网上安装的教程比较多,理清思路之后,自己的安装过程总结一下,以备后续参考。
参考Harbor官网教程 (Centos 7.5)
1.安装前必备 :On a Linux host: docker 17.06.0-ce+ and docker-compose 1.18.0+ . (自行安装好即可)
2. Harbor 下载的 harbor-offline-installer-v2.0.1.tgz 离线安装包,从 https://github.com/goharbor/harbor/releases 下载。
3. 解压开来,配置文件 harbor.yml.tmpl 复制为 harbor.yml 根据自己的需求修改即可(我只修改了主机名,证书,存放目录 )。
1 # The IP address or hostname to access admin UI and registry service. 2 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 3 hostname: harbor.grape.com 4 5 # http related config 6 http: 7 # port for http, default is 80. If https enabled, this port will redirect to https port 8 port: 80 9 10 # https related config 11 https: 12 # https port for harbor, default is 443 13 port: 443 14 # The path of cert and key files for nginx 15 certificate: /opt/cert/harbor.grape.com.crt 16 private_key: /opt/cert/harbor.grape.com.key 17 18 # The default data volume 19 data_volume: /home/harbor_data
证书的制作是参考的 https://www.cnblogs.com/sanduzxcvbnm/p/11956347.html 的脚本 ,/opt/cert 目录没有的话,需要先创建。
1 #!/bin/bash 2 3 # 配置harbor证书 4 5 cd /opt/cert 6 7 openssl genrsa -out ca.key 4096 8 openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.grape.com" -key ca.key -out ca.crt 9 openssl genrsa -out harbor.grape.com.key 4096 10 openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.grape.com" -key harbor.grape.com.key -out harbor.grape.com.csr 11 12 cat > v3.ext <<-EOF 13 authorityKeyIdentifier=keyid,issuer 14 basicConstraints=CA:FALSE 15 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 16 extendedKeyUsage = serverAuth 17 subjectAltName = @alt_names 18 19 [alt_names] 20 DNS.1=harbor.grape.com 21 IP.1 = 192.168.111.9 22 IP.2 = 10.0.0.40 23 EOF 24 25 openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.grape.com.csr -out harbor.grape.com.crt 26 27 openssl x509 -inform PEM -in harbor.grape.com.crt -out harbor.grape.com.cert