本文档参照:http://hurdonkey.leanote.com/post/harbor 博客
前提条件:
域名证书
一、下载Harbor 包
# wget https://github.com/vmware/harbor/releases/download/v1.2.2/harbor-offline-installer-v1.2.2.tgz
# tar xf harbor-offline-installer-v1.2.2.tgz
# cd harbor
二、配置harbor
1. 修改harbor.cfg 配置文件
hostname = xxx.com # 域名
ui_url_protocol = https # 协议
ssl_cert = /aliyun1/harbor/cert/xxx.com.crt #公钥
ssl_cert_key = /alidata1/harbor/cert/xxx.com.key # 私钥
secretkey_path = /alidata1/harbor
harbor_admin_password = Harbor12345 # 默认密码
2. 修改docker-compose.yml 配置文件 (注意挂载宿主机路径和https 协议端口号)
version: '2' services: log: image: vmware/harbor-log:v1.2.2 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z ports: - 127.0.0.1:1514:514 networks: - harbor registry: image: vmware/registry:2.6.2-photon container_name: registry restart: always volumes: # - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - GODEBUG=netdns=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.2.2 container_name: harbor-db restart: always volumes:
- /alidata1/harbor/database:/var/lib/mysql:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.2.2 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /alidata1/harbor/config/:/etc/adminserver/config/:z - /alidata1/harbor/secretkey:/etc/adminserver/key:z - /alidata1/harbor/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.2.2 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - /alidata1/harbor/secretkey:/etc/ui/key:z - /alidata1/harbor/ca_download/:/etc/ui/ca/:z - /alidata1/harbor/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.2.2 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /alidata1/harbor/job_logs:/var/log/jobs:z - ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z - /alidata1/harbor/secretkey:/etc/jobservice/key:z networks: - harbor depends_on: - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" proxy: image: vmware/nginx-photon:1.11.13 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 8101:80 - 8102:443 depends_on: - mysql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false
3.修改common/templates/registry/config.yml 文件
version: 0.1 log: level: debug fields: service: registry storage: oss: accesskeyid: xxx accesskeysecret: xxx region: oss-cn-beijing internal: false bucket: xxx-docker cache: layerinfo: inmemory maintenance: uploadpurging: enabled: false delete: enabled: true http: addr: :5000 secret: placeholder debug: addr: localhost:5001 auth: token: issuer: harbor-token-issuer realm: $ui_url:8102/service/token rootcertbundle: /etc/registry/root.crt service: harbor-registry notifications: endpoints: - name: harbor disabled: false url: http://ui/service/notifications timeout: 3000ms threshold: 5 backoff: 1s
三、启动
sudo ./install.sh
四、配置域名的nginx虚拟主机
server { listen 443 ssl; server_name harbor.xxx.com; ssl_certificate xxx.com.crt; ssl_certificate_key xxx.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; access_log /alidata1/nginx/harbor-ssl.log; error_log /alidata1/nginx/harbor-ssl-error.log; client_max_body_size 0; # pass the request to the node.js server with the correct headers and much more can be added, see nginx config options location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; # websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_connect_timeout 21600; proxy_send_timeout 21600; proxy_read_timeout 21600; send_timeout 21600; if (!-f $request_filename) { proxy_pass https://127.0.0.1:8102; break; } } }
五、验证
1. 登录验证
docker login harbor.xxx.com 输入用户和密码
2.push 验证
docker push harbor.xxx.com/xxx/test:v1
六、安装遇到的问题
1. 执行sudo ./install.sh 报错
原因:修改registry/config.yml 配置文件时编码格式改变,导致初始化时候报错
检查文件编码格式命令:file config.yml
2.登录超时
原因:阿里云安全组8102 端口号未开启
3.push 镜像报413 报错
原因:nginx 少一行配置
client_max_body_size 0;