配置好docker的情况下安装harbor
备份修改成主机ip
[root@harbor harbor]# vim harbor.yml.tmpl
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]#
第三步:编辑harbor配置文件
cd /opt/harbor/
1.复制配置
cp harbor.yml.tmpl harbor.yml
2.编辑配置
vim harbor.yml
修改主机地址
hostname: harbor.local
修改证书目录
https:
port: 443
certificate: /data/cert/harbor.local.crt
private_key: /data/cert/harbor.local.key
账号密码
harbor_admin_password: Harbor12345
第四步:运行离线安装脚本
cd /opt/harbor/
bash install.sh
第六步:检查
cd /opt/harbor/
[root@m-61 /opt/harbor]# docker compose ps|grep 'Up'|wc -l
WARN[0000] /opt/harbor/docker-compose.yml: version is obsolete
9
第七步:windows上配置host解析
10.0.0.61 harbor.local
admin
Harbor12345
[root@harbor harbor]#
[root@harbor harbor]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:19:51:65 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.12/24 brd 10.1.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe19:5165/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:92:eb:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:92:eb:d4 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:72:04:2f:5f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]# vim harbor.yml.tmpl
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]# mkdir -p /opt/harbor/ssl
[root@harbor harbor]#
[root@harbor harbor]#
[root@harbor harbor]# cd /opt/harbor/ssl
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# ls
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
..................................................................................++
........................................................++
e is 65537 (0x10001)
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# ll
total 4
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
[root@harbor ssl]# cat ca.key
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAnm1CAnZtjl03t0Pw3U65hGQGOENtQcbNWPHa6sp0MEIi0Wz/
vUe/PiTV3jU6d8276/muAH3sj3XzHNEKcVGqJ1Gh2Xk3wcqY1ng2sCF/SuvEB8xN
2i6oYM7R5358UkKJURLKbiWmZBdyNQ4TUTKeFeecGIyRjj1FXuGuZwjQ2pyl2t/F
cRNurCPB10apFD69fK+mZFX+nxtsgm7frGjqF0h/oVhqmT7RmqvNJXUqLAsnoKYZ
hteOKTXADTnEMJm1iaxqV6RJM1pfrTBNpXM6p3akcVJHxOneGy1Oj4PWQVFIE9q0
6CO5vaElVQ15e8CtcRM0j5mdL0fo9nL+FRz4NQSza9Dq9yzHU2cPdF9VBPw89qL5
K386c8tsXqvgij5Htf9ipc9H6Zh8TWLNzVtJZHVZWkYcby4MThfHilcuKp9vJzE3
hysmXpsesO1xONdqGiTZBknVMVPzW035f8TH2MrgapaeaGMk67SpEbPsEvPROJS1
cYTTAFUQeolo0JaFuEUv0Nvd0AecwH8In73brwCmXSyKKC5fad/FDP33iLxi3Bm4
AWmi+x9Lk1x5CSh1ztcsl7c63V5h4mYqOAtKrWHTnh7iOqpNemz6bvxnVZ8Qi5V+
TwU1kJXDmTHhNCjjS5xejxOPNeT+10o4rCDvDUb1GDByMPC27xg9b2kNZOsCAwEA
AQKCAgBA4myLh6ddDC6af1fxu6FdaH3noy3nJ53IlN1dFee6MAwEi8i949megQWa
iWBV2svhXJP4HZq6MsuL/M1zFchDbDqGUBAW7XvlMrzrK/zvWVoi+3jTKBLL+0ia
sAIIyrlkm/aOYBsimTusIQSmV73JKN+UalXe1JdJwdJk3oZzUn7XApjhs9y64bYt
DgKHiR6gJ2xVYabz0Q6C6Rfwi9N8D7Q+B3E5LDI6T6yob7EC8tqbAAwqXrQZiqsK
f6MraHiiVxwCowVb4+KVktfqMCRQm9XDl7hPHJ1bshWfz5X7kGedwhAflyomUQ5y
JB+iIIqoaf435ekriR8PeI85ZHD+2LfCg6S7DNPuC/YDpHc2vJq8Mv6Wi055WUE0
E8qq0h2DjLHvFGeLXfKZj6KI1Ov7f6jPQ5sg2RyXepGfgWZon194vzxglV0ihip4
DkP0OION98bJ4qsiQCEyWsTFEvVblC/2FhyCGVKPxjL2C5x1X4I5g0Im4JWXygtl
lkNuKEvVB2+W4GGkjQwy1NEix3MlKwOaF+jlrfZeazOnTJWFD17E9BnD1CzxeMyb
