软件测试之家

搭建Harbor私服

搭建Harbor私服
 Docker/教程  990  2 分钟  

使用了Docker,有些好的镜像要自己保存,怎么办?本教程教你怎么搭建。

前言

Harbor是构建企业级私有docker镜像的仓库的开源解决方案,它是Docker Registry的更高级封装。

安装 harbor 前需要系统安装 dockerdocker-compose

1.配置自签名证书

  • 编写个脚本生成证书gen.sh
#!/bin/bash

# 需要修改的地方
domainname="dockersifu.com"
domainport="443"
harbordir="/dockerdir/dockerdata/harbor"
gencertdir="$harbordir/cert"


# 生成证书的路径
mkdir -p $gencertdir
cd $gencertdir


openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=example/OU=Personal/CN=$domainname" \
 -key ca.key \
 -out ca.crt


openssl genrsa -out $domainname.key 4096

openssl req -sha512 -new \
    -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=example/OU=Personal/CN=$domainname" \
    -key $domainname.key \
    -out $domainname.csr


cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=$domainname
DNS.2=www.$domainname
EOF



openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in $domainname.csr \
    -out $domainname.crt

openssl x509 -inform PEM -in $domainname.crt -out $domainname.cert


if [ "$domainport" == "443" ]
then

  mkdir -p /etc/docker/certs.d/$domainname/
  
  cp $domainname.cert /etc/docker/certs.d/$domainname/
  cp $domainname.key /etc/docker/certs.d/$domainname/
  cp ca.crt /etc/docker/certs.d/$domainname/
  cp ca.crt /etc/pki/ca-trust/source/anchors

else
  mkdir -p /etc/docker/certs.d/$domainname:$domainport/
  
  cp $domainname.cert /etc/docker/certs.d/$domainname:$domainport/
  cp $domainname.key /etc/docker/certs.d/$domainname:$domainport/
  cp ca.crt /etc/docker/certs.d/$domainname:$domainport/
  cp ca.crt /etc/pki/ca-trust/source/anchors

fi

update-ca-trust extract

systemctl restart docker
  • 执行初始化证书
# sh -x gen.sh

2.下载harbor安装包

  • 下载Docker Harbor安装包
# wget https://ghproxy.com/https://github.com/goharbor/harbor/releases/download/v2.6.2/harbor-offline-installer-v2.6.2.tgz
  • 解压
# tar xvf harbor-offline-installer-v2.6.2.tgz

3.配置harbor

  • 解压源文件
# tar zxf harbor-offline-installer-v2.6.2.tgz 

# cd harbor

# 拷贝模板配置文件
cp harbor.yml.tmpl harbor.yml


# 进入文件
vim harbor.yml
  • 配置harbor.yml

配置项

修改hostname、https证书路径、admin密码、database密码、harbor数据目录


hostname: dockersifu.com

http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
  
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /dockerdir/dockerdata/harbor/cert/dockersifu.com.crt
  private_key: /dockerdir/dockerdata/harbor/cert/dockersifu.com.key
  
harbor_admin_password: Jayson1987@qq.com

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: Jayson1987@qq.com
  
  
# The default data volume
data_volume: /dockerdir/dockerdata/harbor

4.安装harbor

# ./prepare
# ./install.sh

5.使用Harbor

5.1 登录使用Harbor

  • 访问上述配置文件中的域名和端口号,比如例子:https://dockersifu.com
  • 默认用户名是 admin
  • 密码是上述配置文件中配置的密码harbor_admin_password

登录界面

项目界面

5.2 新建项目

新建项目界面

6. 配置开机自启动harbor服务

# vim /usr/lib/systemd/system/harbor.service

[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /dockerdir/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /dockerdir/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target

启动

sudo systemctl enable harbor
sudo systemctl start harbor

7.客户端配置

7.1 配置假域名

这里因为是局域网使用,域名是虚构的,所以需要做此步骤。有真域名可以跳过。

# sudo vim /etc/hosts

192.168.31.120 dockersifu.com

7.2 配置客户端docker文件

# vim /etc/docker/daemon.json

#增加下面内容,harbor默认端口为80情况,如果非80,需要在IP后加端口
#{"insecure-registries":["harbor服务端IP"]}

{"insecure-registries":["dockersifu.com"]}

重新加载配置文件,启动

#重新加载配置
systemctl daemon-reload

#重启docker
systemctl restart docker

7.3 登录操作

#  docker login dockersifu.com
Username: admin
Password:
Login Succeeded


#或者
docker login dockersifu.com -u admin -p 具体密码

7.4 本地镜像打tag

# docker tag centos7-basic:v1.0 dockersifu.com/mysifu/centos7-basic:v1.0

7.5 镜像上传私服

$ docker push dockersifu.com/mysifu/centos7-basic:v1.0
The push refers to repository [dockersifu.com/mysifu/centos7-basic]
c7fe26d9161f: Pushed
174f56854903: Pushed
v1.0: digest: sha256:6e421424af2a1dba0936ad9222da9190593730e64fad66226a6e94322f08c711 size: 742
updatedupdated2022-12-182022-12-18

相关文章: