一、下载安装包
1、下载安装包地址
https://github.com/goharbor/harbor/releases
https://github.com/docker/compose/releases
说明:harbor对应docker、docker-compose有版本要求
二、安装docker-ce
1、安装docker-ce
# 脚本安装docker
https://blog.csdn.net/weixin_43086864/article/details/124896912
# 手动安装docker
yum -y install docker-ce-19.03.12
2、启动docker服务
systemctl enable docker
systemctl start docker
3、设置daemon.json
[root@centos harbor]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://15y9mzqb.mirror.aliyuncs.com"],
"insecure-registries": ["xxxxxx"],
"graph": "/data/docker"
}
说明:
1)insecure-registries:是指忽略域名检查
2)registry-mirrors:是指镜像加速器
3)graph:是指数据存储路径
4、执行命令
systemctl daemon-reload
systemctl restart docker
5、查看docker运行状态
systemctl status docker
ps aux |grep docker
三、安装harbor
1、解压文件:harbor-offline
cd /root
tar -xvf harbor-offline-installer-v2.1.2.tgz -C /opt/
2、更改docker-compose
mv docker-compose-Linux-x86_64 docker-compose
chmod +x docker-compose
cp -av docker-compose /usr/bin
# 查看docker-compose版本
[root@centos ~]# docker-compose -v
docker-compose version 1.27.4, build 40524192
3、创建自制证书(有证书——略)
#创建CA证书
openssl genrsa -out cakey.pem 2048 #cakey
openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem #cacert
#创建网站证书
openssl genrsa -out ssl.key 2048 #key
openssl req -new -key ssl.key -out ssl.csr #csr
# vim 127.0.0.1.ext
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName=@SubjectAlternativeName
[ SubjectAlternativeName ]
IP.1 = 127.0.0.1
DNS.1 = xxxxx
DNS.2 = localdomain
IP.1 = 1.1.1.1
说明:
1)DNS.1 = xxxxx 可以是域名或IP地址
# 获取ssl.crt证书
openssl x509 -req -in ssl.csr -extfile 127.0.0.1.ext -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out ssl.crt -days 3650
说明:
1)请将ssl.crt 、ssl.key这两个文件拷贝到/opt/harbor/目录
cp -av ssl.crt /opt/harbor/
cp -av ssl.key /opt/harbor
4、设置harbor.yml
[root@centos harbor]# cat harbor.yml |grep -v '#' |grep -v '^$'
hostname: xxxxx
http:
port: 2080
https:
port: 2443
certificate: /opt/harbor/xxxxxx.crt
private_key: /opt/harbor/xxxxx.key
harbor_admin_password: xxxxx
database:
password: xxxxxx
max_idle_conns: 50
max_open_conns: 1000
……
说明:
1)请注意hostname、https、harbor_admin_password、database、data_volume这些参数更改
5、执行命令安装
cd /opt/harbor/
[root@centos harbor]# ./install.sh
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating redis ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating harbor-portal ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
说明:
1)离线安装harbor仓库ok
6、查看harbor状态
cd /opt/harbor/
[root@centos harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh Up (healthy)
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy)
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp
redis redis-server /etc/redis.conf Up (healthy)
registry /home/harbor/entrypoint.sh Up (healthy)
registryctl /home/harbor/start.sh Up (healthy)
四、验证harbor
1、查看证书
[root@centos harbor]# curl -iv https://xxxxxx
* About to connect() to registry.gycg.shuzhi.city port 2433 (#0)
* Trying 172.20.32.9...
* Connection refused
* Failed connect to xxxxxx:2433; Connection refused
* Closing connection 0
curl: (7) Failed connect to xxxxxx:2433; Connection refused
[root@master3 harbor]# curl -iv https://xxxxxx:2443/
* About to connect() to xxxxxx port 2443 (#0)
* Trying 172.20.32.9...
* Connected to xxxxxx (172.20.32.9) port 2443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=xxxxxx
* start date: Dec 17 00:00:00 2020 GMT
* expire date: Dec 16 23:59:59 2021 GMT
* common name: xxxxxx
* issuer: CN=TrustAsia TLS RSA CA,OU=Domain Validated SSL,O="TrustAsia Technologies, Inc.",C=CN
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xxxxxx:2443
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx
Server: nginx
说明:
1)证书xxxxxx生效,失效时间:expire date: Dec 15 03:18:16 2030
2、登录harbor验证
[root@centos harbor]# docker login https://xxxxxx
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
说明:
1)Login Succeeded:是指登录harbor仓库ok
3、页面验证
https://xxxxxx
账号: admin
密码:xxxxxxxxx