当前位置：首页 > article >正文

ubuntu 安装harbor

article 2024/11/17 5:55:13


#安装包
wget https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz
wget https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz.asc

#导入签名公钥
gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C

#开始校验文件(离线安装包)
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.10.3.tgz.asc

#解压
cd /root/apps
tar -xzvf harbor-offline-installer-v2.10.3.tgz
cd /root/apps/harbor

#签发证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=harbor/OU=Personal/CN=harbor.net.com" \
 -key ca.key \
 -out ca.crt
 
#创建服务端相关证书
##创建私钥
openssl genrsa -out harbor.net.com.key 4096
#生成证书签名请求
openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=harbor/OU=Personal/CN=harbor.net.com" \
    -key harbor.net.com.key \
    -out harbor.net.com.csr
#Generate an x509 v3 extension file
===========================================
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.net.com
DNS.2=net.com
DNS.3=node02
EOF
===========================================

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.net.com.csr \
    -out harbor.net.com.crt



#拷贝服务端证书到harbor数据目录
cd /root/apps/cer #harbor.net.com.crt 和  harbor.net.com.key
#Convert yourdomain.com.crt to yourdomain.com.cert, for use by Docker
openssl x509 -inform PEM -in harbor.net.com.crt -out harbor.net.com.cert
#配置docker读取证书
mkdir -p /etc/docker/certs.d/harbor.net.com/
cp harbor.net.com.cert /etc/docker/certs.d/harbor.net.com/
cp harbor.net.com.key /etc/docker/certs.d/harbor.net.com/
cp ca.crt /etc/docker/certs.d/harbor.net.com/

systemctl restart docker
ls -l /etc/docker/certs.d/harbor.net.com/
#修改harbor配置文件
#去往harbor解压目录
cd /root/apps/harbor
# 拷贝配置文件
cp harbor.yml.tmpl harbor.yml
# 编辑配置参数
nano harbor.yml
===================================
hostname: harbor.net.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /etc/docker/certs.d/harbor.net.com/harbor.net.com.cert
  private_key: /etc/docker/certs.d/harbor.net.com/harbor.net.com.key

===================================
#配置操作系统信任证书
https://goharbor.io/docs/1.10/install-config/troubleshoot-installation/#https

#启动服务
chmod a+x prepare
./install.sh --with-trivy

#访问
window本地需要配置C:\Windows\System32\drivers\etc
192.168.31.185 harbor.net.com
默认账号admin,密码可以通过配置文件harbor.yml的参数harbor_admin_password指定自定义值
默认密码为Harbor12345


#配置Docker镜像源"insecure-registries":["harbor.net.com","192.168.31.185:80"]
nano /etc/docker/daemon.json 
{
    "registry-mirrors": [
            "https://docker.211678.top",
            "https://docker.1panel.live",
            "https://hub.rat.dev",
            "https://docker.m.daocloud.io",
            "https://do.nark.eu.org",
            "https://dockerpull.com",
            "https://dockerproxy.cn",
            "https://docker.awsl9527.cn"
      ],"insecure-registries":["harbor.net.com","192.168.31.185:80"]
}
sudo systemctl restart docker

docker login -u admin -p Harbor12345 192.168.31.185:80