参考链接
Docker 的基础知识、安装、使用+Harbor镜像仓库私服搭建
Harbor是什么?
Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
Harbor 的所有组件都在 Docker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。
Harbor的目标是帮助用户迅速搭建一个企业级的Docker registry服务。它以Docker公司开源的registry为基础,额外提供了如下功能:
- 基于角色的访问控制(Role Based Access Control)
- 基于策略的镜像复制(Policy based image replication)
- 镜像的漏洞扫描(Vulnerability Scanning)
- AD/LDAP集成(LDAP/AD support)
- 镜像的删除和空间清理(Image deletion & garbage collection)
- 友好的管理UI(Graphical user portal)
- 审计日志(Audit logging)
- RESTful API
- 部署简单(Easy deployment)
安装和启动Harbor
1. 安装Docker
依次执行如下命令:
curl -fsSL https://get.docker.com -o get-docker.sh
chmod +x get-docker.sh && ./get-docker.sh
# 查看docker的版本
# docker --version
Docker version 20.10.5+dfsg1, build 55c4c88
2. 安装harbor
mkdir -p harbor
cd harbor
wget https://storage.googleapis.com/harbor-releases/release-2.0.0/harbor-offline-installer-latest.tgz
tar -xvf harbor-offline-installer-latest.tgz
vim harbor.yml.tmpl
cp harbor.yml.tmpl harbor.yml
./install.sh
执行vim harbor.yml.tmpl这一步时,修改Harbor配置文件:
- hostname:Harbor服务器IP,需要修改为服务器的IP或者“0.0.0.0”,不能使用“localhost” 或者“127.0.0.1”,因为需要从外部访问Harbor;
- http: HTTP端口号,port的值默认为80,有需要可以修改;
- https:HTTPS端口号,如果需要使用HTTPS方法访问Harbor,那么需要配置服务器证书和私钥,同时修改certificate和private_key为服务器证书文件和私钥文件的绝对路径。port的值默认为443,有需要可以修改port为其他值;
- harbor_admin_password:Harbor admin用户的密码,初始值为Harbor12345,可以根据需要修改。
下面是Harbor配置文件的示例片段:
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 0.0.0.0
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
3. 安装docker-compose
apt install docker-compose
4. 启动Harbor
docker-compose up -d
在浏览器地址栏输入Harbor配置文件中配置的地址:如 http://192.168.11.18:5000/, 进入Harbor登录页面:
输入Harbor配置文件中配置的用户名和密码:
