【Docker】如何在Linux上快速安装和配置Harbor

目录

前言

一、测试环境

二、获取harbor软件包

三、获取TLS文件（HTTP略过）

四、配置harbor

1.解压harbor安装包

2.修改配置文件内容

3.执行环境准备脚本

4.执行安装脚本

五、访问Harbor Web界面

 六、harbor容器启停

1.关闭harbor

2.开启harbor

七、harbor的使用

1.登录harbor

2.镜像上传与下载

总结

---

---

前言

        Harbor 是一个开源的容器镜像仓库，旨在帮助企业安全、有效地存储和管理容器镜像。通过支持多种镜像管理功能，如镜像复制、漏洞扫描、访问控制和镜像签名，Harbor 提供了一个稳定、高性能的解决方案，满足了企业级容器化应用的需求。此外，Harbor 还与 Kubernetes 和 Docker 紧密集成，简化了容器的部署与运维流程，提升了 DevOps 团队的工作效率。

---

一、测试环境

        Docker version：26.1.4

        Docker compose version：v2.27.1 (Docker Inc.)

二、获取harbor软件包

        从Harbor的官方GitHub仓库下载最新的Harbor离线安装版安装包：

        下载地址：Releases · goharbor/harbor (github.com)

        也可以通过以下命令从github进行下载

# wget https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz

三、获取TLS文件（HTTP略过）

        Harbor 是一个开源的云原生容器镜像仓库，通常用于存储和管理 Docker 镜像。使用 HTTP 协议传输数据存在安全隐患，因此官方建议尽快升级到 HTTPS。

# mkdir -p /data/cert
# openssl req -newkey rsa:2048 -nodes -keyout /data/cert/harbor.key -x509 -days 365 -out /data/cert/harbor.crt

四、配置harbor

1.解压harbor安装包

# tar -zvxf harbor-offline-installer-v2.11.1.tgz

2.修改配置文件内容

        创建配置文件

# cd harbor/
# mv harbor.yml.tmpl harbor.yml

        编辑配置文件内容

# vi harbor.yml

hostname: www.Tjlyae.com 
http:
  port: 80	
https:		#如测试环境不启用https协议可以注释以下几行
  port: 443
  certificate: /data/cert/www.Tjlyae.com.crt		  
  private_key: /data/cert/www.Tjlyae.com.key
  
harbor_admin_password: Harbor12345
data_volume: /data

3.执行环境准备脚本

# ./prepare

prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

4.执行安装脚本

# ./install.sh


[Step 0]: checking if docker is installed ...

Note: docker version: 26.1.4

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.27.1

[Step 2]: loading Harbor images ...

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor

[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db     ... done
Creating registry      ... done
Creating registryctl   ... done
Creating redis         ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----

五、访问Harbor Web界面

        安装完成后，你可以通过浏览器访问Harbor Web界面。在浏览器中输入你配置的hostname（或IP地址）与端口信息，如：https://www.tjlyae.com:8080

 六、harbor容器启停

1.关闭harbor

        harbor容器的关闭需要再harbor目录下执行docker compose down命令， 仅停止并删除本地Docker主机上的harbor相关容器，但它不会影响Harbor仓库中的镜像。

# docker compose down

[+] Running 10/9
 ✔ Container nginx              Removed                                                                                                         0.4s
 ✔ Container registryctl        Removed                                                                                                         0.4s
 ✔ Container harbor-jobservice  Removed                                                                                                         0.4s
 ✔ Container harbor-portal      Removed                                                                                                         0.3s
 ✔ Container harbor-core        Removed                                                                                                         0.3s
 ✔ Container harbor-db          Removed                                                                                                         0.4s
 ✔ Container registry           Removed                                                                                                         0.3s
 ✔ Container redis              Removed                                                                                                         0.3s
 ✔ Container harbor-log         Removed                                                                                                        10.2s
 ✔ Network harbor_harbor        Removed                                                                                                         0.1s                                                                2.7s

2.开启harbor

        harbor容器的开启则是需要再harbor目录下执行docker compose up -d命令， 它会根据 docker-compose.yml 文件重新创建和启动容器

# docker compose up -d

[+] Running 10/10
 ✔ Network harbor_harbor        Created                                                                                                         0.1s
 ✔ Container harbor-log         Started                                                                                                         0.7s
 ✔ Container harbor-portal      Started                                                                                                         1.8s
 ✔ Container harbor-db          Started                                                                                                         1.4s
 ✔ Container registryctl        Started                                                                                                         1.9s
 ✔ Container redis              Started                                                                                                         1.6s
 ✔ Container registry           Started                                                                                                         1.7s
 ✔ Container harbor-core        Started                                                                                                         2.0s
 ✔ Container harbor-jobservice  Started                                                                                                         2.8s
 ✔ Container nginx              Started                

七、harbor的使用

1.登录harbor

        在docker主机上执行docker login www.tjlyae.com，输入账号及密码信息登录harbor

# docker login www.tjlyae.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2.镜像上传与下载

        镜像上传

# docker tag nessus:latest www.tjlyae.com/library/nessus:1.0
# docker push  www.tjlyae.com/library/nessus:1.0
The push refers to repository [www.tjlyae.com/library/nessus]
5674ba0dc5af: Pushed
8d01668276cb: Pushed
2af940cf5ed3: Pushed
39c541662e81: Pushed
8542abe291b5: Pushed
548a79621a42: Pushed
1.0: digest: sha256:f3c40a230981e86a2863828c80a0ad46e370118d49d22a25e9c2b31a207e43e1 size: 1574

        镜像上传成功后，就可以指定位置查看到相关信息

        镜像下载

# docker pull  www.tjlyae.com/library/nessus:1.0

---

总结

        Harbor为企业级容器镜像管理提供了强大的功能，支持用户认证、镜像复制、策略管理和审计日志等。在本教程中，我们介绍了如何在Linux上安装和配置Harbor，帮助你快速搭建一个私有的镜像仓库，为容器化应用的开发和部署提供有力支持。