Home - Jommy328/Harbor GitHub Wiki
申请https证书
使用工具letsencrypt
安装letsencrypt软件
$ sudo apt-get install letsencrypt
生成证书
# letsencrypt certonly --standalone -d hub.xxx.cn
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): 输入你的邮箱
(A)gree/(C)ancel: A
(Y)es/(N)o: Y
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/hub.wenyinhulian.cn/fullchain.pem #证书保存路径
Your key file has been saved at:
/etc/letsencrypt/live/hub.wenyinhulian.cn/privkey.pem #后续会用到这两个路径,需要保存
Your cert will expire on 2021-12-15. #过期时间
计划任务自动更新证书
修改linux默认编辑器为vim
echo export EDITOR=/usr/bin/vim >> ~/.bashrc
构建计划任务shell
# vim /opt/harbor/ssl.sh
cd /opt/harbor/
docker-compose down
certbot renew
./prepare
docker-compose up -d
构建计划任务
# crontab -e
45 03 * * 6 bash /opt/harbor/ssl.sh
# 每周6,3:45 执行
安装docker
Debian/Ubuntu 用户
以下内容根据 官方文档 修改而来。
如果你过去安装过 docker,先删掉:
sudo apt-get remove docker docker-engine docker.io
首先安装依赖:
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
信任 Docker 的 GPG 公钥:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
对于 amd64 架构的计算机,添加软件仓库:
root@ubuntu12:~# add-apt-repository \
"deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu \
$(lsb_release -cs) \
stable"
# apt-get -y update
选择版本
zhao@ubuntu12:~ $ apt-cache madison docker-ce
docker-ce | 5:18.09.9~3-0~ubuntu-bionic | https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.8~3-0~ubuntu-bionic | https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu bionic/stable amd64 Packages
安装
#apt-get install docker-ce=5:18.09.9~3-0~ubuntu-bionic docker-ce-cli=5:18.09.9~3-0~ubuntu-bionic
root@ubuntu12:~# systemctl start docker
root@ubuntu12:~# systemctl enable docker
查看docker版本
root@ubuntu12:~# docker version
Client:
Version: 18.09.9
API version: 1.39
Go version: go1.11.13
Git commit: 039a7df9ba
Built: Wed Sep 4 16:57:28 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.9
API version: 1.39 (minimum version 1.12)
Go version: go1.11.13
Git commit: 039a7df
Built: Wed Sep 4 16:19:38 2019
OS/Arch: linux/amd64
Experimental: false
Compose 安装
Linux 上我们可以从 Github 上下载它的二进制包来使用,最新发行的版本地址:https://github.com/docker/compose/releases。
运行以下命令以下载 Docker Compose 的当前稳定版本:
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
要安装其他版本的 Compose,请替换 1.24.1。
将可执行权限应用于二进制文件:
$ sudo chmod +x /usr/local/bin/docker-compose
创建软链:
$ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
测试是否安装成功:
$ docker-compose --version
cker-compose version 1.24.1, build 4667896b
安装Harbor
下载地址
https://github.com/vmware/harbor/releases
配置Harbor
解压并编辑 harbor.yml
# cd /usr/local/src/
root@Ubuntu13:/usr/local/src # ls
harbor-offline-installer-v2.2.1.tgz
# tar xvf harbor-offline-installer-v2.2.1.tgz
# cd harbor/
# cp harbor.yml.tmpl harbor.yml
配置文件
# vim harbor.yml
#域名
hostname: harbor.awesomeport.cn
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/letsencrypt/live/hub.wenyinhulian.cn/fullchain.pem #将生成的证书填入
private_key: /etc/letsencrypt/live/hub.wenyinhulian.cn/privkey.pem #将生成的证书填入
harbor_admin_password: Harbor123 #登录密码
storage_service: #阿里云OSS
oss:
accesskeyid: LTAI5tH3vXXXXXXXXE9ADF #访问密钥AccessKey
accesskeysecret: LBl9XDfvzXXXXXXXXiOOY6
region: oss-cn-beijing #区域
endpoint: memect-beijing.oss-cn-beijing.aliyuncs.com #互联网访问地址,选择外网 bucket域名
bucket: memect-harbor #Bucket 名称
secure: true
创建DNS文件
如不配置此项,docker login登录会503
vim /etc/docker/daemon.json{"dns":["223.6.6.6","223.5.5.5"]}
启动服务
# pwd/opt/harbor执行安装# ./install.sh
重置服务操作
修改harbor.yml 后操作如何重置服务
# pwd/opt/harbor# ./prepare# docker-compose down && docker-compose up -d