私有docker register (Harbor)

环境准备

• Centos 7 mini
• docker
• docker-compose

安装docker

阿里云加速安装

curl -sSL http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/internet | sh -

systemctl enable docker
systemctl start docker

安装docker-compose

curl -L “https://github.com/docker/compose/releases/download/1.9.0/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose

搭建Harbor

下载代码

git clone https://github.com/vmware/harbor

修改配置

cd harbor/make/

vim harbor.cfg

配置样例如下 :

## Configuration file of Harbor

#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 指定 hostname，一般为IP，或者域名，用于登录 Web UI 界面
hostname = 10.211.55.17

#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
# URL 访问方式，SSL 需要配置 nginx
ui_url_protocol = http

#Email account settings for sending out password resetting emails.
# 邮件相关信息配置，如忘记密码发送邮件
email_server = smtp.xxxxxx.com
email_server_port = 465
email_username = reg@mritd.me
email_password = xxxxxx
email_from = docker <reg@mritd.me>
email_ssl = true

##The password of Harbor admin, change this before any production use.
# 默认的 Harbor 的管理员密码，管理员用户名默认 admin
harbor_admin_password = Harbor12345

##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
# 指定 Harbor 的权限验证方式，Harbor 支持本地的 mysql 数据存储密码，同时也支持 LDAP
auth_mode = db_auth

#The url for an ldap endpoint.
# 如果采用了 LDAP，此处填写 LDAP 地址
ldap_url = ldaps://ldap.mydomain.com

#The basedn template to look up a user in LDAP and verify the user's password.
# LADP 验证密码的方式(我特么没用过这么高级的玩意)
ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com

#The password for the root user of mysql db, change this before any production use.
# mysql 数据库 root 账户密码
db_password = root123

#Turn on or off the self-registration feature
# 是否允许开放注册
self_registration = on

#Turn on or off the customize your certicate
# 允许自签名证书
customize_crt = on

#fill in your certicate message
# 自签名证书信息
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = mritd
crt_organizationalunit = mritd
crt_commonname = mritd.me
crt_email = reg.mritd.me
#####

生成相关配置

cd harbor/make/

./prepare

编译 image 并启动

cd harbor/make/

docker-compose up -d

创建私有项目

• 
  
• 主页 (默认的访问地址即为 harbor.cfg 中 hostname 地址)
• 登录 (Harbor 默认管理员用户为 admin ，密码在 harbor.cfg 中设置过，默认的是 Harbor12345)
• 创建私有项目
  

Harbor 有一个项目的概念，项目名可以理解为 Docker Hub 的用户名，其下可以后很多 images，Harbor 的项目必须登录后方可 push，公有项目和私有项目的区别是对其他用户是否可见

push 镜像

• 
  
• 设置 http 仓库地址
  

根据 https://docs.docker.com/engine/admin/systemd/
给docker增加 –insecure-registry 10.211.55.17参数

• 登录私有库
  docker login 192.168.82.200:8080
• 对需要push的镜像打tag (，名称一定要标准( registryAddress[:端口]/项目/imageName[:tag] ))
  docker tag nginx:1.11.5 192.168.82.200:8080/tonychen/nginx:1.11.5
• push
  docker push 192.168.82.200:8080/tonychen/nginx:1.11.5

参考：
http://www.tuicool.com/articles/RvAF7nn