下载地址:https://github.com/goharbor/harbor
- 安装docker及docker-compose
- 下载harbor(https://goharbor.io/docs/1.10/install-config/)
- 生成ssl证书
1. 生成根证书(存放到目录/etc/docker/certs.d/reg.chexindata.com)
$ mkdir -p /etc/docker/certs.d/reg.chexindata.com && cd /etc/docker/certs.d/reg.chexindata.com
2. 创建自己的CA证书(不使用第三方权威机构的CA来认证,自己充当CA的角色
$ openssl genrsa -out ca.key 2048
3. 生成自签名证书(使用已有私钥ca.key自行签发根证书)
$ openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=Harbor-ca"
4. 生成服务器端私钥和CSR签名请求
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout server.key -out server.csr
5. 签发服务器证书
echo subjectAltName = IP:10.0.10.106 > extfile.cnf
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 -extfile extfile.cnf -out server.crt
- 解压harbor到目录/home/harbor,并修改配置文件harbor.yml(修改以下行)
#关闭http协议
#http:
# port for http, default is 80. If https enabled, this port will redirect to https port
# port: 80
#配置https协议
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/certs.d/reg.chexindata.com/server.crt
private_key: /etc/docker/certs.d/reg.chexindata.com/server.key
#修改harbor管理员密码
harbor_admin_password: 12345
- 启动harbor
#进入/home/harbor目录,分别执行以下操作
$ .prepare
$ .install.sh
- 浏览器访问harbor,输入https://reg.chexindata.com
- docker主机访问harbor
#增加信任服务器(不同操作系统有区别)
#centos7:修改/etc/docker/daemon.json配置
#mac:修改~/.docker/daemon.json
$ vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://m9byh65c.mirror.aliyuncs.com"],
#增加这条
"insecure-registries":["https://reg.chexindata.com"]
}
#重启docker
$ systemctl restart docker
#登录指令
$ docker login reg.chexindata.com
admin
123456
如果mac下,docker login 登录不成功,参考https://www.cnblogs.com/robinunix/p/11304237.html
- 至此,完成harbor的安装部署
注意:本文归作者所有,未经作者允许,不得转载
