【Docker】搭建Docker私有 Registry 服务器之Harbor
一、服务器端
1)准备工作:
1、服务器公网域名:141.141.221.61
2、准备一个域名(非域名也行,当时客户端配置下host:141.141.221.61 harbor.zbq.com 就行): harbor.zbq.com
2)安装步骤
1、下载Harbor包
下载地址:https://github.com/goharbor/harbor/tags
下载文件:harbor-offline-installer-v2.1.0-rc1.tgz
修改harbor.yml文件
若是本地的话还可能需要修改如下:
4、执行sh install.sh进行安装
异常情况:
1、No chain/target/match by that name. (exit status 1))
systemctl start firewalld.service
3)https设置
顺序执行,注意下面的harbor.zbq.com替换成你们自己约定的
1、
openssl genrsa -out ca.key 4096
2、
openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.zbq.com" \ -key ca.key \ -out ca.crt
3、
openssl genrsa -out harbor.zbq.com.key 4096
4、
openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.zbq.com" \ -key harbor.zbq.com.key \ -out harbor.zbq.com.csr
5、
cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=harbor.zbq.com DNS.2=harbor.zbq.com DNS.3=harbor.zbq.com EOF
6、
openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in harbor.zbq.com.csr \ -out harbor.zbq.com.crt
7、修改之前的harbor.yml,https部分的证书存放路径
# https related config https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /root/harbor/harbor.zbq.com.crt private_key: /root/harbor/harbor.zbq.com.key
8、执行 prepare脚本
./prepare
9、启动harbor服务
docker-compose up -d
二、客户端
本地host配置:141.141.221.61 harbor.zbq.com
1)浏览器访问
https://harbor.zbq.com
默认用户名密码: admin/Harbor12345
2)docker访问
1、下载服务端相关证书的三个文件
ca.crt, harbor.zbq.com.crt, and harbor.zbq.com.key
2、进入本地的docker目录,我的是:~/.docker,或者是/etc/docker
3、证书设置
3.1 创建certs.d目录
3.2 在certs.d目录下创建harbor.zbq.com目录
3.3 在harbor.zbq.com目录下,导入ca.crt, harbor.zbq.com.crt, and harbor.zbq.com.key三个文件
3.4 执行下面命令生成harbor.zbq.com.cert文件,然后删除harbor.zbq.com.crt
openssl x509 -inform PEM -in harbor.zbq.com.crt -out harbor.zbq.com.cert
4、重启docker
5、就可以正常登录harbor
docker login -u admin -p Harbor12345 harbor.zbq.com
参考文献:
https://goharbor.io/docs/2.0.0/install-config/configure-https/