关于arrch64环境下bitnami/harbor-portal的安装部署

feishahui

已于 2023-04-14 16:51:30 修改

阅读量563

点赞数

分类专栏： harbor 文章标签： docker 运维容器

于 2023-04-14 16:45:20 首次发布

本文链接：https://blog.csdn.net/feishahui/article/details/130156717

版权

harbor 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

1.在arrch64环境下安装docker服务（略）

2.下载bitnami/harbor-portal基础镜像，并

// 下载bitnami官方压缩包 
[root@test ~]# wget https://github.com/bitnami/containers/archive/main.tar.gz
 
// 解压 
[root@cd20 ~]# tar zxvf main.tar.gz 

// 将harbor-portal目录移动到我们的当前目录 
[root@cd20 ~]# mv containers-main/bitnami/harbor-portal /home
[root@cd20 ~]# cd /home && mv harbor-portal harbor

3.解压缩，创建配置挂在卷的文件

//创建挂载卷
[root@cd20 ~]# cd /home/harbor
[root@cd20 ~]# mkdir chartmuseum core jobservice postgresql registry
[root@cd20 ~]# chown -R 1001:1001 ./postgresql && chown -R 1001:1001 ./jobservice 
[root@cd20 ~]# chown -R 1001:1001 ./registry && chown -R 1001:1001 ./core

4.处理docker-compse.yml文件

version: '2'

services:
  registry:
    image: docker.io/bitnami/harbor-registry:2
    privileged: true
    environment:
      - REGISTRY_HTTP_SECRET=CHANGEME
    volumes:
      - /home/harbor/registry/data:/storage
      - ./config/registry/:/etc/registry/:ro
  registryctl:
    image: docker.io/bitnami/harbor-registryctl:2
    privileged: true
    environment:
      - CORE_SECRET=CHANGEME
      - JOBSERVICE_SECRET=CHANGEME
      - REGISTRY_HTTP_SECRET=CHANGEME
    volumes:
      - /home/harbor/registry/data:/storage
      - ./config/registry/:/etc/registry/:ro
      - ./config/registryctl/config.yml:/etc/registryctl/config.yml:ro
  postgresql:
    image: docker.io/bitnami/postgresql:13
    container_name: harbor-db
    privileged: true
    environment:
      - POSTGRESQL_PASSWORD=bitnami
      - POSTGRESQL_DATABASE=registry
    volumes:
      - /home/harbor/postgresql:/bitnami/postgresql
  core:
    image: docker.io/bitnami/harbor-core:2
    container_name: harbor-core
    depends_on:
      - registry
      - chartmuseum
    environment:
      - CORE_KEY=change-this-key
      - _REDIS_URL_CORE=redis://redis:6379/0
      - SYNC_REGISTRY=false
      - CHART_CACHE_DRIVER=redis
      - _REDIS_URL_REG=redis://redis:6379/1
      - PORT=8080
      - LOG_LEVEL=info
      - EXT_ENDPOINT=https://registry.com
      - DATABASE_TYPE=postgresql
      - REGISTRY_CONTROLLER_URL=http://registryctl:8080
      - POSTGRESQL_HOST=postgresql
      - POSTGRESQL_PORT=5432
      - POSTGRESQL_DATABASE=registry
      - POSTGRESQL_USERNAME=postgres
      - POSTGRESQL_PASSWORD=bitnami
      - POSTGRESQL_SSLMODE=disable
      - REGISTRY_URL=http://registry:5000
      - TOKEN_SERVICE_URL=http://core:8080/service/token
      - HARBOR_ADMIN_PASSWORD=Harbor12345
      - CORE_SECRET=CHANGEME
      - JOBSERVICE_SECRET=CHANGEME
      - ADMIRAL_URL=
      - WITH_NOTARY=False
      - WITH_CHARTMUSEUM=True
      - CHART_REPOSITORY_URL=http://chartmuseum:8080
      - CORE_URL=http://core:8080
      - JOBSERVICE_URL=http://jobservice:8080
      - REGISTRY_STORAGE_PROVIDER_NAME=filesystem
      - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
      - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
      - READ_ONLY=false
      - RELOAD_KEY=
    volumes:
      - /home/harbor/core/data:/data
      - ./config/core/app.conf:/etc/core/app.conf:ro
      - ./config/core/private_key.pem:/etc/core/private_key.pem:ro
  portal:
    image: docker.io/bitnami/harbor-portal:2
    container_name: harbor-portal
    depends_on:
      - core
  jobservice:
    image: docker.io/bitnami/harbor-jobservice:2
    container_name: harbor-jobservice
    depends_on:
      - redis
      - core
    environment:
      - CORE_SECRET=CHANGEME
      - JOBSERVICE_SECRET=CHANGEME
      - CORE_URL=http://core:8080
      - REGISTRY_CONTROLLER_URL=http://registryctl:8080
      - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
      - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
    volumes:
      - /home/harbor/jobservice/log:/var/log/jobs
      - ./config/jobservice/config.yml:/etc/jobservice/config.yml:ro
  redis:
    image: redis:latest
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=yes
  harbor-nginx:
    image: docker.io/bitnami/nginx:1.23
    container_name: nginx
    volumes:
      - ./config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
      - ./config/proxy/cert:/etc/cert
    ports:
     # - '80:8080'
      - '443:8443'
    depends_on:
      - postgresql
      - registry
      - core
      - portal
  chartmuseum:
    container_name: chartmuseum
    image: docker.io/bitnami/chartmuseum:0
    environment:
      - CACHE=redis
      - CACHE_REDIS_ADDR=redis:6379
      - CACHE_REDIS_DB=1
      - DEPTH=1
      - PORT=8080
      - STORAGE=local
      - STORAGE_LOCAL_ROOTDIR=/bitnami/data
      - ALLOW_OVERWRITE=true
      - INDEX_LIMIT=0
    volumes:
      - /home/harbor/chartmuseum/data:/bitnami/data
#volumes:
#  registry_data:
#    driver: local
#  core_data:
#    driver: local
#  jobservice_data:
#    driver: local
#  postgresql_data:
#    driver: local
#  chartmuseum_data:
#    driver: local

