harbor的安装部署
[前提条件]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1). Docker-compose提前安装 --》安装教程
2). openssl提前安装
3). python2.7以上版本提前安装
4). Docker提前安装好
[安装步骤]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1. 安装docker-compose
- apt install python3-pip # 安装pip
- pip install docker-compose # 通过pip来安装docker-compose
- docker-compose version # 查看docker-compose的版本
2. 下载离线包
wget https://github.com/goharbor/harbor/releases/download/v1.10.9/harbor-offline-installer-v1.10.9.tgz
3. 创建HTTP证书
- mkdir -p /cert/harbor
- chmod -R 777 /cert/harbor
- cd /cert/harbor
- openssl genrsa -des3 -out harbor.key 2048 # 创建服务器证书密钥文件harbor.key, 设置密码:mtyw
- openssl req -new -key harbor.key -out harbor.csr # 创建服务器证书的申请文件harbor.csr,输入密钥文件的密码
- cp harbor.key harbor.key.org # 备份一份服务器密钥文件
- openssl rsa -in harbor.key.org -out harbor.key # 去除文件口令,输入密钥文件的密码
- openssl x509 -req -days 3650 -in harbor.csr -signkey harbor.key -out harbor.crt # 创建一个10年证书
4. 解压软件包
- tar xzvf harbor-offline-installer-v1.10.9.tgz -C /usr/local/
- ls /usr/local/harbor
5. 修改配置文件
- vim /usr/local/harbor/harbor.yml # 修改配置文件
#将hostname改成本机IP或域名,不要用localhost,127.0.0.1或0.0.0.0,冒号后面都有一个空格
hostname: 192.168.0.101
ui_url_protoc0l: https
7. 更改默认端口
将http端口改成10080,因为默认用的80端口已经被占用,http可以指定任意端口
http:
port: 10080
#配置https的端口,只能使用443端口,更改证书路径,证书路径为刚刚生成的https证书的实际路径
https:
port: 443
certificate: /cert/harbor/harbor.crt
private_key: /cert/harbor/harbor.key
# 修改后台管理密码
harbor_admin_password: Harbor12345
# harbor的内部数据库密码
database:
password: root123
# 修改harbor数据存储路径与日志存储路径,目录要先创建好并赋予777权限
data_volume: /mnt/data/harbor-data
# 修改日志存放路径,默认路径为/var/log/harbor
log:
local:
localtion: /var/log/harbor
6. 安装harbor
- cd /usr/local/harbor
- ./install.sh
访问链接: https://192.168.1.214:443
账号密码: admin/Harbor12345
[添加信任]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
第1步: 追加配置
vim /etc/docker/daemon.json
{
"registry-mirrors":["https://reg-mirror.qiniu.com/"],
"insecure-registries": ["192.168.1.230:10080", "192.168.1.230:443"]
}
第2步: 拷贝证书
# 拷贝https证书文件harbor.crt到/etc/docker/certs.d/serverIp文件夹。每个docker都要拷贝证书文件
- mkdir -p /etc/docker/certs.d/192.168.1.230
- cp /cert/harbor/harbor.crt /etc/docker/certs.d/192.168.1.230/ca.crt
#注意,拷贝过去的证书文件名为 ca.crt `
第三步: 重启docker
- systemctl daemon-reload
- systemctl restart docker.service
第四步: 重启harbor
- cd /usr/local/harbor
- ./prepare
- docker-compose down
- docker-compose up -d
[pull操作]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- mkdir -p /etc/docker/certs.d/harbor181/
- cp /cert/harbor/harbor.crt /etc/docker/certs.d/harbor181/ca.crt
阅读建议
评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
