Harbor是一个开源的企业级Docker镜像存储和管理工具,可以帮助企业快速、安全地构建和发布Docker镜像。Harbor提供了安全的访问控制、镜像复制和扩展性等功能,使得团队内部可以方便地共享和管理Docker镜像。
前置条件
在安装Harbor之前,您需要确保已经安装了Docker,需提前下载好docker-compose和harbor安装包,在脚本注释中有对应下载地址。
#!/bin/bash
#install docker-compose https://github.com/docker/compose/releases
docker-compose &> /dev/null
if [ $? -eq 0 ];then
echo -e "docker-compose Installed [ \033[32m OK \033[0m ]"
else
cp docker-compose-linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
if [[ $? -eq 0 ]];then
echo -e "docker-compose installing [ \033[32m OK \033[0m ]"
else
echo -e "docker-compose installing [ \033[31m Failed \033[0m ]"
exit
fi
fi
#install harbor https://github.com/goharbor/harbor/releases/
tar xf harbor-offline-installer-v2.10.1.tgz -C /opt/
cd /opt/harbor
IP=$(ip addr | awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}' | head -n 1)
#change harbor.yml
cp harbor.yml.tmpl harbor.yml
mkdir -p /opt/harbor/data /opt/harbor/certs
sed -i "s/^hostname.*/hostname: $IP/g" harbor.yml
sed -i "s/^http:/#http:/" harbor.yml
sed -i "s/port: 80/#port: 80/" harbor.yml
sed -i "s#/your/certificate/path#/opt/harbor/certs/harbor.crt#" harbor.yml
sed -i "s#/your/private/key/path#/opt/harbor/certs/harbor.key#" harbor.yml
sed -i "s#data_volume: /data#data_volume: /opt/harbor/data#" harbor.yml
echo "-------------------------------set https----------------------------------"
echo "直接使用IP做https"
#https
cd certs
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=$IP" -key ca.key -out ca.crt
openssl genrsa -out harbor.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=$IP" -key harbor.key -out harbor.csr
cat > v3.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = IP:$IP
EOF
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.csr -out harbor.crt
openssl x509 -inform PEM -in harbor.crt -out harbor.cert
ls /opt/harbor/certs
mkdir -p /etc/docker/certs.d/$IP
cp harbor.cert harbor.key ca.crt /etc/docker/certs.d/$IP
sh /opt/harbor/install.sh --with-trivy
cat > /lib/systemd/system/harbor.service <<EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /opt/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /opt/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
EOF
systemctl enable harbor
echo -e "please login https://$IP
admin:Harbor12345"
页面登录: