Harbor2.1私服的搭建
基础环境的搭建
替换国内yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
配置时间同步
yum install net-tools -y
yum install chrony -y
sed -i "/server/d" /etc/chrony.conf
vi /etc/chrony.conf # 增加 server ntp.aliyun.com iburst
systemctl restart chronyd
chronyc tracking
安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
systemctl enable docker
```powershell
mkdir /etc/docker
cat > /etc/docker/daemon.json EOF << # 添加如下内容
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl restart docker
安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
https证书的获取
创建证书目录
mkdir /mnt/cert
mkdir -p /mnt/harbor/ssl
mkdir -p /etc/docker/certs.d
获取CA证书
cd /mnt/cert
openssl genrsa -out ca.key 4096
yourdomain.com等于harbor主机的域名和IP都可以
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
-key ca.key \
-out ca.crt
生成服务器证书
openssl genrsa -out yourdomain.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
-key yourdomain.com.key \
-out yourdomain.com.csr
生成x509 v3扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names #这里是扩展。单个地址写成:“subjectAltName = IP:192.168.1.0 ”
[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF
使用v3.ext文件为您的Harbor主机生成证书、更换yourdomain.com网站在CRS和CRT文件名中使用端口主机名
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in yourdomain.com.csr \
-out yourdomain.com.crt
cp yourdomain.com.crt /mnt/harbor/ssl/
cp yourdomain.com.key /mnt/harbor/ssl/
Docker提供证书
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
cp yourdomain.com.cert /etc/docker/certs.d/
cp yourdomain.com.key /etc/docker/certs.d/
cp ca.crt /etc/docker/certs.d/
搭建harbor
下载harbor源码包、并解压
wget https://github.com/goharbor/harbor/releases/download/v2.1.2/harbor-offline-installer-v2.1.2.tgz
tar xvf harbor-offline-installer-v1.7.5.tgz
mv harbor/* /mnt/harbor/
cd /mnt/harbor
cp harbor.yml.tmpl harbor.yml
修改端口、hostname、登录密码
vim harbor.yml
安装
./install.sh
使用prepare脚本将nginx配置为使用HTTPS
./prepare
docker-compose down -v
docker-compose up -d
浏览器访问测试
访问https://yourdomain.com
客户端运用仓库的配置
登录私服
docker login yourdomain.com
#以下配置以供格式的参考:
[root@ali19009 ~]# cat /etc/docker/daemon.json
{
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"registry-mirrors": ["https://999zldxe.mirror.aliyuncs.com/"],
"insecure-registries": ["yourdomain.com:8443"]
}
systemctl daemon-reload
systemctl restart docker
#上传镜像
docker push yourdomain.com:8443/yunwei/nginx:1.1
#下载镜像
docker pull yourdomain.com:8443/yunwei/nginx:1.1
备注:http登录的配置和使用
vim harbor.yml
以下截图中都注释
执行安装脚本
./install.sh
docker-compose ps -a
客户端docker的配置
执行命令查出docker.service的配置文件
systemctl status docker
切换到箭头指向的配置文件
vim /usr/lib/systemd/system/docker.service
#找到以下ExecStart=添加私服仓库的地址
ExecStart=/usr/bin/dockerd \
--insecure-registry=10.10.10.9
加载配置,重新启动docker
systemctl daemon-reload
systemctl restart dcoker
登录验证
docker login 10.10.10.9