【Docker】搭建Docker私有 Registry 服务器之Harbor

 
 
 

一、服务器端

1)准备工作:

1、服务器公网域名:141.141.221.61

2、准备一个域名(非域名也行,当时客户端配置下host:141.141.221.61 harbor.zbq.com 就行): harbor.zbq.com 

2)安装步骤

1、下载Harbor包

下载地址:https://github.com/goharbor/harbor/tags
下载文件:harbor-offline-installer-v2.1.0-rc1.tgz

2、解压并进入包目录
3、复制harbor.yml.tmpl去掉.tmpl 

修改harbor.yml文件

1)hostname指定你域名  harbor.zbq.com 
若是本地的话还可能需要修改如下:
2)data_volume 指定你本地的路径,默认: /data,比如:/Users/zhangboqing/Software/localenv/docker/data
3)log.location指定你本地的路径,默认:/var/log/harbor,比如: /Users/zhangboqing/Software/localenv/docker/log/harbor
4)http.port,默认80,比如:8180 

4、执行sh install.sh进行安装
异常情况:

1、No chain/target/match by that name.  (exit status 1))
systemctl start firewalld.service

 

3)https设置

顺序执行,注意下面的harbor.zbq.com替换成你们自己约定的

1、

 openssl genrsa -out ca.key 4096

 

2、

openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.zbq.com" \
-key ca.key \
-out ca.crt 

3、

openssl genrsa -out harbor.zbq.com.key 4096

4、

openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.zbq.com" \
    -key harbor.zbq.com.key \
    -out harbor.zbq.com.csr

5、

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.zbq.com
DNS.2=harbor.zbq.com
DNS.3=harbor.zbq.com
EOF

6、

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.zbq.com.csr \
    -out harbor.zbq.com.crt

7、修改之前的harbor.yml,https部分的证书存放路径

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /root/harbor/harbor.zbq.com.crt
  private_key: /root/harbor/harbor.zbq.com.key

8、执行 prepare脚本

./prepare

9、启动harbor服务

docker-compose up -d

 

二、客户端

本地host配置:141.141.221.61 harbor.zbq.com 

1)浏览器访问

https://harbor.zbq.com 

默认用户名密码: admin/Harbor12345

2)docker访问

1、下载服务端相关证书的三个文件

ca.crt, harbor.zbq.com.crt, and harbor.zbq.com.key

2、进入本地的docker目录,我的是:~/.docker,或者是/etc/docker

3、证书设置

3.1 创建certs.d目录

3.2 在certs.d目录下创建harbor.zbq.com目录

3.3 在harbor.zbq.com目录下,导入ca.crt, harbor.zbq.com.crt, and harbor.zbq.com.key三个文件

3.4 执行下面命令生成harbor.zbq.com.cert文件,然后删除harbor.zbq.com.crt

openssl x509 -inform PEM -in harbor.zbq.com.crt -out harbor.zbq.com.cert

4、重启docker

5、就可以正常登录harbor

docker login -u admin -p Harbor12345 harbor.zbq.com

参考文献:

https://goharbor.io/docs/2.0.0/install-config/configure-https/ 

posted @ 2020-09-02 22:47  N!CE波  阅读(259)  评论(0编辑  收藏  举报