# curl -fsSL https://get.docker.com/ | sh
# systemctl start docker
# systemctl enable docker
# curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
# wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz
# tar -zxvf harbor-offline-installer-v2.0.0.tgz
# mv harbor /opt/
# cd /opt/harbor
# cp harbor.yml.tmpl harbor.yml
1. 生成根证书(存放到目录/etc/docker/certs.d/reg.niewx.club)
$ mkdir -p /etc/docker/certs.d/reg.niewx.club && cd /etc/docker/certs.d/reg.niewx.club
2. 创建自己的CA证书(不使用第三方权威机构的CA来认证,自己充当CA的角色
$ openssl genrsa -out ca.key 2048
3. 生成自签名证书(使用已有私钥ca.key自行签发根证书)
$ openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=Harbor-ca"
4. 生成服务器端私钥和CSR签名请求
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout server.key -out server.csr
5. 签发服务器证书
echo subjectAltName = IP:49.235.179.157 > extfile.cnf
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 -extfile extfile.cnf -out server.crt
6. 最终生成的证书如下
[root@VM_0_13_centos reg.niewx.club]# ls
ca.crt ca.key ca.srl extfile.cnf server.crt server.csr server.key
[root@VM_0_13_centos harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 1.1.1.1
# http related config
#http:
# port for http, default is 80. If https enabled, this port will redirect to https port
# port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/certs.d/reg.niewx.club/server.crt
private_key: /etc/docker/certs.d/reg.niewx.club/server.key
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: 123456
主要需要修改上面标记的选项。
# cd /opt/harbor
# ./ prepare
# ./install.sh --with-clair (启动扫描器)
启动日志显示上面则启动成功
如果修改了配置项需要重新启动harbor则重新执行以下命令即可
# cd /opt/harbor
# ./ prepare
# ./install.sh --with-clair (启动扫描器)
默认账号为admin,密码为你之前修改配置密码
项目管理,里面会有一个默认的公开项目library,所有人可以上传下载镜像
点击新建项目,输入项目名称,设置存储容量和是否公开
查看项目的镜像仓库,也可以查看推送命令推送镜像
首先需要配置docker认真地址
[root@node1 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["https://1.1.1.1"],
"registry-mirrors": ["https://yywkvob3.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
# systemctl daemon-reload && systemctl restart docker
# docker login 1.1.1.1 -u admin -p *****
# docker tag busybox:latest 1.1.1.1/library/busybox:latest
# docker push 1.1.1.1/library/busybox:latest
角色 | 权限说明 |
---|---|
访客 | 对于指定项目拥有只读权限 |
开发人员 | 对于指定项目拥有读写权限 |
维护人员 | 对于指定项目拥有读写权限,创建 Webhooks |
项目管理员 | 除了读写权限,同时拥有用户管理/镜像扫描等管理权限 |
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。