阿里云主机使用 docker-compose 部署 harbor 镜像仓库
现在国内 dockerhub 镜像加速多多少少都有问题,这里采用离线包的方式来部署
找到对应的版本,下载带有 offline 字眼的包,我这里部署的是
2.9.4
版本
docker-compose 安装
这里就默认大家都有 docker 环境
我这里下载的是
v2.26.0
版本
cp docker-compose-linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
验证 docker-compose 命令
docker-compose --version
正常返回版本号
Docker Compose version v2.26.0
harbor 安装
下载完成后,解压安装包
tar xvf harbor-offline-installer-v2.9.4.tgz
cd harbor
修改配置文件
cp harbor.yml.tmpl harbor.yml
我只修改了下面几个配置,然后注释了 https 的配置
# 如果只是内网访问,设置为内网 IP,别用 127.0.0.1 或者 localhost 这种地址
# 如果需要外网访问,就必须设置为外网域名或 IP
hostname: core.harbor.domain.com
# 浏览器访问的端口,默认是 80,看自己的需要调整
http:
port: 8888
# 没考虑 ssl,就注释了下面 https 相关的配置
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# harbor 的 admin 密码
harbor_admin_password: CN@harbor
# harbor 的数据持久化目录,选一个自己磁盘充足的目录
data_volume: /data/harbor-2.9.4/harbor-data
导入离线镜像
离线包的好处就是镜像都打包好了,直接导入就可以了
docker load -i harbor.v2.9.4.tar.gz
部署前预处理
./prepare
返回下面这些内容,说明预处理完成了
预处理就是把
harbor.yml
的内容,生成 harbor 的配置文件
prepare base dir is set to /data/harbor-2.9.4
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
开始安装
./install.sh
一顿输出,看到 successfully 说明安装完成了
[Step 0]: checking if docker is installed ...
Note: docker version: 25.0.4
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.24.7
[Step 2]: loading Harbor images ...
Loaded image: goharbor/nginx-photon:v2.9.4
Loaded image: goharbor/trivy-adapter-photon:v2.9.4
Loaded image: goharbor/harbor-portal:v2.9.4
Loaded image: goharbor/harbor-core:v2.9.4
Loaded image: goharbor/harbor-log:v2.9.4
Loaded image: goharbor/harbor-jobservice:v2.9.4
Loaded image: goharbor/harbor-exporter:v2.9.4
Loaded image: goharbor/prepare:v2.9.4
Loaded image: goharbor/harbor-db:v2.9.4
Loaded image: goharbor/harbor-registryctl:v2.9.4
Loaded image: goharbor/redis-photon:v2.9.4
Loaded image: goharbor/registry-photon:v2.9.4
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/harbor-2.9.4
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Running 9/10
⠸ Network harbor-294_harbor Created 2.3s
✔ Container harbor-log Started 0.6s
✔ Container harbor-portal Started 1.2s
✔ Container registryctl Started 1.2s
✔ Container harbor-db Started 1.3s
✔ Container redis Started 1.0s
✔ Container registry Started 1.3s
✔ Container harbor-core Started 1.5s
✔ Container nginx Started 2.0s
✔ Container harbor-jobservice Started 1.9s
✔ ----Harbor has been installed and started successfully.----
查看服务
docker-compose ps
STATUS 这块都是 Up 就说明起来了
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.9.4 "/harbor/entrypoint.…" core About a minute ago Up About a minute (healthy)
harbor-db goharbor/harbor-db:v2.9.4 "/docker-entrypoint.…" postgresql About a minute ago Up About a minute (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.9.4 "/harbor/entrypoint.…" jobservice About a minute ago Up 58 seconds (healthy)
harbor-log goharbor/harbor-log:v2.9.4 "/bin/sh -c /usr/loc…" log About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.9.4 "nginx -g 'daemon of…" portal About a minute ago Up About a minute (healthy)
nginx goharbor/nginx-photon:v2.9.4 "nginx -g 'daemon of…" proxy About a minute ago Up About a minute (healthy) 0.0.0.0:9999->8080/tcp, :::9999->8080/tcp
redis goharbor/redis-photon:v2.9.4 "redis-server /etc/r…" redis About a minute ago Up About a minute (healthy)
registry goharbor/registry-photon:v2.9.4 "/home/harbor/entryp…" registry About a minute ago Up About a minute (healthy)
registryctl goharbor/harbor-registryctl:v2.9.4 "/home/harbor/start.…" registryctl About a minute ago Up About a minute (healthy)
开通安全策略组
在阿里云控制台里面开启对应的网络安全策略组
docker 配置
这里可以配置内网的 ip 地址,只要公网能通,就不影响,配置到
/etc/docker/daemon.json
里面
"insecure-registries": ["http://172.17.133.182:9999"]
登录验证
docker login 172.17.133.182:9999
输入用户名和密码,返回 Login Succeeded 说明成功了
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded