1.需要的软件包上传
离线安装docker与harbor私有仓库时,需要先检查服务器openssl 是否安装,此处不再赘述。
上传docker-20.10.8.tgz、docker-compose与harbor-offline-installer-v1.9.3.tgz至服务器/root/tools路径下。
#安装包获取路径:
链接:https://pan.baidu.com/s/1L7GjwXhTfZPQATXXFqzUyQ?pwd=qqqq 提取码:qqqq
2.安装docker与docker-compose
① 安装docker-20.10.8.tgz;
tar -zxvf docker-20.10.8.tgz
mv docker/* /usr/bin/
vi /usr/lib/systemd/system/docker.service
chmod +x /usr/lib/systemd/system/docker.service
② 设置私仓服务器域名
echo "192.168.193.110 harbor.horton.com" >> /etc/hosts
③ 配置docker源
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https:// 192.168.193.110:80"], #https://地址:80
"exec-opts": ["native.cgroupdriver=systemd"] #设置Cgroup Driver为systemd
}
EOF
#重启docker
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
#查看版本
docker version
3.安装docker-compose
mv docker-compose/* /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#查看版本
docker-compose -version
4.harbor证书配置
①解压harbor离线包并且新建仓库文件夹
tar xzvf harbor-offline-installer-v1.9.3.tgz
mkdir -p /data/{cert,hub} && cd /data/hub
②生成证书
pwd
/data/hub
#生成 CA 证书私钥
openssl genrsa -out ca.key 4096
#生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 36500 \ #此处生成10年证书
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.kylin.com" \
-key ca.key \
-out ca.crt
#生成服务器私钥
openssl genrsa -out harbor.kylin.com.key 4096
#生成证书签名请求 (CSR)
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN= harbor.kylin.com" \
-key harbor.kylin.com.key \
-out harbor.kylin.com.csr
#生成 x509 v3 扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicCnotallow=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.kylin.com #全地址
DNS.2=harbor.kylin #去掉.com
DNS.3=harbor #hostname(主机名)
EOF
#使用该v3.ext文件为您的 Harbor 主机生成证书
openssl x509 -req -sha512 -days 36500 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.kylin.com.csr \
-out harbor.kylin.com.crt
#证书拷贝
cp harbor.kylin.com.crt /data/cert/
cp harbor. kylin.com.key /data/cert/
cp ca.crt /data/cert/
cd /data/cert/ && openssl x509 -inform PEM -in harbor. kylin.com.crt -out harbor. kylin.com.cert
mkdir -p /etc/docker/certs.d/harbor. kylin.com/ #目录harbor. kylin.com,证书指定的什么就设置什么!
cp harbor. kylin.com.cert /etc/docker/certs.d/harbor.kylin.com/
cp harbor. kylin.com.key /etc/docker/certs.d/harbor.kylin.com/
cp ca.crt /etc/docker/certs.d/harbor.kylin.com/
③部署harbor
cd /root/harbor/
备份yml文件:cp harbor.yml harbor.yml.bak
修改配置文件:vim harbor.yml
hostname:192.168.193.110 #IP或 reg.harbor.kylin.com都可
#http related config 禁用http所有内容
#http:
#port for http, default is 80. If https enabled, this port will redirect to https port
# port: 80
#https related config
https:
#https port for harbor, default is 443
port: 443
#The path of cert and key files for nginx
certificate: /data/cert/harbor. kylin.com.crt #SSL 证书的路径
private_key: /data/cert/harbor.kylin.com.key #SSL 密钥的路径
...
harbor_admin_password: Harbor12345 #admin用户密码,自行修改
!!!!注意要对其空格,不然会报错
④启动并且本地访问
./install.sh
5.本地登录docker仓库
docker login harbor.kylin.com
username : admin
password : Harbor12345
#问题:Error response for daemon:Get <https://192.168.193.110/v2/> : x509: cannot ……
#解决办法:
vim /usr/lib/systemd/system/docker.service
添加 --insecure-registry
6.Harbor相关命令
#停止harbor,停止容器:
docker-compose stop
启动容器
docker-compose up -d
