Ubuntu 23.04 安装 Harbor
- 安装 Docker CE
- 配置 tls 证书
- 配置 docker 信任自签名证书
- 下载和安装 Harbor
- 设置 Harbor 开机启动
- 验证
安装 Docker CE
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update -y
sudo apt-get install -y \
ca-certificates \
curl \
gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get -y update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo usermod -a -G docker oracle
验证,
sudo docker run hello-world
配置 tls 证书
修改 /etc/hosts,添加本地域名和IP的匹配信息,示例中使用域名 server.local,请根据情况修改,
sudo vi /etc/hosts
--- add
192.168.31.14 harbor.server.local
---
下面是创建证书的示例命令,示例中使用域名 server.local,请根据情况修改,
sudo mkdir -p /u01/certs; cd /u01/certs
openssl genrsa -des3 -passout pass:123456 -out ca.key 2048
openssl rsa -in ca.key -passin pass:123456 -out ca.key
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/CN=server.local"
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr -subj "/CN=server.local"
cat > server.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.server.local
EOF
openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt -days 3650 -extfile server.ext
更换 harbor 的 tls 证书,
sudo cp /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.bak
sudo cp /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.bak
sudo cp /u01/certs/tls.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt
sudo cp /u01/certs/tls.key /opt/bitnami/nginx/conf/bitnami/certs/server.key
重启 nginx,
sudo /opt/bitnami/ctlscript.sh restart nginx
配置 docker 信任自签名证书
refer: https://goharbor.io/docs/2.8.0/install-config/configure-https/
sudo mkdir -p /etc/docker/certs.d/harbor.server.local
sudo cp /u01/certs/ca.crt /etc/docker/certs.d/harbor.server.local/ca.crt
# sudo cp /u01/certs/tls.crt /etc/docker/certs.d/harbor.server.local/harbor.server.local.cert
# sudo cp /u01/certs/tls.key /etc/docker/certs.d/harbor.server.local/harbor.server.local.key
sudo systemctl daemon-reload
sudo systemctl restart docker
下载和安装 Harbor
下载Harbor
cd /tmp
curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\.tgz$' | wget -qi -
解压Harbor
sudo su -
cd /opt
tar xvzf /tmp/harbor-offline-installer*.tgz && cd harbor
Step3. 修改harbor.yaml
cp harbor.yml.tmpl harbor.yml
vi harbor.yml
--- 请根据各自情况修改下面项目
hostname: harbor.server.local
https:
certificate: /u01/cert/tls.crt
private_key: /u01/cert/tls.key
external_url: https://harbor.server.local
harbor_admin_password: <your_password>
data_volume: /u01/harbor-data
data_volume: /u01/harbor-data
uaa:
ca_file: /u01/certs/ca.crt
---
Step4. 安装Harbor
sudo mkdir -p /u01/harbor-data
sudo chmod 777 /u01/harbor-data
sudo docker load < harbor.v2.8.0.tar.gz
sudo ./prepare
sudo ./install.sh
设置 Harbor 开机启动
sudo crontab -e
--- add
@reboot /usr/bin/docker compose -f /opt/harbor/docker-compose.yml start
---
验证
通过浏览器打开,https://harbor.server.local,验证 Okay,
通过 docker login 登录 harbor.server.local,验证 Okay,
通过 docker push 上传镜像,验证 Okay,
docker pull busybox
docker tag busybox harbor.server.local/library/busybox
docker push harbor.server.local/library/busybox
通过浏览器打开,https://harbor.server.local,验证镜像已经上传成功,
—完结—
![[Pandas] 设置DataFrame的index索引起始值为1](https://img-blog.csdnimg.cn/13b38f0022924625865792731c8872d8.png)
