#安装包
wget https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz
wget https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz.asc#导入签名公钥
gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C#开始校验文件(离线安装包)
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.10.3.tgz.asc#解压
cd /root/apps
tar -xzvf harbor-offline-installer-v2.10.3.tgz
cd /root/apps/harbor#签发证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \-subj "/C=CN/ST=Beijing/L=Beijing/O=harbor/OU=Personal/CN=harbor.net.com" \-key ca.key \-out ca.crt#创建服务端相关证书
##创建私钥
openssl genrsa -out harbor.net.com.key 4096
#生成证书签名请求
openssl req -sha512 -new \-subj "/C=CN/ST=Beijing/L=Beijing/O=harbor/OU=Personal/CN=harbor.net.com" \-key harbor.net.com.key \-out harbor.net.com.csr
#Generate an x509 v3 extension file
===========================================
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=harbor.net.com
DNS.2=net.com
DNS.3=node02
EOF
===========================================openssl x509 -req -sha512 -days 3650 \-extfile v3.ext \-CA ca.crt -CAkey ca.key -CAcreateserial \-in harbor.net.com.csr \-out harbor.net.com.crt#拷贝服务端证书到harbor数据目录
cd /root/apps/cer #harbor.net.com.crt 和 harbor.net.com.key
#Convert yourdomain.com.crt to yourdomain.com.cert, for use by Docker
openssl x509 -inform PEM -in harbor.net.com.crt -out harbor.net.com.cert
#配置docker读取证书
mkdir -p /etc/docker/certs.d/harbor.net.com/
cp harbor.net.com.cert /etc/docker/certs.d/harbor.net.com/
cp harbor.net.com.key /etc/docker/certs.d/harbor.net.com/
cp ca.crt /etc/docker/certs.d/harbor.net.com/systemctl restart docker
ls -l /etc/docker/certs.d/harbor.net.com/
#修改harbor配置文件
#去往harbor解压目录
cd /root/apps/harbor
# 拷贝配置文件
cp harbor.yml.tmpl harbor.yml
# 编辑配置参数
nano harbor.yml
===================================
hostname: harbor.net.com# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 80# https related config
https:# https port for harbor, default is 443port: 443# The path of cert and key files for nginxcertificate: /etc/docker/certs.d/harbor.net.com/harbor.net.com.certprivate_key: /etc/docker/certs.d/harbor.net.com/harbor.net.com.key===================================
#配置操作系统信任证书
https://goharbor.io/docs/1.10/install-config/troubleshoot-installation/#https#启动服务
chmod a+x prepare
./install.sh --with-trivy#访问
window本地需要配置C:\Windows\System32\drivers\etc
192.168.31.185 harbor.net.com
默认账号admin,密码可以通过配置文件harbor.yml的参数harbor_admin_password指定自定义值
默认密码为Harbor12345#配置Docker镜像源"insecure-registries":["harbor.net.com","192.168.31.185:80"]
nano /etc/docker/daemon.json
{"registry-mirrors": ["https://docker.211678.top","https://docker.1panel.live","https://hub.rat.dev","https://docker.m.daocloud.io","https://do.nark.eu.org","https://dockerpull.com","https://dockerproxy.cn","https://docker.awsl9527.cn"],"insecure-registries":["harbor.net.com","192.168.31.185:80"]
}
sudo systemctl restart dockerdocker login -u admin -p Harbor12345 192.168.31.185:80