私有harbor安装

主要过程，下载安装包，生成证书，配置，启动

路径/harbor/data/  放数据

     /harbor/program 放程序文件，，安装包解压缩完的，都放这里

生成证书过程：

mkdir ssl && cd ssl 

##生成ca
openssl genrsa -out ca/ca.key 4096    
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=yuehan/L=yuehan/O=example/OU=Personal/CN=yuehan.com" -key ca/ca.key -out ca/ca.crt    
    
##生成key
openssl genrsa -out server/harbor.yuehan.com.key 4096    

openssl req -sha512 -new -subj "/C=CN/ST=trit/L=trit/O=example/OU=Personal/CN=harbor.yuehan.com" -key server/harbor.yuehan.com.key -out server/harbor.yuehan.com.csr

编写一个文件：v3.ext:
#cat v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=yuehan.com
DNS.2=yuehan
DNS.3=harbor.yuehan.com


#生成证书
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -in server/harbor.yuehan.com.csr -out server/harbor.yuehan.com.crt    
openssl x509 -inform PEM -in server/harbor.yuehan.com.crt -out server/harbor.yuehan.com.cert


cd /harbor/data    
mkdir /harbor/data/ssl    
cp ./ca/ca.crt  /harbor/data/ssl    
cp ./server/harbor.yuehan.com.crt /harbor/data/ssl    
cp ./server/harbor.yuehan.com.key /harbor/data/ssl    

 

证书就准备完了。

 

安装包解压缩完后，就可以修改配置文件了,主要修改

hostname： harbor.yuehan.com

...................

https:
port: 443
certificate: /harbor/data/ssl/harbor.yuehan.com.crt
private_key: /harbor/data/ssl/harbor.yuehan.com.key

 

....修改密码，数据库的密码，admin的密码

..修改数据目录 

　　data_volume:  /harbor/data

 

启动：

　　cd /harbor/program/ && docker-compose up -d