一、安装依赖
1.安装docker-ce
2.安装docker-compose
二、下载Harbor安装包
https://github.com/goharbor/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz
1.解压
tar -zxvf harbor-offline-installer-v2.1.5.tgz
2. 复制并编辑配置文件,
cp harbor.yml.tmpl harbor.yml
vi harbor.yml
修改内容:
hostname: xx.xx.xx.xx# 这里配置的监听地址,可以是域名
http: port: 80 # 端口
https: port: 443 #开通并需要配置证书
harbor_admin_password: Harbor12345 # 配置admin用户的密码
database: # 配置数据库相关的信息
password: root123 # 数据库密码
data_volume: /data # 镜像存放的目录
3.执行安装
./install.sh
三、harbor的控制
docker-compose up -d 启动
docker-compose down 停止
四、登陆及使用
1.docker login http://xx.xx.xx.xx:端口
2.docker tag eedf6ec39913(镜像) xx.xx.xx.xx:端口/项目目录/tomcat:20210524_v1
3.docker push xx.xx.xx.xx:端口/项目目录/tomcat:20210524_v1
五、生成https证书命令
1.openssl genrsa -out ca.key 4096
2.openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=gz/L=gz/O=gz/OU=xxx/CN=dockerstorage.xxx.com" -key ca.key -out ca.crt
3.openssl genrsa -out dockerstorage.xxx.com.key 4096
4.openssl req -sha512 -new -subj "/C=CN/ST=gz/L=gz/O=gz/OU=xxx/CN=dockerstorage.xxx.com" -key dockerstorage.xxx.com.key -out dockerstorage.xxx.com.csr
5.
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=xxx.com
DNS.2=dockerstorage.xxx.com
DNS.3=hostname
EOF
6.openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in dockerstorage.xxx.com.csr -out dockerstorage.xxx.com.crt
7.openssl x509 -inform PEM -in dockerstorage.xxx.com.crt -out dockerstorage.xxx.com.cert
上传到每个docker服务器:
centos:
/etc/pki/ca-trust/source/anchors
update-ca-trust
Ubuntu:
/usr/local/share/ca-certificates/
update-ca-certificates
证书生成工具