警告
本文最后更新于 2020-07-07 14:14,文中内容可能已过时。
一、下载安装包
1
| wget https://github.com/goharbor/harbor/releases/download/v2.0.1/harbor-online-installer-v2.0.1.tgz
|
二、解压
tar xf harbor-online-installer-v2.0.1.tgz -C /usr/local/
三、配置https访问
1.创建目录
1
2
| mkdir /data/harbor/cert -p
cd /data/harbor/cert
|
配置证书颁发机构
1.生成CA证书私钥
1
| openssl genrsa -out ca.key 4096
|
2.生成CA证书
1
2
3
4
| openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=soulchild/OU=myharbor/CN=registry.com" \
-key ca.key \
-out ca.crt
|
字段含义:
C:国家
ST:省份
L:城市
O:组织单位
OU:其他内容
CN:一般填写域名
配置服务器证书
- 生成私钥
openssl genrsa -out registry.com.key 4096
2.生成证书签名请求(CSR)
1
2
3
4
| openssl req -sha512 -new \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=soulchild/OU=myharbor/CN=registry.com" \
-key registry.com.key \
-out registry.com.csr
|
- 生成x509 v3扩展文件
1
2
3
4
5
6
7
8
9
10
11
12
| cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=registry.com
DNS.2=registry
DNS.3=harbor
EOF
|
4.使用v3.ext文件为Harbor主机生成证书
1
2
3
4
5
| openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.com.csr \
-out registry.com.crt
|
提供证书给Harbor和Docker
openssl x509 -inform PEM -in registry.com.crt -out registry.com.cert
1
2
| mkdir -p /etc/docker/certs.d/registry.com/
cp /data/harbor/cert/registry.com.crt /etc/docker/certs.d/registry.com/
|
四、配置harbor
修改如下配置
1
2
3
4
5
6
7
8
| hostname: registry.com
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/harbor/cert/registry.com.crt
private_key: /data/harbor/cert/registry.com.key
data_volume: /data/harbor
|
五、安装harbor
1
2
| cd harbor/
./install.sh
|
六、访问
1
2
| 添加解析,修改hosts
10.0.0.50 registry.com
|
打开访问:https://registry.com/