#安装包
wget https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz
wget https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz.asc
#导入签名公钥
gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C
#开始校验文件(离线安装包)
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.10.3.tgz.asc
#解压
cd /root/apps
tar -xzvf harbor-offline-installer-v2.10.3.tgz
cd /root/apps/harbor
#签发证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=harbor/OU=Personal/CN=harbor.net.com" \
-key ca.key \
-out ca.crt
#创建服务端相关证书
##创建私钥
openssl genrsa -out harbor.net.com.key 4096
#生成证书签名请求
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=harbor/OU=Personal/CN=harbor.net.com" \
-key harbor.net.com.key \
-out harbor.net.com.csr
#Generate an x509 v3 extension file
===========================================
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.net.com
DNS.2=net.com
DNS.3=node02
EOF
===========================================
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.net.com.csr \
-out harbor.net.com.crt
#拷贝服务端证书到harbor数据目录
cd /root/apps/cer #harbor.net.com.crt 和 harbor.net.com.key
#Convert yourdomain.com.crt to yourdomain.com.cert, for use by Docker
openssl x509 -inform PEM -in harbor.net.com.crt -out harbor.net.com.cert
#配置docker读取证书
mkdir -p /etc/docker/certs.d/harbor.net.com/
cp harbor.net.com.cert /etc/docker/certs.d/harbor.net.com/
cp harbor.net.com.key /etc/docker/certs.d/harbor.net.com/
cp ca.crt /etc/docker/certs.d/harbor.net.com/
systemctl restart docker
ls -l /etc/docker/certs.d/harbor.net.com/
#修改harbor配置文件
#去往harbor解压目录
cd /root/apps/harbor
# 拷贝配置文件
cp harbor.yml.tmpl harbor.yml
# 编辑配置参数
nano harbor.yml
===================================
hostname: harbor.net.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/certs.d/harbor.net.com/harbor.net.com.cert
private_key: /etc/docker/certs.d/harbor.net.com/harbor.net.com.key
===================================
#配置操作系统信任证书
https://goharbor.io/docs/1.10/install-config/troubleshoot-installation/#https
#启动服务
chmod a+x prepare
./install.sh --with-trivy
#访问
window本地需要配置C:\Windows\System32\drivers\etc
192.168.31.185 harbor.net.com
默认账号admin,密码可以通过配置文件harbor.yml的参数harbor_admin_password指定自定义值
默认密码为Harbor12345
#配置Docker镜像源"insecure-registries":["harbor.net.com","192.168.31.185:80"]
nano /etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.211678.top",
"https://docker.1panel.live",
"https://hub.rat.dev",
"https://docker.m.daocloud.io",
"https://do.nark.eu.org",
"https://dockerpull.com",
"https://dockerproxy.cn",
"https://docker.awsl9527.cn"
],"insecure-registries":["harbor.net.com","192.168.31.185:80"]
}
sudo systemctl restart docker
docker login -u admin -p Harbor12345 192.168.31.185:80