下载
wget https://github.com/goharbor/harbor/releases/download/v2.5.1/harbor-offline-installer-v2.5.1.tgz
解压
[root@localhost data]# tar -xf harbor-offline-installer-v2.5.1.tgz
[root@localhost data]# ll
总用量 645596
drwxr-xr-x. 2 root root 122 6月 20 15:50 harbor
-rw-r--r--. 1 root root 661087658 5月 30 11:20 harbor-offline-installer-v2.5.1.tgz
更改配置文件 harbor.yml.tmpl
[root@localhost data]# vi harbor/harbor.yml.tmpl
# 更改hostname
hostname: 192.168.73.134
# 注释掉https
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
安装docker
可以参考 https://blog.csdn.net/liao__ran/article/details/124703425?spm=1001.2014.3001.5501 中docker安装部分
启动docker
systemctl restart docker
systemctl status docker
下载dockers-compose
wget https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64
ln -s /data/docker-compose-linux-x86_64 /usr/bin/docker-compose
chmod 755 /data/docker-compose-linux-x86_64
chmod 755 /usr/bin/docker-compose
[root@localhost data]# cd harbor
[root@localhost harbor]# ll
总用量 648956
-rw-r--r--. 1 root root 3361 5月 26 23:59 common.sh
-rw-r--r--. 1 root root 664492716 5月 27 00:00 harbor.v2.5.1.tar.gz
-rw-r--r--. 1 root root 9924 6月 20 15:54 harbor.yml.tmpl
-rwxr-xr-x. 1 root root 2500 5月 26 23:59 install.sh
-rw-r--r--. 1 root root 11347 5月 26 23:59 LICENSE
-rwxr-xr-x. 1 root root 1881 5月 26 23:59 prepare
镜像构建
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
./install.sh
导入配置
./prepare
启动服务
[root@localhost harbor]# docker-compose up -d
使用,账户密码 admin/Harbor12345
http://192.168.73.134
https访问证书配置
创建证书放置文件
[root@localhost harbor]# mkdir /data/harbor/ssl
[root@localhost harbor]# cd /data/harbor/ssl
创建key文件:
[root@localhost ssl]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
..++
.............................++
e is 65537 (0x10001)
[root@localhost ssl]# ll
总用量 4
-rw-r--r--. 1 root root 3243 6月 20 16:36 ca.key
生成证书
[root@localhost ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/CN=192.168.73.134" -key ca.key -out ca.crt
[root@localhost ssl]# ll
总用量 8
-rw-r--r--. 1 root root 1801 6月 20 16:38 ca.crt
-rw-r--r--. 1 root root 3243 6月 20 16:36 ca.key
生成服务器证书
创建私钥
[root@localhost ssl]# openssl genrsa -out server.key 4096
Generating RSA private key, 4096 bit long modulus
................................................................................................................................................................................................................++
..........................................................................................................................++
e is 65537 (0x10001)
[root@localhost ssl]# ll
总用量 12
-rw-r--r--. 1 root root 1801 6月 20 16:38 ca.crt
-rw-r--r--. 1 root root 3243 6月 20 16:36 ca.key
-rw-r--r--. 1 root root 3243 6月 20 16:38 server.key
生成证书签名请求
[root@localhost ssl]# openssl req -new -sha512 -subj "/CN=192.168.73.134" -key server.key -out server.csr
[root@localhost ssl]# ll
总用量 16
-rw-r--r--. 1 root root 1801 6月 20 16:38 ca.crt
-rw-r--r--. 1 root root 3243 6月 20 16:36 ca.key
-rw-r--r--. 1 root root 1590 6月 20 16:39 server.csr
-rw-r--r--. 1 root root 3243 6月 20 16:38 server.key
生成harbor仓库主机的证书
首先创建一个 v3.ext 文件
[root@localhost ssl]# vi v3.ext
[root@localhost ssl]# cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.com
DNS.2=192.168.73.134
[root@localhost ssl]# ll
总用量 20
-rw-r--r--. 1 root root 1801 6月 20 16:38 ca.crt
-rw-r--r--. 1 root root 3243 6月 20 16:36 ca.key
-rw-r--r--. 1 root root 1590 6月 20 16:39 server.csr
-rw-r--r--. 1 root root 3243 6月 20 16:38 server.key
-rw-r--r--. 1 root root 258 6月 20 16:40 v3.ext
生成harbor仓库主机的证书
[root@localhost ssl]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
Signature ok
subject=/CN=192.168.73.134
Getting CA Private Key
[root@localhost ssl]#
[root@localhost ssl]#
[root@localhost ssl]# ll
总用量 28
-rw-r--r--. 1 root root 1801 6月 20 16:38 ca.crt
-rw-r--r--. 1 root root 3243 6月 20 16:36 ca.key
-rw-r--r--. 1 root root 17 6月 20 17:11 ca.srl
-rw-r--r--. 1 root root 1854 6月 20 17:11 server.crt
-rw-r--r--. 1 root root 1590 6月 20 16:39 server.csr
