本文档参照:http://hurdonkey.leanote.com/post/harbor 博客
前提条件:
域名证书
一、下载Harbor 包
# wget https://github.com/vmware/harbor/releases/download/v1.2.2/harbor-offline-installer-v1.2.2.tgz
# tar xf harbor-offline-installer-v1.2.2.tgz
# cd harbor
二、配置harbor
1. 修改harbor.cfg 配置文件
hostname = xxx.com # 域名
ui_url_protocol = https # 协议
ssl_cert = /aliyun1/harbor/cert/xxx.com.crt #公钥
ssl_cert_key = /alidata1/harbor/cert/xxx.com.key # 私钥
secretkey_path = /alidata1/harbor
harbor_admin_password = Harbor12345 # 默认密码
2. 修改docker-compose.yml 配置文件 (注意挂载宿主机路径和https 协议端口号)
version: '2'
services:
log:
image: vmware/harbor-log:v1.2.2
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
ports:
- 127.0.0.1:1514:514
networks:
- harbor
registry:
image: vmware/registry:2.6.2-photon
container_name: registry
restart: always
volumes:
# - /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.2.2
container_name: harbor-db
restart: always
volumes:
- /alidata1/harbor/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.2.2
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /alidata1/harbor/config/:/etc/adminserver/config/:z
- /alidata1/harbor/secretkey:/etc/adminserver/key:z
- /alidata1/harbor/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.2.2
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- /alidata1/harbor/secretkey:/etc/ui/key:z
- /alidata1/harbor/ca_download/:/etc/ui/ca/:z
- /alidata1/harbor/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.2.2
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /alidata1/harbor/job_logs:/var/log/jobs:z
- ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
- /alidata1/harbor/secretkey:/etc/jobservice/key:z
networks:
- harbor
depends_on:
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
proxy:
image: vmware/nginx-photon:1.11.13
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 8101:80
- 8102:443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
3.修改common/templates/registry/config.yml 文件
version: 0.1
log:
level: debug
fields:
service: registry
storage:
oss:
accesskeyid: xxx
accesskeysecret: xxx
region: oss-cn-beijing
internal: false
bucket: xxx-docker
cache:
layerinfo: inmemory
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
auth:
token:
issuer: harbor-token-issuer
realm: $ui_url:8102/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: http://ui/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s
三、启动
sudo ./install.sh
四、配置域名的nginx虚拟主机
server {
listen 443 ssl;
server_name harbor.xxx.com;
ssl_certificate xxx.com.crt;
ssl_certificate_key xxx.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /alidata1/nginx/harbor-ssl.log;
error_log /alidata1/nginx/harbor-ssl-error.log;
client_max_body_size 0;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 21600;
proxy_send_timeout 21600;
proxy_read_timeout 21600;
send_timeout 21600;
if (!-f $request_filename) {
proxy_pass https://127.0.0.1:8102;
break;
}
}
}
五、验证
1. 登录验证
docker login harbor.xxx.com 输入用户和密码
2.push 验证
docker push harbor.xxx.com/xxx/test:v1
六、安装遇到的问题
1. 执行sudo ./install.sh 报错
原因:修改registry/config.yml 配置文件时编码格式改变,导致初始化时候报错
检查文件编码格式命令:file config.yml
2.登录超时
原因:阿里云安全组8102 端口号未开启
3.push 镜像报413 报错
原因:nginx 少一行配置
client_max_body_size 0;