preparation in advance
- Offline package download: https://github.com/goharbor/h...
- Select 572MB tgz
- Hearing that 1.7.6 seems to have a bug, for insurance reasons, I choose 1.8.5
- Note minimum installation requirements
Installation steps
- Install docker, configure the source below, and install a specific version of docker (reference documentation required)
-
Configure Ali Source:
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo -
Install docker 18:
yum -y install docker-ce-18.06.1.ce-3.el7
- Install dockercompose, reference documentation: https://github.com/docker/com...
-
Execute the following commands in turn:
curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
-
Unzip the harbor package and configure the cfg file
tar xf harbor-offline-installer-v1.8.5.tgz -C /opt/Modify in the red box below:
hostname: can be changed to IP, domain name [IP is used in this article]
All in this articleYourdomain.comNeed to change to your server's IP
port avoids conflicts with nginx, instead of 80, this article changes to 1080 Change remaining passwords as needed
-
Execute installation command under harbor
./install.sh -
Install nginx
yum -y install nginx - Edit nginx configuration file: vim/etc/nginx/conf.d/Yourdomain.com.conf, the contents of the file are as follows:
server { listen 80; server_name yourdomain.com; client_max_body_size 1000m; location / { proxy_pass http://127.0.0.1:1080; } }
Configure HTTPS (Key)
- Generate Certification Authority Certificates
- Generate CA Certificate Private Key
openssl genrsa -out ca.key 4096
- Generate CA certificate
openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \ -key ca.key \ -out ca.crt
- Generate server certificate
- Generate private key
openssl genrsa -out yourdomain.com.key 4096
- Generate Certificate Signature Request (CSR)
openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \ -key ca.key \ -out ca.crt
-
Generate an x509 v3 extension file
cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = IP:yourdomain.com EOF -
Use this v3.ext file to generate a certificate for your Harbor host
openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in yourdomain.com.csr \ -out yourdomain.com.crt- Provide certificates to Harbor and Docker
- create folder
mkdir -p /data/cert/ -
Copy the certificate key to the cert folder
cp yourdomain.com.crt /data/cert/ cp yourdomain.com.key /data/cert/ -
TransformationYourdomain.com.crtbyYourdomain.com.certFor use by Docker
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert - Create folders to hold secret keys and CA files
mkdir -p /etc/docker/certs.d/yourdomain.com/
- Copy server certificates, keys, and CA files to the Docker Certificates folder on the Harbor host
cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/ cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/ cp ca.crt /etc/docker/certs.d/yourdomain.com/
- Restart docker
systemctl restart docker
- modifyHarbor.ymlSecret key options in the file, comment out the default and change to your own configured/data/cert/
# certificate: /your/certificate/path # private_key: /your/private/key/path certificate: /data/cert/49.235.207.16.crt private_key: /data/cert/49.235.207.16.key
- Execute prepare to enable https
./prepare
- Start harbor with docker-compose
docker-compose up -d
10. Restart nginx and start it
systemctl restart nginx systemctl enable nginx
Verify harbor
- Validation in Server
docker login yourdomain.com
- Enter as promptedHarbor.ymlThe password configured in
- Verify in browser: Enter "yourdomain.com"Unsafe add exceptions.