hdRyyhYCV9o1mnoJSGRuqTNtkesyV/I36W+1Wl5/htmgj1UQ1XaXd2bHeUV7MQWs
wAEpd3FfR6Z1+SZGlojuWnnYm7tH/kGuVufEeF8jQgHxXGT5oQKCAQEA0uk9xSe1
4p1ZX20m5qqgKwHkB44mLdARqj3mnsH+XjTI+A7bNrRdedT8WLqY9hKtyf1no1C2
Nq3luF075tLP+8gFo2hcX57xc2gEz/aXe878u6sWFvSVVuhYi+7+m5S1/vzwVaNf
4HPS802DALK05MDFFz67bPEucsGBycnwYK19Y8ZwgYoQv94WGrMh+DX1yZ1lxcv7
Xn8IniAiUzzEaNWn/XPluyR/OPM3ZTApXJ2O7BCZmdw+HCXnklximebvE5Ou6cJy
2R6Gz7iyRdGRl5S+qthhHbxX0eW1wY6J1WGTpvnlUBJ5+ZmCyDwKh0TeQekt8f0Z
hdV2JpAax1EQuwKCAQEAwEumtmEdlcABTG2v7IVRrU62azUPqGiEaRcR5zDGypn7
cCHEwXfEL9c6leLwkZz9xDOpWDx7V1xrEgG5svWFN6g8fbVhDDJrHHf/knVLS5DU
Jiaz0jGuG4LznM4MAMjcwZyDzOH3X3tmGS7N8FO15qDjmbyLbxSQ7TLeJEfhASsX
CRUUZTHyR/AcI0S36uIP8uZ3vCvyn8mGKWOnwg90f0/atKu5zo1imU8OlTWVSug9
f0V8kV6zYQsqZSW8IuDANjqEtDKl5BakIj0d9Z92xO0DVDVgcPpsgIXPeFD5AYqt
VVqdMlwqXgYbd/+/z1zfxptO0BijtJdoFvLC2uuRkQKCAQAIr5hepTsFYSuMFYez
mjVMcCB++yixXE9N7oyv3xdls9DO/nWitBzhZpcZ5F1mTPChT/FTtYA7kj/SruxH
nkj4eo1Y5HRhb79L3G3OTr6AV87qv6oCOgJoeNsksCwGJkK0hKA1Nqw9Jyf54yhR
AAsZHKNBSNEZNHmQOk3pDIr8wEhYspRxkUkNTc0lPllYyogbzIKjeboZcyvcr0Aa
o3cHRj1L39kHMwKWStXuMeSSLt7y8+APiRV5vUnjKjDZW7xe1wcuE1b9gBdXOKkG
3RGc54BOsuiU++u19jrdBMzCX+lfyAzcllY1pE/RhT99wKVSm5LL03uYmmjqP6cK
rFj/AoIBADyaGuozZQ2Cu2YI036o7Xq+6cKTsGGUvtYXzS6dMqk7KgDGw6ltQ0kI
fZArO0HIxjkFRwNl3EFGAQBlxs5djiRiQt4jQXiEkzkfoE3Z5WblN9bmL5m4ynQl
Kv1p+mJs6xWha/Av7rQKwbyCAakR2KvcXJ5gy1iwlJQMifHJLWIe4F2eZRUXTpHZ
XCTJTWUa5YfZljaZaxdsfXmhzIbeNArDcduqmx47dK14OtJPVsOKuYbYsU9nFwUo
ba3+3HHpfuoYOyZHJ/zgHc4kkMKOBPI+9+OcBs7UPUmr4hy6+B7CQ6o4qn3qifej
2RhSY3LIhEWlQItYmI8bgFRrIXm47+ECggEAEBNX5L6wLR2skNpgr74R+x2adlRy
uEfj2xW++UGPFDF9hSdem1HlveR0/oWIdrdB9d/x2vE3S0/1s3W15NAxUCCScqos
9lXtcNGX0dpQQNmpjqqsdJTwEOBU8AB1IWfCNzFMVKrtZsEaTBuxFUafIT80b4V1
PdKMwW8stzxqXDcY0P2JXEKW5bK7Z/Tm88LYckzhf6BOISh6KHpw+r+MK1D38eqv
ElpjEbchLXfsBL1n1QtxVM5mR881Hu89kjcWnKuTLx8w+lXzbPQ0WHx/tghaRFNH
d/91Wfhe/1j9Nry/McFQi9qxDczfslweKHdXpMiBo1ERkGhL9ODMBspupA==
-----END RSA PRIVATE KEY-----
[root@harbor ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=luffy/OU=Personal/CN=harbor.local"
-key ca.key
-out ca.crt
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# ll
total 8
-rw-r--r-- 1 root root 2029 Nov 7 19:47 ca.crt
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# openssl genrsa -out harbor.local.key 4096
Generating RSA private key, 4096 bit long modulus
..........................................................................................................++
......................................++
e is 65537 (0x10001)
[root@harbor ssl]# ll
total 12
-rw-r--r-- 1 root root 2029 Nov 7 19:47 ca.crt
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
-rw-r--r-- 1 root root 3247 Nov 7 19:49 harbor.local.key
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# openssl req -sha512 -new
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=luffy/OU=Personal/CN=harbor.local"
-key harbor.local.key
-out harbor.local.csr
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# cat > v3.ext << 'EOF'
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.local
DNS.2=harbor
DNS.3=harbor
EOF
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# ll
total 20
