离线安装包

wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz

SSL证书

CA私钥

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Shanghai/L=Shanghai/O=harbor/OU=Personal/CN=harbor-test.com" \
 -key ca.key \
 -out ca.crt
# 若要通过FQDN连接harbor，就必须指定CN（Common Name）

Server证书

私钥

openssl genrsa -out harbor-test.com.key 4096

openssl req -sha512 -new \
  -subj "/C=CN/ST=Shanghai/L=Shanghai/O=harbor/OU=Personal/CN=harbor-test.com" \
  -key harbor-test.com.key \
  -out harbor-test.com.csr

x509 v3 extension file

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1=192.168.1.78
DNS.1=harbor-test.com
DNS.2=harbor-test
DNS.3=harbor
EOF

crt file

openssl x509 -req -sha512 -days 3650 \
  -extfile v3.ext \
  -CA ca.crt -CAkey ca.key -CAcreateserial \
  -in harbor-test.com.csr \
  -out harbor-test.com.crt

cp harbor-test.com.crt /data/cert/
cp harbor-test.com.key /data/cert/

Docker证书

转换证书格式

openssl x509 -inform PEM -in harbor-test.com.crt -out harbor-test.com.cert
# Docker守护进程（Docker daemon）使用crt文件作为CA证书，使用cert文件作为客户端证书

cp harbor-test.com.cert /etc/docker/certs.d/harbor-test.com/
cp harbor-test.com.key /etc/docker/certs.d/harbor-test.com/
cp ca.crt /etc/docker/certs.d/harbor-test.com/
systemctl restart docker

将ca.crt复制到client的/etc/docker/certs.d/harbor-test.com/目录下，然后systemctl restart docker
将192.168.1.78 harbor-test.com加入到客户端/etc/hosts

配置harbor

vim harbor.yml

修改以下字段

hostname: harbor-test.com
certificate: /data/cert/harbor-test.com.crt
private_key: /data/cert/harbor-test.com.key

配置&安装Harbor

./prepare
./install.sh

停止Harbor

docker-compose down -v

重启Harbor

docker-compose up -d

远程访问

Browser

https://192.168.1.78

Docker

docker login harbor-test.com
docker push harbor-test/[project-name]/[image-name]:[tag-name]
docker pull harbor-test/[project-name]/[image-name]:[tag-name]

Installation with Notary

To-Do

Installation with Clair

To-Do

Installation with Chart Repository Service

To-Do

https://github.com/goharbor/harbor/blob/master/docs/1.10/install-config/configure-yml-file.md

Harbor

离线安装包

SSL证书

CA私钥

Server证书

私钥

CSR

x509 v3 extension file

crt file

复制证书到harbor的证书目录

Docker证书

转换证书格式

复制证书到Docker配置目录

将ca.crt复制到client的`/etc/docker/certs.d/harbor-test.com/`目录下，然后`systemctl restart docker`

将`192.168.1.78 harbor-test.com`加入到客户端`/etc/hosts`

配置harbor

修改以下字段

配置&安装Harbor

停止Harbor

重启Harbor

远程访问

Browser

Docker

Installation with Notary

To-Do

Installation with Clair

To-Do

Installation with Chart Repository Service

To-Do

你可能感兴趣的:(Harbor)

Harbor

离线安装包

SSL证书

CA私钥

Server证书

私钥

CSR

x509 v3 extension file

crt file

复制证书到harbor的证书目录

Docker证书

转换证书格式

复制证书到Docker配置目录

将ca.crt复制到client的/etc/docker/certs.d/harbor-test.com/目录下，然后systemctl restart docker

将192.168.1.78 harbor-test.com加入到客户端/etc/hosts

配置harbor

修改以下字段

配置&安装Harbor

停止Harbor

重启Harbor

远程访问

Browser

Docker

Installation with Notary

To-Do

Installation with Clair

To-Do

Installation with Chart Repository Service

To-Do

你可能感兴趣的:(Harbor)

将ca.crt复制到client的`/etc/docker/certs.d/harbor-test.com/`目录下，然后`systemctl restart docker`

将`192.168.1.78 harbor-test.com`加入到客户端`/etc/hosts`