Centos7 安装harbor1.9 （ssl） docker配置证书

官网：https://github.com/goharbor/harbor

一，下载安装包，解压，创建证书ssl目录

[root@harbor ~]# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
[root@harbor ~]# tar zvxvf harbor-offline-installer-v1.9.0.tgz
[root@harbor ~]# cd harbor
[root@harbor harbor]# mkdir ssl
[root@harbor ~]# cd ssl

1.获得证书颁发机构
openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.cao.com" \
    -key ca.key \
    -out ca.crt

2.获取服务器证书

2.1.创建自己的私钥：
openssl genrsa -out harbor.cao.com.key 4096

2.2.生成证书签名请求：
openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.cao.com" \
    -key harbor.cao.com.key \
    -out harbor.cao.com.csr 

2.3.生成您的注册表主机的证书：
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.cao.com
DNS.2=harbor.cao
DNS.3=harbor.cao.com
EOF


openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.cao.com.csr \
    -out harbor.cao.com.crt


[root@harbor ssl]# ls
ca.crt  ca.key  ca.srl  harbor.cao.com.cert  harbor.cao.com.crt  harbor.cao.com.csr  harbor.cao.com.key  v3.ext

　二，配置harbor.yml

hostname: harbor.cao.com
http:
  port: 80
https:
   port: 443
   certificate: /root/harbor/ssl/harbor.cao.com.crt
   private_key: /root/harbor/ssl/harbor.cao.com.key

　三，安装harbor

[root@harbor harbor]# ./prepare 
[root@harbor harbor]# ./install.sh
[root@harbor harbor]# docker-compose  up -d   #启动
[root@harbor harbor]# docker-compose  down    #停止

　四，完成，默认用户名密码 admin Harbor12345

五，制作docker连接harbor证书

#Docker配置服务器证书，密钥和CA
openssl x509 -inform PEM -in harbor.cao.com.crt -out harbor.cao.com.cert
#在docker服务器上创建证书目录
[root@k8s-node1 ~]# mkdir -p /etc/docker/certs.d/harbor.cao.com/
[root@k8s-node2 ~]# mkdir -p /etc/docker/certs.d/harbor.cao.com/
#将证书拷贝到docker服务器上
[root@harbor ssl]# scp ca.crt  harbor.cao.com.cert  harbor.cao.com.key  root@192.168.1.120:/etc/docker/certs.d/harbor.cao.com/
[root@harbor ssl]# scp ca.crt  harbor.cao.com.cert  harbor.cao.com.key  root@192.168.1.121:/etc/docker/certs.d/harbor.cao.com/
#重启docker服务
[root@k8s-node1 ~]# systemctl restart docker
[root@k8s-node2 ~]# systemctl restart docker
#将harbor域名添加到hosts里
[root@k8s-node1 ~]# echo "192.168.1.122 harbor.cao.com" >>/etc/hosts
[root@k8s-node2 ~]# echo "192.168.1.122 harbor.cao.com" >>/etc/hosts
#测试docker登陆harbor服务器
[root@k8s-node2 ~]# docker login harbor.cao.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

posted @ 2019-10-13 09:55 caonw 阅读(1042) 评论(0) 收藏举报

刷新页面返回顶部

随波逐流

Centos7 安装harbor1.9 （ssl） docker配置证书