-rw-r--r-- 1 root root 2029 Nov 7 19:47 ca.crt
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
-rw-r--r-- 1 root root 1704 Nov 7 19:50 harbor.local.csr
-rw-r--r-- 1 root root 3247 Nov 7 19:49 harbor.local.key
-rw-r--r-- 1 root root 256 Nov 7 19:52 v3.ext
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# openssl x509 -req -sha512 -days 3650
-extfile v3.ext
-CA ca.crt -CAkey ca.key -CAcreateserial
-in harbor.local.csr
-out harbor.local.crt
Signature ok
subject=/C=CN/ST=Shenzhen/L=Shenzhen/O=luffy/OU=Personal/CN=harbor.local
Getting CA Private Key
[root@harbor ssl]# ll
total 28
-rw-r--r-- 1 root root 2029 Nov 7 19:47 ca.crt
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
-rw-r--r-- 1 root root 17 Nov 7 19:54 ca.srl
-rw-r--r-- 1 root root 2086 Nov 7 19:54 harbor.local.crt
-rw-r--r-- 1 root root 1704 Nov 7 19:50 harbor.local.csr
-rw-r--r-- 1 root root 3247 Nov 7 19:49 harbor.local.key
-rw-r--r-- 1 root root 256 Nov 7 19:52 v3.ext
[root@harbor ssl]#
[root@harbor ssl]# mkdir /data/cert/ -p
[root@harbor ssl]# cp harbor.local.crt /data/cert/
[root@harbor ssl]# cp harbor.local.key /data/cert/
[root@harbor ssl]#
[root@harbor ssl]# openssl x509 -inform PEM -in harbor.local.crt -out harbor.local.cert
[root@harbor ssl]# ll
total 32
-rw-r--r-- 1 root root 2029 Nov 7 19:47 ca.crt
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
-rw-r--r-- 1 root root 17 Nov 7 19:54 ca.srl
-rw-r--r-- 1 root root 2086 Nov 7 19:59 harbor.local.cert
-rw-r--r-- 1 root root 2086 Nov 7 19:54 harbor.local.crt
-rw-r--r-- 1 root root 1704 Nov 7 19:50 harbor.local.csr
-rw-r--r-- 1 root root 3247 Nov 7 19:49 harbor.local.key
-rw-r--r-- 1 root root 256 Nov 7 19:52 v3.ext
[root@harbor ssl]#
[root@harbor ssl]# mkdir -p /etc/docker/certs.d/harbor.local/
[root@harbor ssl]# cp harbor.local.cert /etc/docker/certs.d/harbor.local/
[root@harbor ssl]# cp harbor.local.key /etc/docker/certs.d/harbor.local/
[root@harbor ssl]# cp ca.crt /etc/docker/certs.d/harbor.local/
[root@harbor ssl]# ll
total 32
-rw-r--r-- 1 root root 2029 Nov 7 19:47 ca.crt
-rw-r--r-- 1 root root 3243 Nov 7 18:54 ca.key
-rw-r--r-- 1 root root 17 Nov 7 19:54 ca.srl
-rw-r--r-- 1 root root 2086 Nov 7 19:59 harbor.local.cert
-rw-r--r-- 1 root root 2086 Nov 7 19:54 harbor.local.crt
-rw-r--r-- 1 root root 1704 Nov 7 19:50 harbor.local.csr
-rw-r--r-- 1 root root 3247 Nov 7 19:49 harbor.local.key
-rw-r--r-- 1 root root 256 Nov 7 19:52 v3.ext
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# ll /etc/docker/certs.d/harbor.local/
total 12
-rw-r--r-- 1 root root 2029 Nov 7 20:01 ca.crt
-rw-r--r-- 1 root root 2086 Nov 7 20:01 harbor.local.cert
-rw-r--r-- 1 root root 3247 Nov 7 20:01 harbor.local.key
[root@harbor ssl]#
[root@harbor ssl]#
[root@harbor ssl]# cd
[root@harbor ~]#
[root@harbor ~]#
[root@harbor ~]# tree /etc/docker/certs.d/
bash: tree: command not found...
[root@harbor ~]#
[root@harbor ~]#
[root@harbor ~]#
[root@harbor ~]# tree /etc/docker/certs.d/
/etc/docker/certs.d/
└── harbor.local
├── ca.crt
├── harbor.local.cert
└── harbor.local.key
1 directory, 3 files
[root@harbor ~]#
[root@harbor ~]#
浙公网安备 33010602011771号