一番学习之后,在centos7.4上成功安装harbor1.4.0,并配置了https。
1,测试软件环境:
CentOS Linux release 7.4.1708 (Core) Docker version 18.03.0-ce docker-compose version 1.21.0
本文没有涉及到相关的软件环境安装介绍,需要的同学可以参考 installation_guide.
推荐硬件环境:
Resource Capacity Description CPU minimal 2 CPU 4 CPU is prefered Mem minimal 4GB 8GB is prefered Disk minimal 40GB 160GB is prefered
端口:
Network ports Port Protoco Description 443 HTTPS Harbor UI and API will accept requests on this port for https protocol 4443 HTTS Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled 80 HTTP Harbor UI and API will accept requests on this port for http protocol
如果有开启防火墙的同学,自行添加规则,想省事的可以:
systemctl stop firewalld && systemctl disable firewalld
2,harbor v1.4.0 离线安装文件下载(from the release page):
ls harbor-offline-installer-v1.4.0.tgz tar -xvf harbor-offline-installer-v1.4.0.tgz && cd harbor
3, 编辑配置文件 harbor.cfg, 修改如下内容:
#用来访问管理界面和镜像仓库服务的主机名字或者IP地址. #不能使用localhost和127.0.01,因为会有外部的client访问harbor,这里用的是IP,所以后面都用IP,还可以用全域名 hostname = IP #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. ui_url_protocol = https #The path of cert and key files for nginx, they are applied only the protocol is set to https, **以下目录如果不存在,需手动创建 ssl_cert = /root/cert/IP.crt ssl_cert_key = /root/cert/IP.key
4,配置harbor以https协议访问:
1), 创建CA证书 :
## common name(后面以CN表示),可以任意数输入,IP地址,hostname, whatever,if rules allow, 其他的一律回车,如果有需要自行填写 openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
2), 生成证书签名请求:
## 如果是通过全域名访问harbor,CN必须为全域名,如果想通过IP地址访问的话,任意填写, 包括IP地址 openssl req -newkey rsa:4096 -nodes -sha256 -keyout IP.key -out IP.csr
3), 为运行harbor registry的主机生成证书:
#如果用的是IP(如: 192.168.1.101)地址访问harbor registry, echo subjectAltName = IP:192.168.1.101 > extfile.cnf openssl x509 -req -days 365 -in yourdomain.com IP.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out IP.crt
用的是全域名的参照官网.
5,安装harbor:
##把生成好的配置文件复制到配置文件制定的目录 cp IP.crt /root/cert/ cp IP.key /root/cert/ ## mkdir -p /etc/docker/certs.d/IP cp ca.crt /etc/docker/certs.d/IP/ ## 用官方的脚本为harbor生成配置文件 ./prepare ## docker-compose 一键启动 docker-compose up -d
运行结果:
Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating harbor-db ... done Creating harbor-adminserver ... done Creating harbor-ui ... done Creating nginx ... done Creating harbor-jobservice ... done
就可以在浏览器中访问https:ip(忽略证书错误继续访问):
docker login:
## user: admin ## passwd: Harbor12345 docker login ip docker tag demo:tar ip/project/image:tag docker push ip/project/image:tag
最后所有的安装步骤都参考自官方, 悲剧的是中途遇到的错误,百度搜索的都没有能解决我的问题,最后是一点一点看官网文档解决的。
祝各位安装顺利,哈哈哈哈!!!!