-rw-r--r--. 1 root root 3243 6月 20 16:38 server.key
-rw-r--r--. 1 root root 258 6月 20 16:40 v3.ext
配置和安装证书
[root@localhost harbor]# cd /data/harbor
[root@localhost harbor]# vi harbor.yml
https:
port: 443
certificate: /data/harbor/ssl/server.crt
private_key: /data/harbor/ssl/server.key
#导入配置
[root@localhost harbor]# ./prepare
prepare base dir is set to /data/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
##停止当前运行的harbor
[root@localhost harbor]# docker-compose down -v
[+] Running 10/10
⠿ Container harbor-jobservice Removed 0.3s
⠿ Container nginx Removed 0.3s
⠿ Container registryctl Removed 10.2s
⠿ Container harbor-core Removed 0.3s
⠿ Container harbor-portal Removed 0.3s
⠿ Container harbor-db Removed 0.4s
⠿ Container registry Removed 0.3s
⠿ Container redis Removed 0.3s
⠿ Container harbor-log Removed 10.3s
⠿ Network harbor_harbor Removed
##后台运行的harbor
[root@localhost harbor]# docker-compose up -d
[+] Running 10/10
⠿ Network harbor_harbor Created 0.1s
⠿ Container harbor-log Started 1.1s
⠿ Container registry Started 3.2s
⠿ Container harbor-portal Started 3.2s
⠿ Container redis Started 3.0s
⠿ Container registryctl Started 3.1s
⠿ Container harbor-db Started 2.9s
⠿ Container harbor-core Started 3.7s
⠿ Container nginx Started 5.2s
⠿ Container harbor-jobservice Started 5.2s
为docker配置harbor认证,若是其他主机登陆,将server.crt文件拷贝,然后主机按如下设置
将server证书cp到docker所在的机器固定目录中
[root@localhost harbor]# mkdir /etc/docker/certs.d/
[root@localhost harbor]#
[root@localhost harbor]# mkdir -p /etc/docker/certs.d/192.168.73.134
[root@localhost harbor]#
[root@localhost harbor]# cp /data/harbor/ssl/server.crt /etc/docker/certs.d/192.168.73.134/
更改启动文件:重启docker
vi /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry https://192.168.73.134:443
[root@localhost harbor]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"registry-mirrors": ["https://6kx4zyno.mirror.aliyuncs.com"],
"registry-mirrors": ["https://192.168.73.134:443"]
}
systemctl daemon-reload
systemctl restart docker
重启harbor服务
docker-compose down -v
docker-compose up -d
访问harbor页面
https://192.168.73.134/harbor/projects
登陆harbor
[root@localhost harbor]# docker login https://192.168.73.134:443/harbor -uadmin -pHarbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@localhost harbor]# docker login 192.168.73.134:443
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
推送镜像到仓库
仓库mysql,centos,backend,frontend需要在页面手动创建
登陆
docker login 192.168.73.134:443
admin/Harbor12345
打包
docker tag mysql:5.7 192.168.73.134/mysql/mysql5.7.202108170951
docker tag centos:7 192.168.73.134/centos/centos7.2.202108170951
docker tag django-centos:latest 192.168.73.134/backend/django-centos.202108170951:latest
docker tag django-backend-centos:latest 192.168.73.134/backend/django-backend-centos.202108170951:latest
docker tag nginx-centos-mobile-vueswiftops:latest 192.168.73.134/frontend/nginx-centos-mobile-vueswiftops.202108170951:latest
docker tag nginx-centos:latest 192.168.73.134/frontend/nginx-centos.202108170951:latest
推送
docker push 192.168.73.134/mysql/mysql5.7.202108170951:latest
docker push 192.168.73.134/centos/centos7.2.202108170951:latest
docker push 192.168.73.134/backend/django-centos.202108170951:latest
docker push 192.168.73.134/backend/django-backend-centos.202108170951:latest
docker push 192.168.73.134/frontend/nginx-centos-mobile-vueswiftops.202108170951:latest
docker push 192.168.73.134/frontend/nginx-centos.202108170951:latest
下载
docker pull 192.168.73.134/mysql/mysql5.7.202108170951:latest
docker pull 192.168.73.134/centos/centos7.2.202108170951:latest
docker pull 192.168.73.134/backend/django-centos.202108170951:latest
docker pull 192.168.73.134/backend/django-backend-centos.202108170951:latest
docker pull 192.168.73.134/frontend/nginx-centos-mobile-vueswiftops.202108170951:latest
docker pull 192.168.73.134/frontend/nginx-centos.202108170951:latest
Harbor---docker镜像仓库搭建及使用
最新推荐文章于 2024-06-20 16:19:20 发布
本文档详细介绍了如何下载并安装Harbor私有仓库,包括配置文件修改、Docker安装、证书生成与配置,以及Harbor服务的启动和使用。通过这些步骤,你可以创建一个安全的HTTPS访问的Harbor实例。
摘要由CSDN通过智能技术生成