安装harbor并配置https

安装docker

yum install -y yum-utils

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
    
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

systemctl restart docker
systemctl enable docker

下载并配置docker-compose

wget https://github.com/docker/compose/releases/download/v2.7.0/docker-compose-linux-x86_64
chmod +x docker-compose-linux-x86_64 
./docker-compose-linux-x86_64 --version
cp docker-compose-linux-x86_64 /usr/bin/docker-compose

下载harbor

https://github.com/goharbor/harbor/releases/download/v2.5.3/harbor-offline-installer-v2.5.3.tgz 

解压

tar -zxvf harbor-offline-installer-v2.5.3.tgz 

创建证书

mkdir -p /root/harbor/cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.yangzhenyu.com" -key ca.key -out ca.crt
openssl genrsa -out harbor.yangzhenyu.com.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.yangzhenyu.com" -key harbor.yangzhenyu.com.key -out harbor.yangzhenyu.com.csr
ll
total 16
-rw-r--r--. 1 root root 2053 Jul 29 14:55 ca.crt
-rw-r--r--. 1 root root 3247 Jul 29 14:54 ca.key
-rw-r--r--. 1 root root 1716 Jul 29 14:56 harbor.yangzhenyu.com.csr
-rw-r--r--. 1 root root 3243 Jul 29 14:55 harbor.yangzhenyu.com.key

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.yangzhenyu.com
DNS.2=localhost
EOF

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.yangzhenyu.com.csr -out harbor.yangzhenyu.com.crt
openssl x509 -inform PEM -in harbor.yangzhenyu.com.crt -out harbor.yangzhenyu.com.cert

ll
total 32
-rw-r--r--. 1 root root 2053 Jul 29 14:55 ca.crt
-rw-r--r--. 1 root root 3247 Jul 29 14:54 ca.key
-rw-r--r--. 1 root root   17 Jul 29 15:34 ca.srl
-rw-r--r--. 1 root root 2114 Jul 29 15:35 harbor.yangzhenyu.com.cert
-rw-r--r--. 1 root root 2114 Jul 29 15:34 harbor.yangzhenyu.com.crt
-rw-r--r--. 1 root root 1716 Jul 29 14:56 harbor.yangzhenyu.com.csr
-rw-r--r--. 1 root root 3243 Jul 29 14:55 harbor.yangzhenyu.com.key
-rw-r--r--. 1 root root  256 Jul 29 15:33 v3.ext

配置harbor.yml

cd harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml

安装harbor

./prepare 

./install.sh

浏览器进行访问,密码默认Harbor12345 

需要使用docker harbor的服务器需要修改的配置

添加registries

cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://2mrc6wis.mirror.aliyuncs.com"],
  "insecure-registries": ["https://harbor.yangzhenyu.com"]
}

证书添加到指定目录

scp harbor.yangzhenyu.com.crt 10.211.55.20:/etc/docker/certs.d/harbor.yangzhenyu.com/

重启

systemctl daemon-reload
systemctl restart docker

使用docker login 发现有报错最后排查因为selinux没关闭

[root@centos-linux cert]# docker login harbor.yangzhenyu.com
Username: admin
Password: 
Error response from daemon: login attempt to http://harbor.yangzhenyu.com/v2/ failed with status: 502 Bad Gateway

setenforce 0

 

上传一个镜像测试

docker push harbor.yangzhenyu.com/nginx/nginx:latest

posted @ 2022-07-29 16:38  Maniana  阅读(221)  评论(0编辑  收藏  举报