devbox
空白诗007
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Harbor安装+配置https访问_harbor配置域名访问

作者:空白诗007 | 2024-08-14 01:45:19

harbor配置域名访问

基础环境 docker-ce 24.0.2

环境配置参考: Harbor docs | Harbor Installation Prerequisites

Hardware

The following table lists the minimum and recommended hardware configurations for deploying Harbor.

ResourceMinimumRecommended
CPU2 CPU4 CPU
Mem4 GB8 GB
Disk40 GB160 GB

Software

The following table lists the software versions that must be installed on the target host.

SoftwareVersionDescription
Docker EngineVersion 17.06.0-ce+ or higherFor installation instructions, see Docker Engine documentation
Docker Composedocker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin)For installation instructions, see Docker Compose documentation
OpenSSLLatest is preferredUsed to generate certificate and keys for Harbor

 

软件版本

docker-compose v2.19.0

harbor v2.8.2

安装步骤

一、安装docker-compose

下载地址

curl -SL https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-linux-x86_64 -o usr/local/bin/docker-compose

注意:如果没有运行权限 执行 chmod u+x docker-compose 赋权;

验证安装

docker-compose -v

二、安装harbor

harbor v2.8.2 版本发布页面

离线安装包下载地址 https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz 

安装Harbor

建议先使用最简单的方式安装harbor,验证可行。同时这样也可以将需要的镜像文件下载到当前主机中。

2.1下载

  1. tar -xf harbor-offline-installer-v2.8.2.tgz
  2.  
  3.  
  4. [root@harbor home]# ls
  5. cert  harbor  harbor-offline-installer-v2.8.2.tgz
  6.  
  7. [root@harbor home]# cd harbor
  8. [root@harbor harbor]# ls
  9. common     docker-compose.yml  harbor.v2.8.2.tar.gz  harbor.yml.tmpl  LICENSE
  10. common.sh  harbor.srl          harbor.yml            install.sh       prepare
  11.  
  12. [root@harbor harbor]# cp harbor.yml.tmpl harbor.yml

 2.2 编辑harbor配置文件并保存

 2.3 安装并启动harbor

  1. [root@harbor harbor]# pwd
  2. /home/harbor
  3.  
  4. ./prepare
  5.  
  6. ./install.sh

启动完成后即可通过 ip地址:80端口访问。

如果需要配置https,先删除harbor

  1. cd /home/harbor
  2.  
  3. docker-compose down -v

配置TLS,实现HTTPS和域名方式访问

一,TLS证书生成参考以下帖的回复 

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28841

  1. [root@harbor harbor]# cd /home/cert
  2.  
  3.  
  4. openssl genrsa -out ca.key 2048
  5. openssl req -new -x509 -days 3650 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Lx, Inc./CN=Lx Root CA" -out ca.crt
  6. openssl req -newkey rsa:2048 -nodes -keyout lx.com.key -subj "/C=CN/ST=GD/L=SZ/O=Lx, Inc./CN=*.lx.com" -out lx.com.csr
  7. openssl x509 -req -extfile <(printf "subjectAltName=DNS:lx.com,DNS:harbor.lx.com") -days 3650 -in lx.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out lx.com.crt
  8.  
  9.  
  10. [root@harbor cert]# ls
  11. lx.com.crt  lx.com.csr  lx.com.key

二、将证书配置到harbor的配置文件中

  1. [root@harbor cert]# cd ../harbor
  2. [root@harbor harbor]# ls
  3. common     docker-compose.yml  harbor.v2.8.2.tar.gz  harbor.yml.tmpl  LICENSE
  4. common.sh  harbor.srl          harbor.yml            install.sh       prepare

编辑harbor.yml

启动harbor

  1. ./prepare
  2.  
  3. ./install.sh

检验安装效果

  1. [root@harbor harbor]# openssl s_client -connect harbor.lx.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:
  2.                 DNS:lx.com, DNS:harbor.lx.com

三、配置docker正常使用域名访问

[root@harbor harbor]# vi /etc/docker/daemon.json 

拷贝证书到docker路径下

  1. [root@harbor harbor]# cd /home/cert
  2.  
  3. mkdir /etc/docker/certs.d/lx.com/ 
  4.  
  5. cp lx.com.crt /etc/docker/certs.d/lx.com/ca.crt

 验证docker 登录

  1. [root@192 ~]# systemctl daemon-reload
  2. [root@192 ~]# systemctl restart docker
  3. [root@192 ~]# docker login harbor.lx.com -u admin -p Harbor12345
  4. WARNING! Using --password via the CLI is insecure. Use --password-stdin.
  5. WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
  6. Configure a credential helper to remove this warning. See
  7. https://docs.docker.com/engine/reference/commandline/login/#credentials-store
  8.  
  9. Login Succeeded
  10. [root@192 ~]# vi /etc/docker/daemon.json
  11. [root@192 ~]# docker logout
  12. Removing login credentials for https://index.docker.io/v1/

 四、浏览器验证登录

将/home/cert/lx.com.crt证书文件导出,

在windows下点击安装证书,浏览器即可以通过域名访问

 https://harbor.lx.com/

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/空白诗007/article/detail/977410
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号