一、基本安装
docker docker-compose
二、https访问harbor需要自定义证书
1、首先创建存放证书的目录,到对应目录证书的位置
[root@host1 harbor]# mkdir /opt/cert && cd /opt/cert
2、创建自己的CA证书(生成私钥,无加密)
[root@host1 cert]# openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=Harbor-ca"
3、生成自签名证书(使用已有私钥ca.key自行签发根证书)
[root@host1 cert]# openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=Harbor-ca"
req 产生证书签发申请命令
-x509 签发X.509格式证书命令。X.509是最通用的一种签名证书格式。
-new 生成证书请求
-key 指定私钥文件
-nodes 表示私钥不加密
-out 输出
-subj 指定用户信息
-days 有效期
4、生成服务器端私钥和CSR签名请求
[root@host1 cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout server.key -out server.csr
Generating a 4096 bit RSA private key
...............................................................................................................................................................................................................++
..................................................................................++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:192.168.2.4
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
5、签发服务器证书
[root@host1 cert]# echo subjectAltName = IP:192.168.2.4 > extfile.cnf
[root@host1 cert]# openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 10000 -extfile extfile.cnf -out server.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=192.168.2.4
Getting CA Private Key
6、下载安装harbor
wget https://github.com/goharbor/harbor/releases/download/v2.3.4/harbor-offline-installer-v2.3.4.tgz
可以在 以下地址下载离线安装包
https://github.com/ 搜索 goharbor/harbor 找到releases下载
7、解压
[root@host1 src]# tar xvf harbor-offline-installer-v2.3.4.tgz
8、修改配置文件
[root@host1 src]# cd harbor
[root@host1 harbor]# ll
总用量 596284
-rw-r--r--. 1 root root 3361 11月 9 2021 common.sh
-rw-r--r--. 1 root root 610560420 11月 9 2021 harbor.v2.3.4.tar.gz
-rw-r--r--. 1 root root 7840 11月 9 2021 harbor.yml.tmpl
-rwxr-xr-x. 1 root root 2500 11月 9 2021 install.sh
-rw-r--r--. 1 root root 11347 11月 9 2021 LICENSE
-rwxr-xr-x. 1 root root 1881 11月 9 2021 prepare
[root@host1 harbor]# cp harbor.yml.tmpl harbor.yml
[root@host1 harbor]# vi harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.2.4 #修改主机名,可以是域名也可以是ip
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8000 # 端口号
# https related config
https: #打开注释
# https port for harbor, default is 443
port: 5000 #可以使用默认的443
# The path of cert and key files for nginx
# 因为k8s获取harbor仓库的镜像是使用的https,所有需要用证书
certificate: /opt/cert/ca.crt # 自定义证书位置目录
private_key: /opt/cert/ca.key # 自定义私钥目录
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
........
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345 #修改harbor登录的密码
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900
# The default data volume
data_volume: /opt/harbor/images #指定harbor仓库存放镜像位置
9、装好docker-compose后,为harbor生成配置文件
[root@host1 harbor]# systemctl restart docker
[root@host1 harbor]# ./prepare
10、启动harbor
[root@host1 harbor]# docker-compose up -d
11、浏览器测试登录