|
安装docker,git 1
| yum install docker docker-logrotate -y
|
安装docker-compose
1
2
3
4
5
| yum install python-virtualenv -y
virtualenv ven_harbor
source ven_harbor/bin/activate
pip install --upgrade pip
pip install docker-compose
|
下载harbor
生成自签名证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| mkdir ca
cd ca
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout ca.key \
-x509 -days 365 -out ca.crt
# 如果需要使用IP访问,CN可以设置为IP,如:
# Common Name (eg, your name or your server's hostname) []:192.168.1.100
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
-out yourdomain.com.csr
touch /etc/pki/CA/index.txt
echo '01' > /etc/pki/CA/serial
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir .
# 如果打算使用IP方式访问registry,请将上面命令替换为如下命令,your_ip,为harbor所在的服务器的IP,
# 默认情况下,https仅支持域名访问,若使用上面的命令进行签名,执行docker login your_ip,会有如下报错
# Failed to tls handshake with x.x.x.x x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs
echo subjectAltName = IP:your_ip > extfile.cnf
openssl ca -in your_ip.csr -out your_ip.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf -outdir .
|
安装harbor 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| # 编辑 ~/harbor/harbor.cfg
hostname = yourdomain.com # 如果使用Ip访问,请修改为IP,如:hostname=192.168.1.100
ui_url_protocol = https
harbor_admin_password = Harbor12345
auth_mode = db_auth
db_password = root123
ssl_cert = /root/cert/yourdomain.com.crt
ssl_cert_key = /root/cert/yourdomain.com.key
# 编辑docker-compose.yml
proxy:
image: library/nginx:1.11.5
restart: always
volumes:
- ./config/nginx:/etc/nginx
ports:
- 8000:80
- 4433:443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
# 编辑templates/registry/config.yml,在ui_url后面添加4433
auth:
token:
issuer: registry-token-issuer
realm: $ui_url:4433/service/token
rootcertbundle: /etc/registry/root.crt
service: token-service
# 编辑 templates/nginx/nginx.https.conf,在$$host后面添加4433
server {
listen 80;
#server_name harbordomain.com;
return 301 https://$$host:4433$$request_uri;
}
# 安装harbor
./install.sh
|
配置client - 将-insecure-registry从docker配置文件中移除,重启docker
- 复制ca.crt到client
1
2
| mkdir -p /etc/docker/certs.d/yourdomain.com:4433
cp ca.crt /etc/docker/certs.d/yourdomain.com:4433
|
创建项目
将镜像推送到harbor中
1
2
3
| docker login yourdomain.com:4433
docker tag centos:7 yourdomain.com:4433/test/centos:7
docker push yourdomain.com:4433/test/centos:7
|
|
|
|
|
|
|
|