一、下载安装包
wget https://github.com/goharbor/harbor/releases/download/v2.0.1/harbor-online-installer-v2.0.1.tgz
二、解压
tar xf harbor-online-installer-v2.0.1.tgz -C /usr/local/
三、配置https访问
1.创建目录
mkdir /data/harbor/cert -p
cd /data/harbor/cert
配置证书颁发机构
1.生成CA证书私钥
openssl genrsa -out ca.key 4096
2.生成CA证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=soulchild/OU=myharbor/CN=registry.com" \
-key ca.key \
-out ca.crt
字段含义:
C:国家
ST:省份
L:城市
O:组织单位
OU:其他内容
CN:一般填写域名
配置服务器证书
- 生成私钥
openssl genrsa -out registry.com.key 4096
2.生成证书签名请求(CSR)
openssl req -sha512 -new \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=soulchild/OU=myharbor/CN=registry.com" \
-key registry.com.key \
-out registry.com.csr
- 生成x509 v3扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=registry.com
DNS.2=registry
DNS.3=harbor
EOF
4.使用v3.ext文件为Harbor主机生成证书
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.com.csr \
-out registry.com.crt
提供证书给Harbor和Docker
openssl x509 -inform PEM -in registry.com.crt -out registry.com.cert
mkdir -p /etc/docker/certs.d/registry.com/
cp /data/harbor/cert/registry.com.crt /etc/docker/certs.d/registry.com/
四、配置harbor
修改如下配置
hostname: registry.com
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/harbor/cert/registry.com.crt
private_key: /data/harbor/cert/registry.com.key
data_volume: /data/harbor
五、安装harbor
cd harbor/
./install.sh
六、访问
添加解析,修改hosts
10.0.0.50 registry.com
打开访问:https://registry.com/
转载请标明出处【harbor2.0.1安装部署】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
最新评论