博客原文
让apt可以支持HTTPS
# 顺便安装 openssl
apt install apt-transport-https ca-certificates curl software-properties-common openssl -y
安装 docker-ce
# 添加apt gpg阿里源公钥
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# 添加apt docker阿里源
add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable"
# 更新包列表
apt update
# 安装 docker-ce
apt install -y docker-ce
配置 docker 阿里源镜像地址
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://nol6uuul.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://dockerhub.azk8s.cn",
"http://hub-mirror.c.163.com"
]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
docker version
curl -SL https://github.com/docker/compose/releases/download/v2.24.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# 创建软链接
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
#Docker Compose version v2.24.1
gen_certs.sh:
#!/bin/bash
# ca
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=myharbor.com" \
-key ca.key \
-out ca.crt
# server sert
openssl genrsa -out myharbor.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=myharbor.com" \
-key myharbor.com.key \
-out myharbor.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=myharbor.com
DNS.2=myharbor
DNS.3=hostname
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in myharbor.com.csr \
-out myharbor.com.crt
# 把服务器证书复制到 harbor 证书目录
mkdir -p /data/cert/
cp myharbor.com.crt /data/cert/
cp myharbor.com.key /data/cert/
# 将 crt 证书转换为 cert 供 docker 使用
openssl x509 -inform PEM -in myharbor.com.crt -out myharbor.com.cert
mkdir -p /etc/docker/certs.d/myharbor.com/
# 如果将默认的 nginx 端口 443 映射到其他端口,请创建 /etc/docker/certs.d/myharbor.com:port 或 /etc/docker/certs.d/harbor_IP:port 文件夹。
cp myharbor.com.cert /etc/docker/certs.d/myharbor.com/
cp myharbor.com.key /etc/docker/certs.d/myharbor.com/
cp ca.crt /etc/docker/certs.d/myharbor.com/
systemctl restart docker
sed 快捷替换 harbor 地址:
sed -i 's/myharbor.com/yourdomain.com/g'
运行脚本
$ ./gen_certs.sh
到 github harbor release 下载安装包
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-online-installer-v2.10.0.tgz | tar zxvf harbor-online-installer-v2.10.0.tgz
cd harbor
# 修改配置文件
mv harbor.yml.tmpl harbor.yml
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz | tar zxvf harbor-online-installer-v2.10.0.tgz
# 修改配置文件
mv harbor/harbor.yml.tmpl harbor/harbor.yml
修改配置文件
hostname: myharbor.com # 修改为你的 harbor 地址
# http related config
http:
port: 80
# https related config
https:
port: 443
# 修改为你的证书
certificate: /etc/docker/certs.d/myharbor.com/myharbor.com.cert
private_key: /etc/docker/certs.d/myharbor.com/myharbor.com.key
# harbor 登录密码
harbor_admin_password: 123
database:
# 数据库密码
password: root123
......
# 镜像的数据目录
data_volume: /data
install harbor
cd harbor
./install.sh
root@ubuntu:~/harbor# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9316a4e3faf6 goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" 57 seconds ago Up 53 seconds (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx
995687da9d27 goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" 57 seconds ago Up 50 seconds (healthy) harbor-jobservice
a1ba9699a081 goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" 57 seconds ago Up 55 seconds (healthy) harbor-core
62b07881e5b2 goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" 58 seconds ago Up 55 seconds (healthy) harbor-portal
7ec4860cfe46 goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" 58 seconds ago Up 55 seconds (healthy) registry
3366683058d0 goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" 58 seconds ago Up 55 seconds (healthy) redis
32e5947ee912 goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" 58 seconds ago Up 55 seconds (healthy) harbor-db
3ed9c4d79763 goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" 58 seconds ago Up 55 seconds (healthy) registryctl
1afd08e2f25e goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" 58 seconds ago Up 57 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
修改主机 hosts 添加 网站
192.168.254.130 myharbor.com
浏览器访问 harbor
创建项目 initproject
向虚拟机添加域名解析
echo "192.168.254.130 myharbor.com" >> /etc/hosts
docker login 登录 harbor
docker login myharbor.com
# username: admin
# password: 123
推送 busybox
docker pull busybox
# tag: 镜像仓库地址/项目名/镜像名:version
docker tag busybox myharbor.com/initproject/busybox:first
docker push myharbor.com/initproject/busybox:first
查看镜像