基础环境 docker-ce 24.0.2
环境配置参考: Harbor docs | Harbor Installation Prerequisites
Hardware
The following table lists the minimum and recommended hardware configurations for deploying Harbor.
Resource | Minimum | Recommended |
---|---|---|
CPU | 2 CPU | 4 CPU |
Mem | 4 GB | 8 GB |
Disk | 40 GB | 160 GB |
Software
The following table lists the software versions that must be installed on the target host.
Software | Version | Description |
---|---|---|
Docker Engine | Version 17.06.0-ce+ or higher | For installation instructions, see Docker Engine documentation |
Docker Compose | docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin) | For installation instructions, see Docker Compose documentation |
OpenSSL | Latest is preferred | Used to generate certificate and keys for Harbor |
软件版本
docker-compose v2.19.0
harbor v2.8.2
安装步骤
一、安装docker-compose
下载地址
curl -SL https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-linux-x86_64 -o usr/local/bin/docker-compose
注意:如果没有运行权限 执行 chmod u+x docker-compose 赋权;
验证安装
docker-compose -v
二、安装harbor
离线安装包下载地址 https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz
安装Harbor
建议先使用最简单的方式安装harbor,验证可行。同时这样也可以将需要的镜像文件下载到当前主机中。
2.1下载
tar -xf harbor-offline-installer-v2.8.2.tgz
[root@harbor home]# ls
cert harbor harbor-offline-installer-v2.8.2.tgz
[root@harbor home]# cd harbor
[root@harbor harbor]# ls
common docker-compose.yml harbor.v2.8.2.tar.gz harbor.yml.tmpl LICENSE
common.sh harbor.srl harbor.yml install.sh prepare
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
2.2 编辑harbor配置文件并保存
2.3 安装并启动harbor
[root@harbor harbor]# pwd
/home/harbor
./prepare
./install.sh
启动完成后即可通过 ip地址:80端口访问。
如果需要配置https,先删除harbor
cd /home/harbor
docker-compose down -v
配置TLS,实现HTTPS和域名方式访问
一,TLS证书生成参考以下帖的回复
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28841
[root@harbor harbor]# cd /home/cert
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Lx, Inc./CN=Lx Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout lx.com.key -subj "/C=CN/ST=GD/L=SZ/O=Lx, Inc./CN=*.lx.com" -out lx.com.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:lx.com,DNS:harbor.lx.com") -days 3650 -in lx.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out lx.com.crt
[root@harbor cert]# ls
lx.com.crt lx.com.csr lx.com.key
二、将证书配置到harbor的配置文件中
[root@harbor cert]# cd ../harbor
[root@harbor harbor]# ls
common docker-compose.yml harbor.v2.8.2.tar.gz harbor.yml.tmpl LICENSE
common.sh harbor.srl harbor.yml install.sh prepare
编辑harbor.yml
启动harbor
./prepare
./install.sh
检验安装效果
[root@harbor harbor]# openssl s_client -connect harbor.lx.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:
DNS:lx.com, DNS:harbor.lx.com
三、配置docker正常使用域名访问
[root@harbor harbor]# vi /etc/docker/daemon.json
拷贝证书到docker路径下
[root@harbor harbor]# cd /home/cert
mkdir /etc/docker/certs.d/lx.com/
cp lx.com.crt /etc/docker/certs.d/lx.com/ca.crt
验证docker 登录
[root@192 ~]# systemctl daemon-reload
[root@192 ~]# systemctl restart docker
[root@192 ~]# docker login harbor.lx.com -u admin -p Harbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@192 ~]# vi /etc/docker/daemon.json
[root@192 ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
四、浏览器验证登录
将/home/cert/lx.com.crt证书文件导出,
在windows下点击安装证书,浏览器即可以通过域名访问