5.配置bitnami-nginx的https

worker_processes auto;
error_log         "/opt/bitnami/nginx/logs/error.log";
pid               "/opt/bitnami/nginx/tmp/nginx.pid";

events {
  worker_connections 1024;
  use epoll;
  multi_accept on;
}

http {
  tcp_nodelay on;

  # this is necessary for us to be able to disable request buffering in all cases
  proxy_http_version 1.1;

  upstream core {
    server core:8080;
  }

  upstream portal {
    server portal:8080;
  }

  log_format timed_combined '$remote_addr - '
    '"$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '$request_time $upstream_response_time $pipe';

  client_body_temp_path  "/opt/bitnami/nginx/tmp/client_body" 1 2;
  proxy_temp_path        "/opt/bitnami/nginx/tmp/proxy" 1 2;
  fastcgi_temp_path      "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
  scgi_temp_path         "/opt/bitnami/nginx/tmp/scgi" 1 2;
  uwsgi_temp_path        "/opt/bitnami/nginx/tmp/uwsgi" 1 2;

  server {
    listen 8443 ssl;
    server_tokens off;
    # SSL
    ssl_certificate /etc/cert/registry.com.crt;
    ssl_certificate_key /etc/cert/registry.com.key;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;

    # costumized location config file can place to /opt/bitnami/nginx/conf with prefix harbor.http. and suffix .conf
    include /opt/bitnami/conf/nginx/conf.d/harbor.http.*.conf;

    ssl_protocols TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    location / {
      proxy_pass http://portal/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /c/ {
      proxy_pass http://core/c/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /api/ {
      proxy_pass http://core/api/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /chartrepo/ {
      proxy_pass http://core/chartrepo/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /v1/ {
      return 404;
    }

    location /v2/ {
      proxy_pass http://core/v2/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /service/ {
      proxy_pass http://core/service/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /service/notifications {
      return 404;
    }
  }
}

6.自行制作ssl文件

参考链接： Nginx配置ssl自签名证书_nginx 自签名证书_疯狂攻城师的博客-CSDN博客

需要注意，在上传配置cert文件夹时，需要重新指定文件夹的用户属组，否则nginx启动时会无法访问这个挂载的文件夹；

[root@test harbor]# cd config/proxy/
[root@test proxy]# ls
cert  cert-harbor.zip  nginx.conf
[root@test proxy]# chown -R 1001:1001 ./cert

7.配置bitnami-registry文件夹

//启动kubectl
[root@test harbor]#docker-compose up -d
 ✔ Container harbor-db             Started                                                                                                                                                          2.1s 
 ✔ Container harbor-core           Started                                                                                                                                                          4.0s 
 ✔ Container harbor-portal         Started                                                                                                                                                          4.9s 
 ✔ Container harbor-jobservice     Started                                                                                                                                                          5.2s 
 ✔ Container nginx                 Started
...

//添加存放路径
[root@test harbor]# docker exec -it harbor-registry-1 /bin/bash
I have no name!@f931a94004e2:/$ cd /storage/
I have no name!@f931a94004e2:/storage$ mkdir docker

8.访问地址(harbor的访问密码均配置在docker-compose.yml文件中，请自行查找)：

https://127.0.0.1:443/account/sign-in

user/pwd:admin/Harbor12345

feishahui

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
关于arrch64环境下bitnami/harbor-portal的安装部署

2.下载bitnami/harbor-portal基础镜像，并。1.在arrch64环境下安装docker服务（略）4.处理docker-compse.yml文件。5.配置bitnami-nginx的https。7.配置bitnami-registry文件夹。3.解压缩，创建配置挂在卷的文件。6.自行制作ssl文件。
复制链接

扫一扫