Harbor2.1私服的搭建

Harbor2.1私服的搭建

基础环境的搭建

替换国内yum源

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache

配置时间同步

yum install net-tools -y
yum install chrony -y

sed -i "/server/d" /etc/chrony.conf

vi /etc/chrony.conf # 增加 server ntp.aliyun.com iburst

systemctl restart chronyd

chronyc tracking

安装docker

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
systemctl enable docker

```powershell
mkdir /etc/docker
cat > /etc/docker/daemon.json EOF << # 添加如下内容
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF

systemctl restart docker

安装docker-compose

curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

https证书的获取

创建证书目录

mkdir /mnt/cert
mkdir -p /mnt/harbor/ssl
mkdir -p /etc/docker/certs.d

获取CA证书

cd /mnt/cert
openssl genrsa -out ca.key 4096

yourdomain.com等于harbor主机的域名和IP都可以

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
 -key ca.key \
 -out ca.crt

生成服务器证书

openssl genrsa -out yourdomain.com.key 4096

openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
    -key yourdomain.com.key \
    -out yourdomain.com.csr

生成x509 v3扩展文件

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names   #这里是扩展。单个地址写成：“subjectAltName = IP：192.168.1.0 ”

[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF

使用v3.ext文件为您的Harbor主机生成证书、更换yourdomain.com网站在CRS和CRT文件名中使用端口主机名

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in yourdomain.com.csr \
    -out yourdomain.com.crt

cp yourdomain.com.crt /mnt/harbor/ssl/
cp yourdomain.com.key /mnt/harbor/ssl/

Docker提供证书

openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert

cp yourdomain.com.cert /etc/docker/certs.d/
cp yourdomain.com.key /etc/docker/certs.d/
cp ca.crt /etc/docker/certs.d/

搭建harbor

下载harbor源码包、并解压

wget https://github.com/goharbor/harbor/releases/download/v2.1.2/harbor-offline-installer-v2.1.2.tgz
tar xvf harbor-offline-installer-v1.7.5.tgz
mv harbor/*  /mnt/harbor/

cd /mnt/harbor
cp harbor.yml.tmpl  harbor.yml

修改端口、hostname、登录密码

vim harbor.yml

安装

./install.sh

使用prepare脚本将nginx配置为使用HTTPS

./prepare

docker-compose down -v
docker-compose up -d

浏览器访问测试

访问https://yourdomain.com

客户端运用仓库的配置

登录私服
docker login yourdomain.com

#以下配置以供格式的参考：
[root@ali19009 ~]# cat /etc/docker/daemon.json 
{
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"registry-mirrors": ["https://999zldxe.mirror.aliyuncs.com/"],
"insecure-registries": ["yourdomain.com:8443"]
}
systemctl daemon-reload
systemctl restart docker

#上传镜像
docker  push  yourdomain.com:8443/yunwei/nginx:1.1
#下载镜像
docker pull yourdomain.com:8443/yunwei/nginx:1.1

备注：http登录的配置和使用

vim harbor.yml
以下截图中都注释

执行安装脚本

./install.sh
docker-compose  ps -a

客户端docker的配置

执行命令查出docker.service的配置文件

systemctl status docker

切换到箭头指向的配置文件

vim /usr/lib/systemd/system/docker.service
#找到以下ExecStart=添加私服仓库的地址
ExecStart=/usr/bin/dockerd \
          --insecure-registry=10.10.10.9

加载配置，重新启动docker

systemctl daemon-reload
systemctl restart dcoker

登录验证

docker  login  10.10.10.9