Simple and detailed harbor build

preparation in advance

  1. Offline package download: https://github.com/goharbor/h...
  • Select 572MB tgz
  • Hearing that 1.7.6 seems to have a bug, for insurance reasons, I choose 1.8.5
  1. Note minimum installation requirements

Installation steps

  1. Install docker, configure the source below, and install a specific version of docker (reference documentation required)

  • Configure Ali Source:

    wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
  • Install docker 18:

    yum -y install docker-ce-18.06.1.ce-3.el7
  1. Install dockercompose, reference documentation: https://github.com/docker/com...
  • Execute the following commands in turn:

        curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
        chmod +x /usr/local/bin/docker-compose
  1. Unzip the harbor package and configure the cfg file

        tar xf harbor-offline-installer-v1.8.5.tgz -C /opt/

    Modify in the red box below:
    hostname: can be changed to IP, domain name [IP is used in this article]

All in this articleYourdomain.comNeed to change to your server's IP

  port avoids conflicts with nginx, instead of 80, this article changes to 1080
  Change remaining passwords as needed

  1. Execute installation command under harbor

        ./install.sh
  2. Install nginx

        yum -y install nginx
  3. Edit nginx configuration file: vim/etc/nginx/conf.d/Yourdomain.com.conf, the contents of the file are as follows:
    server {
            listen          80;
            server_name     yourdomain.com;
            client_max_body_size    1000m;
            location / {
                    proxy_pass http://127.0.0.1:1080;
            }
    }

Configure HTTPS (Key)

  • Generate Certification Authority Certificates
  1. Generate CA Certificate Private Key
    openssl genrsa -out ca.key 4096
  1. Generate CA certificate
    openssl req -x509 -new -nodes -sha512 -days 3650 \
             -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
             -key ca.key \
             -out ca.crt
  • Generate server certificate
  1. Generate private key
    openssl genrsa -out yourdomain.com.key 4096
  1. Generate Certificate Signature Request (CSR)
    openssl req -x509 -new -nodes -sha512 -days 3650 \
     -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
     -key ca.key \
     -out ca.crt
  1. Generate an x509 v3 extension file

        cat > v3.ext <<-EOF
       authorityKeyIdentifier=keyid,issuer
       basicConstraints=CA:FALSE
       keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
       extendedKeyUsage = serverAuth
       subjectAltName = IP:yourdomain.com
       EOF
  2. Use this v3.ext file to generate a certificate for your Harbor host

        openssl x509 -req -sha512 -days 3650 \
           -extfile v3.ext \
           -CA ca.crt -CAkey ca.key -CAcreateserial \
           -in yourdomain.com.csr \
           -out yourdomain.com.crt
    • Provide certificates to Harbor and Docker
    1. create folder
        mkdir -p /data/cert/
  3. Copy the certificate key to the cert folder

        cp yourdomain.com.crt /data/cert/
           cp yourdomain.com.key /data/cert/
  4. TransformationYourdomain.com.crtbyYourdomain.com.certFor use by Docker

           openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
  5. Create folders to hold secret keys and CA files
    mkdir -p /etc/docker/certs.d/yourdomain.com/
  1. Copy server certificates, keys, and CA files to the Docker Certificates folder on the Harbor host
    cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/
    cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/
    cp ca.crt /etc/docker/certs.d/yourdomain.com/
  1. Restart docker
    systemctl restart docker
  1. modifyHarbor.ymlSecret key options in the file, comment out the default and change to your own configured/data/cert/
    #  certificate: /your/certificate/path
    #  private_key: /your/private/key/path
      certificate: /data/cert/49.235.207.16.crt
      private_key: /data/cert/49.235.207.16.key
  1. Execute prepare to enable https
    ./prepare
  1. Start harbor with docker-compose
    docker-compose up -d

10. Restart nginx and start it

    systemctl restart nginx
    systemctl enable nginx

Verify harbor

  1. Validation in Server
    docker login yourdomain.com
  • Enter as promptedHarbor.ymlThe password configured in
  1. Verify in browser: Enter "yourdomain.com"Unsafe add exceptions.

Keywords: Linux Docker Nginx OpenSSL github

Added by rodin on Sun, 07 Jun 2020 04:23:22 +0300