Harbor私有仓库通过HTTP协议提供服务(不安全)

材料:

操作系统:centos 7

Harbor :harbor-online-installer-v1.5.0.tgz

Docker-compose : 1.20.0

安装:

1、下载harbor-online-installer-v1.5.0.tgz压缩包

2、tar zxvf harbor-online-installer-v1.5.0.tgz 加压

[root@hub home]# cd harbor/
[root@hub harbor]# ls
ca.crt  ca.key  common  docker-compose.clair.yml  docker-compose.notary.yml  docker-compose.yml  ha  harbor.cfg  install.sh  LICENSE  NOTICE  prepare

3、通过 nano 编辑harbor.cfg 文件

[root@hub harbor]# nano harbor.cfg 

  GNU nano 2.3.1                                                                   File: harbor.cfg                                                                                                                                              

## Configuration file of Harbor

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version = 1.5.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = hub.docker.*.com

#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = http

#Maximum number of job workers in job service
max_job_workers = 50

#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off the default key/cert will be used.
#This flag also controls the creation of the notary signer's cert.
customize_crt = on

#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

#The path of secretkey storage
secretkey_path = /data

#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
admiral_url = NA

#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
log_rotate_count = 50
#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
#are all valid.
log_rotate_size = 200M

#Config http proxy for Clair, e.g. http://my.proxy.com:3128
#Clair doesn't need to connect to harbor ui container via http proxy.
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,ui

#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties
#should be performed on web ui

#************************BEGIN INITIAL PROPERTIES************************

#Email account settings for sending out password resetting emails.
                                                                                                               [ Read 181 lines ]
^G Get Help                             ^O WriteOut                             ^R Read File                            ^Y Prev Page                            ^K Cut Text                             ^C Cur Pos
^X Exit                                 ^J Justify                              ^W Where Is                             ^V Next Page                            ^U UnCut Text                           ^T To Spell

 注:a、"hostname = hub.docker.*.com "配置harbor对外镜像的地址,可以是内网地址,这里同时决定了harbor界面pull命令的前缀(如果涉及到外网IP及端口映射,这里务必不能带端口)。

      b、ui_url_protocol = http 这里默认是https,需要修改为http

      c、harbor_admin_password = *** 修改harbor登录密码

4、如果需要修改端口(默认80)通过nano docker-compose.yml

proxy:
    image: vmware/nginx-photon:v1.5.0
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:
      - 3333:80
      - 443:443
      - 4443:4443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:
	syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"

5、通过./install.sh来完成镜像的拉取及服务的启动

[root@hub harbor]# ./install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 1.13.1

Note: docker-compose version: 1.20.0


[Step 1]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 2]: checking existing instance of Harbor ...


[Step 3]: starting Harbor ...
WARNING: The Docker Engine you're using is running in swarm mode.

Compose does not use swarm mode to deploy services to multiple nodes in a swarm. All containers will be scheduled on the current node.

To deploy your application across the swarm, use `docker stack deploy`.

Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating redis              ... done
Creating harbor-ui          ... 
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

6、浏览器访问:

Harbor私有仓库通过HTTP协议提供服务(不安全)_第1张图片

pull与push

由于registry 默认采用https 协议(通过编辑nano /etc/docker/daemon.json中添加insecure-registries 属性,会自动尝试http协议)

1、编辑"nano /etc/docker/daemon.json"

{
    "insecure-registries":["hub.docker.*.com:3333"]
}

注意:这里要带端口

2、通过 systemctl dadmon-reload 和systemctl restart docker 完成docker的重启 (针对toolbox 可以通过重启虚拟机来完成该重启)

3、通过 docker login 

[root@PB-Zh008 /]# docker login http://hub.docker.*.com:3333
Username: admin
Password: 
Login Succeeded

注意:1、docker login hub.docker.*.com:3333 与docker login http://hub.docker.*.com:3333 效果一致

        2、端口必须带

竣工!谢谢

你可能感兴趣的:(Harbor私有仓库通过HTTP协议提供服务(不安全))