harbor离线安装 配置https 全程记录

1. 下载harbor最新版本

下载网址:

找最新的版本: https://github.com/goharbor/harbor/releases/download/v2.11.2/harbor-offline-installer-v2.11.2.tgz

这里我直接使用迅雷下载, 然后上传

1.1解压

sudo tar -xf harbor-offline-installer-v2.11.2.tgz -C /opt/

2. 配置Harbor

cd /opt/harbor

sudo cp harbor.yml.tmpl harbor.yml
sudo vi harbor.yml


修改主机

hostname: 172.16.20.20


修改 https


https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /mnt/registry/secret/cert/server.crt
  private_key: /mnt/registry/secret/cert/server.key


其中server.crt, server.key是通过如下命令获取


注意: 172.16.20.20 是我的ip, 你用的时候换成自己的ip


生成包含 SAN 的证书
openssl genrsa -out server.key 2048
 
生成证书请求 (CSR)
openssl req -new -key server.key -out server.csr -config openssl.cnf
 
 
自签署证书并加入 SAN
 
openssl x509 -req -in server.csr -signkey server.key -days 36500 -out server.crt -extensions v3_req -extfile openssl.cnf

其中 openssl.cnf内容如下

[req]
default_bits        = 2048
default_keyfile     = server.key
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
x509_extensions     = v3_ca
string_mask         = utf8only
 
[req_distinguished_name]
countryName         = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = JiangSu
localityName        = Locality Name (eg, city)
localityName_default = NanJing
organizationalName = Organization Name (eg, company)
organizationalName_default = Example Inc.
commonName          = Common Name (e.g. server FQDN or YOUR name)
commonName_default  = 172.16.20.20
commonName_max      = 64
 
[v3_req]
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
 
[alt_names]
DNS.1   = 172.16.20.20
IP.1    = 172.16.20.20

2.1 证书生成好后 客户端需要安装

windows环境 下载证书 server.crt, 双击安装 存储到 受信任的根证书颁发机构

Linux环境

centos7 上面, 复制证书

sudo cp server.crt /usr/local/share/ca-certificates/


sudo yum install -y ca-certificates

sudo update-ca-trust force-enable
sudo update-ca-trust extract

Ubuntu 22.04上面

sudo cp server.crt /etc/ssl/certs/172.16.20.20.server.crt

sudo update-ca-certificates

3.安装

sudo ./install.sh --with-trivy

4. 登陆

https正常显示

5. 使用命令记录

sudo docker ps -a
netstat -ntpl | grep docker


停止命令
sudo docker-compose stop

启动命令
sudo docker-compose start


重启命令
sudo docker-compose restart


创建并启动
sudo docker-compose up -d


停止并删除容器
sudo docker-compose down -v

6. docker登陆并推送

打好tag
docker tag 172.16.20.20:6081/nfd/node-feature-discovery:v0.16.6 172.16.20.20/nfd/node-feature-discovery:v0.16.6

推送
docker push 172.16.20.20/nfd/node-feature-discovery:v0.16.6