Back
Featured image of post 一文详解 Harbor 安装, 无坑版

一文详解 Harbor 安装, 无坑版

Harbor 是一个开源的企业级Docker 镜像仓库,它提供了一套可以在云计算和容器化环境中使用的管理工具,支持统一管理多种镜像仓库,可以方便地进行镜像的管理、存储、分发和安全验证。

  • 实验环境: Ubuntu 20.04

前置依赖

安装 docker-ce

让apt可以支持HTTPS

# 顺便安装 openssl
apt install apt-transport-https ca-certificates curl software-properties-common openssl -y

安装 docker-ce

# 添加apt gpg阿里源公钥
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# 添加apt docker阿里源
add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable"
# 更新包列表
apt update
# 安装 docker-ce
apt install -y docker-ce

配置 docker 阿里源镜像地址

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
	"registry-mirrors": [
		"https://nol6uuul.mirror.aliyuncs.com",
		"https://registry.docker-cn.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://dockerhub.azk8s.cn",
        "http://hub-mirror.c.163.com"
	]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

docker version

安装 docker-compose

curl -SL https://github.com/docker/compose/releases/download/v2.24.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

# 创建软链接
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

docker-compose --version
#Docker Compose version v2.24.1

安装 harbor

生成证书

gen_certs.sh:

#!/bin/bash

# ca
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=myharbor.com" \
 -key ca.key \
 -out ca.crt

# server sert
openssl genrsa -out myharbor.com.key 4096
openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=myharbor.com" \
    -key myharbor.com.key \
    -out myharbor.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=myharbor.com
DNS.2=myharbor
DNS.3=hostname
EOF
openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in myharbor.com.csr \
    -out myharbor.com.crt

# 把服务器证书复制到 harbor 证书目录
mkdir -p /data/cert/
cp myharbor.com.crt /data/cert/
cp myharbor.com.key /data/cert/

# 将 crt 证书转换为 cert 供 docker 使用
openssl x509 -inform PEM -in myharbor.com.crt -out myharbor.com.cert
mkdir -p /etc/docker/certs.d/myharbor.com/
# 如果将默认的 nginx 端口 443 映射到其他端口,请创建 /etc/docker/certs.d/myharbor.com:port 或 /etc/docker/certs.d/harbor_IP:port 文件夹。
cp myharbor.com.cert /etc/docker/certs.d/myharbor.com/
cp myharbor.com.key /etc/docker/certs.d/myharbor.com/
cp ca.crt /etc/docker/certs.d/myharbor.com/
systemctl restart docker

sed 快捷替换 harbor 地址: sed -i 's/myharbor.com/yourdomain.com/g'

运行脚本

$ ./gen_certs.sh

安装方式

  1. 在线安装(不推荐)
  2. 离线安装

到 github harbor release 下载安装包

  1. 在线包
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-online-installer-v2.10.0.tgz | tar zxvf harbor-online-installer-v2.10.0.tgz
cd harbor
# 修改配置文件
mv harbor.yml.tmpl harbor.yml
  1. 离线包
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz | tar zxvf harbor-online-installer-v2.10.0.tgz

# 修改配置文件
mv harbor/harbor.yml.tmpl harbor/harbor.yml

修改配置文件

hostname: myharbor.com  # 修改为你的 harbor 地址

# http related config
http:
  port: 80

# https related config
https:
  port: 443
  # 修改为你的证书
  certificate: /etc/docker/certs.d/myharbor.com/myharbor.com.cert
  private_key: /etc/docker/certs.d/myharbor.com/myharbor.com.key

# harbor 登录密码
harbor_admin_password: 123

database:
  # 数据库密码
  password: root123
  ......

# 镜像的数据目录
data_volume: /data

install harbor

cd harbor 
./install.sh
root@ubuntu:~/harbor# docker ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED          STATUS                    PORTS                                                                            NAMES
9316a4e3faf6   goharbor/nginx-photon:v2.10.0         "nginx -g 'daemon of…"   57 seconds ago   Up 53 seconds (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
995687da9d27   goharbor/harbor-jobservice:v2.10.0    "/harbor/entrypoint.…"   57 seconds ago   Up 50 seconds (healthy)                                                                                    harbor-jobservice
a1ba9699a081   goharbor/harbor-core:v2.10.0          "/harbor/entrypoint.…"   57 seconds ago   Up 55 seconds (healthy)                                                                                    harbor-core
62b07881e5b2   goharbor/harbor-portal:v2.10.0        "nginx -g 'daemon of…"   58 seconds ago   Up 55 seconds (healthy)                                                                                    harbor-portal
7ec4860cfe46   goharbor/registry-photon:v2.10.0      "/home/harbor/entryp…"   58 seconds ago   Up 55 seconds (healthy)                                                                                    registry
3366683058d0   goharbor/redis-photon:v2.10.0         "redis-server /etc/r…"   58 seconds ago   Up 55 seconds (healthy)                                                                                    redis
32e5947ee912   goharbor/harbor-db:v2.10.0            "/docker-entrypoint.…"   58 seconds ago   Up 55 seconds (healthy)                                                                                    harbor-db
3ed9c4d79763   goharbor/harbor-registryctl:v2.10.0   "/home/harbor/start.…"   58 seconds ago   Up 55 seconds (healthy)                                                                                    registryctl
1afd08e2f25e   goharbor/harbor-log:v2.10.0           "/bin/sh -c /usr/loc…"   58 seconds ago   Up 57 seconds (healthy)   127.0.0.1:1514->10514/tcp                                                        harbor-log

访问 harbor

修改主机 hosts 添加 网站

192.168.254.130 myharbor.com

浏览器访问 harbor

image-20240121174905693

image-20240121174944023

推送镜像

创建项目 initproject

image-20240121175433633

向虚拟机添加域名解析

echo "192.168.254.130 myharbor.com" >> /etc/hosts

docker login 登录 harbor

docker login myharbor.com
# username: admin
# password: 123

推送 busybox

docker pull busybox
# tag: 镜像仓库地址/项目名/镜像名:version
docker tag busybox myharbor.com/initproject/busybox:first

docker push myharbor.com/initproject/busybox:first

查看镜像

image-20240121175847344