需要先安装 docker-ce和docker-compose

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 
yum update
yum install -y docker-ce
yum install -y epel-release
yum  install -y docker-compose

安装文档: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
下载安装包: https://github.com/goharbor/harbor/releases
我选择的是 v1.8.1 的离线安装包
下载

wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz

图片.png

解压

tar zxvf harbor-offline-installer-v1.8.1.tgz
cd harbor

修改配置文件harbor.yml,出于测试目的我只修改了hostname，如果要启用https或提高安全性，需要修改其他选项。

# hostname设置访问地址，可以使用ip、域名，不可以设置为127.0.0.1或localhost
hostname = 172.16.61.11

# 访问协议，默认是http，也可以设置https，如果设置https，则nginx ssl需要设置on
ui_url_protocol = http

# mysql数据库root用户默认密码root123，实际使用时修改下
db_password = 123456

max_job_workers = 3 

customize_crt = on

ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

secretkey_path = /data

admiral_url = NA
# 邮件设置，发送重置密码邮件时使用
email_identity = 

email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false

# 启动Harbor后，管理员UI登录的密码，默认是Harbor12345
harbor_admin_password = 123456

# 认证方式，这里支持多种认证方式，如LADP、本次存储、数据库认证。默认是db_auth，mysql数据库认证
auth_mode = db_auth

# LDAP认证时配置项
ldap_url = ldaps://ldap.mydomain.com
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5

# 是否开启自注册
self_registration = on

# token有效时间，默认30分钟
token_expiration = 30

# 用户创建项目权限控制，默认是everyone（所有人），也可以设置为adminonly（只能管理员）
project_creation_restriction = everyone

verify_remote_cert = on

docker 默认是按 https 请求的，由于我搭的私有库是 http 的，所以需要修改 docker 配置，将信任的库的地址写上
修改文件 /etc/docker/daemon.json

{
  "insecure-registries": [
    "你的ip或域名"
  ]
}

重启一下docker

systemctl restart docker

安装:

./install.sh

制作镜像

将 busybox制作成一个私有镜像
docker pull busybox
docker tag busybox ip地址/library/mybusybox:0.0.1

上传
先登陆私有库
docker login ip地址

PUSH

docker push ip地址/library/mybusybox:0.0.1

图片.png

ps：如果大量使用还是要用https
配置https方法(测试使用自签名证书)
[官方教程]https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

创建存放证书的目录

mkdir -p /opt/harbor_cert/
cd /opt/harbor_cert/

生成根证书

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=10.129.194.209" -key ca.key -out ca.crt

生成服务器证书

openssl genrsa -out 10.129.194.209.key 4096
openssl req -sha512 -new -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=10.129.194.209" -key 10.129.194.209.key -out 10.129.194.209.csr
echo subjectAltName = IP:10.129.194.209 > extfile.cnf
openssl x509 -req -sha512 -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -in 10.129.194.209.csr -out 10.129.194.209.crt
openssl x509 -inform PEM -in 10.129.194.209.crt -out 10.129.194.209.cert

配置 HTTPS 配置

编辑harbor.yaml

https:
#   # https port for harbor, default is 443
   port: 443
#   # The path of cert and key files for nginx
   certificate: /opt/harbor_cert/10.129.194.209.crt
   private_key: /opt/harbor_cert/10.129.194.209.key

暂停

docker-compose down -v
./prepare # 生成配置文件，根据 harbor.yml 配置生成docker-compose文件。
docker-compose up -d # 后台启动

docker客户端机器上操作

cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/
cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/
cp ca.crt /etc/docker/certs.d/yourdomain.com/

The following illustrates a configuration with custom certificates:

/etc/docker/certs.d/
└── yourdomain.com:port
├── yourdomain.com.cert <-- Server certificate signed by CA
├── yourdomain.com.key <-- Server key signed by CA
└── ca.crt <-- Certificate authority that signed the registry certificate

图片.png

登录一下试试

图片.png

[参考连接]https://blog.csdn.net/min19900718/article/details/87920254