSEUM=True
- CHART_REPOSITORY_URL=http://chartmuseum:8080
- CORE_URL=http://core:8080
- JOBSERVICE_URL=http://jobservice:8080
- REGISTRY_STORAGE_PROVIDER_NAME=filesystem
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
- READ_ONLY=false
- RELOAD_KEY=
volumes:
- /home/harbor/core/data:/data
- ./config/core/app.conf:/etc/core/app.conf:ro
- ./config/core/private_key.pem:/etc/core/private_key.pem:ro
portal:
image: docker.io/bitnami/harbor-portal:2
container_name: harbor-portal
depends_on:
- core
jobservice:
image: docker.io/bitnami/harbor-jobservice:2
container_name: harbor-jobservice
depends_on:
- redis
- core
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- CORE_URL=http://core:8080
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
volumes:
- /home/harbor/jobservice/log:/var/log/jobs
- ./config/jobservice/config.yml:/etc/jobservice/config.yml:ro
redis:
image: redis:latest
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
harbor-nginx:
image: docker.io/bitnami/nginx:1.23
container_name: nginx
volumes:
- ./config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
- ./config/proxy/cert:/etc/cert
ports:
# - '80:8080'
- '443:8443'
depends_on:
- postgresql
- registry
- core
- portal
chartmuseum:
container_name: chartmuseum
image: docker.io/bitnami/chartmuseum:0
environment:
- CACHE=redis
- CACHE_REDIS_ADDR=redis:6379
- CACHE_REDIS_DB=1
- DEPTH=1
- PORT=8080
- STORAGE=local
- STORAGE_LOCAL_ROOTDIR=/bitnami/data
- ALLOW_OVERWRITE=true
- INDEX_LIMIT=0
volumes:
- /home/harbor/chartmuseum/data:/bitnami/data
#volumes:
# registry_data:
# driver: local
# core_data:
# driver: local
# jobservice_data:
# driver: local
# postgresql_data:
# driver: local
# chartmuseum_data:
# driver: local
5.配置bitnami-nginx的https
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
pid "/opt/bitnami/nginx/tmp/nginx.pid";
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nodelay on;
# this is necessary for us to be able to disable request buffering in all cases
proxy_http_version 1.1;
upstream core {
server core:8080;
}
upstream portal {
server portal:8080;
}
log_format timed_combined '$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
server {
listen 8443 ssl;
server_tokens off;
# SSL
ssl_certificate /etc/cert/registry.com.crt;
ssl_certificate_key /etc/cert/registry.com.key;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# costumized location config file can place to /opt/bitnami/nginx/conf with prefix harbor.http. and suffix .conf
include /opt/bitnami/conf/nginx/conf.d/harbor.http.*.conf;
ssl_protocols TLSv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://portal/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /c/ {
proxy_pass http://core/c/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /api/ {
proxy_pass http://core/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /chartrepo/ {
proxy_pass http://core/chartrepo/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /v1/ {
return 404;
}
location /v2/ {
proxy_pass http://core/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {
proxy_pass http://core/service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/notifications {
return 404;
}
}
}
6.自行制作ssl文件
参考链接: Nginx配置ssl自签名证书_nginx 自签名证书_疯狂攻城师的博客-CSDN博客
需要注意,在上传配置cert文件夹时,需要重新指定文件夹的用户属组,否则nginx启动时会无法访问这个挂载的文件夹;
[root@test harbor]# cd config/proxy/
[root@test proxy]# ls
cert cert-harbor.zip nginx.conf
[root@test proxy]# chown -R 1001:1001 ./cert
7.配置bitnami-registry文件夹
//启动kubectl
[root@test harbor]#docker-compose up -d
✔ Container harbor-db Started 2.1s
✔ Container harbor-core Started 4.0s
✔ Container harbor-portal Started 4.9s
✔ Container harbor-jobservice Started 5.2s
✔ Container nginx Started
...
//添加存放路径
[root@test harbor]# docker exec -it harbor-registry-1 /bin/bash
I have no name!@f931a94004e2:/$ cd /storage/
I have no name!@f931a94004e2:/storage$ mkdir docker
8.访问地址(harbor的访问密码均配置在docker-compose.yml文件中,请自行查找):
https://127.0.0.1:443/account/sign-in
user/pwd:admin/Harbor12345