Harbor私有化镜像仓库 搭建（支持http,https登录）

关键字： Harbor, http, https, 私有化镜像仓库
概述：本文安装镜像设备未绑定域名，全为内网IP地址，仅供内部镜像存储使用

安装步骤

1、下载，解压harbor安装包

cd /data/package   #安装包放在此目录
wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.3.tgz
tar -zxf  harbor-online-installer-v1.6.3.tgz
mv harbor /data/   #安装目录放置/data

2、生成https证书

- 建立证书存放目录
mkdir /data/cert && cd /data/cert
- 获取CA证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650  \
     -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
     -key ca.key \
     -out ca.crt
- 生成服务器证书
openssl genrsa -out 172.16.0.133.key 4096   #创建自己的私钥
openssl req -sha512 -new       #生成证书签名请求
     -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=172.16.0.133" \
     -key 172.16.0.133.key \
     -out 172.16.0.133.csr
vim v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=172.16.0.133
DNS.2=hostname
openssl x509 -req -sha512 -days 3650 \        #生成注册表主机证书
     -extfile v3.ext \
     -CA ca.crt -CAkey ca.key -CAcreateserial \
     -in 172.16.0.133.csr \
     -out 172.16.0.133.crt

- 为harbor配置服务器证书和密钥
openssl x509 -inform PEM -in 172.16.0.133.crt -out 172.16.0.133.cert
为docker 配置 172.16.0.133.cert ，172.16.0.133.crt

3、修改harbor.cfg

cd /data/harbor  修改一下部分
hostname = 172.16.0.133:443     #修改为本机IP地址:443   443为https端口，若改为其他端口，需在docker-compose.yml文件中修改对应映射端口
ssl_cert = /data/cert/172.16.0.133.crt
ssl_cert_key = /data/cert/172.16.0.133.key

4、按照如下配置文件修改docker-compose.yml

version: '2'
services:
  log:
    image: goharbor/harbor-log:v1.6.3
    container_name: harbor-log 
    restart: always
    volumes:
      - /data/harbor/log/harbor/:/var/log/docker/:z
      - ./common/config/log/:/etc/logrotate.d/:z
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: goharbor/registry-photon:v2.6.2-v1.6.3
    container_name: registry
    restart: always
    volumes:
      - /data/harbor/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
    networks:
      - harbor
    environment:
      - GODEBUG=netdns=cgo
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  postgresql:
    image: goharbor/harbor-db:v1.6.3
    container_name: harbor-db
    restart: always
    volumes:
      - /data/harbor/database:/var/lib/postgresql/data:z
    networks:
      - harbor
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "postgresql"
  adminserver:
    image: goharbor/harbor-adminserver:v1.6.3
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    volumes:
      - /data/harbor/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/harbor/:/data/:z
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"
  ui:
    image: goharbor/harbor-ui:v1.6.3
    container_name: harbor-ui
    env_file:
      - ./common/config/ui/env
    restart: always
    volumes:
      - ./common/config/ui/app.conf:/etc/ui/app.conf:z
      - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
      - ./common/config/ui/certificates/:/etc/ui/certificates/:z
      - /data/secretkey:/etc/ui/key:z
      - /data/harbor/ca_download/:/etc/ui/ca/:z
      - /data/harbor/psc/:/etc/ui/token/:z
    networks:
      - harbor
    depends_on:
      - log
      - adminserver
      - registry
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "ui"
  jobservice:
    image: goharbor/harbor-jobservice:v1.6.3
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    volumes:
      - /data/harbor/job_logs:/var/log/jobs:z
      - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
    networks:
      - harbor
    depends_on:
      - redis
      - ui
      - adminserver
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  redis:
    image: goharbor/redis-photon:v1.6.3
    container_name: redis
    restart: always
    volumes:
      - /data/harbor/redis:/var/lib/redis
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "redis"
  proxy:
    image: goharbor/nginx-photon:v1.6.3
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:              #此处修改映射端口关系    本机PORT:容器内PORT
      - 80:80            
      - 443:443
      - 4443:4443
    depends_on:
      - postgresql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

5、安装

sudo ./install.sh
[Step 2]: checking existing instance of Harbor ...

[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating harbor-db          ... done
Creating registry           ... done
Creating redis              ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://172.16.0.133:443.
For more details, please visit https://github.com/goharbor/harbor .
说明镜像安装没有问题
确认镜像是否都启动成功
sudo docker ps 
7cd627de0fdd        goharbor/harbor-jobservice:v1.6.3        "/harbor/start.sh"       5 days ago          Up 5 days                                                                                harbor-jobservice
1e5b0ddff45f        goharbor/nginx-photon:v1.6.3             "nginx -g 'daemon of…"   5 days ago          Up 5 days (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
15d2ef93d888        goharbor/harbor-ui:v1.6.3                "/harbor/start.sh"       5 days ago          Up 5 days (healthy)                                                                      harbor-ui
311461f53193        goharbor/harbor-adminserver:v1.6.3       "/harbor/start.sh"       5 days ago          Up 5 days (healthy)                                                                      harbor-adminserver
a2b84c8ab2f5        goharbor/harbor-db:v1.6.3                "/entrypoint.sh post…"   5 days ago          Up 5 days (healthy)   5432/tcp                                                           harbor-db
ebead84f59a7        goharbor/registry-photon:v2.6.2-v1.6.3   "/entrypoint.sh /etc…"   5 days ago          Up 5 days (healthy)   5000/tcp                                                           registry
3295bd43e7cc        goharbor/redis-photon:v1.6.3             "docker-entrypoint.s…"   5 days ago          Up 5 days             6379/tcp                                                           redis
32191893a26d        goharbor/harbor-log:v1.6.3               "/bin/sh -c /usr/loc…"   5 days ago          Up 5 days (healthy)   127.0.0.1:1514->10514/tcp 

6、访问

image.png

https://github.com/goharbor/harbor/blob/master/docs/configure_https.md