前期准备离线包下载:https://github.com/goharbor/h...选择572MBtgz听说1.7.6好像有漏洞。为了保险起见,我选择1.8.5,注意最低安装要求。安装步骤安装docker,首先配置源,然后安装特定版本的docker(参考文档需要)配置阿里源:wgethttps://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo-O/etc/yum.repos.d/docker-ce.repoinstalldocker18:yum-yinstalldocker-ce-18.06.1.ce-3.el7installdockercompose,参考文档:https://github.com/docker/com...执行按顺序执行以下命令:curl-Lhttps://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname-s`-`uname-m`-o/usr/local/bin/docker-composechmod+x/usr/local/bin/docker-compose解压harbor包,配置红框处的cfg文件tarxfharbor-offline-installer-v1.8.5.tgz-C/opt/下面修改:hostname:可以改成IP,域名【本文使用IP】本文中所有yourdomain.com都需要改成你服务器的IP端口,避免和nginx冲突,改成除此之外的即可80,本文改成1080。需要改一下,在harbor./install.sh下执行安装命令安装nginxyum-yinstallnginx编辑nginx配置文件:vim/etc/nginx/conf.d/yourdomain.com.conf,文件内容如下如下:server{listen80;server_nameyourdomain.com;client_max_body_sizee1000米;位置/{proxy_passhttp://127.0.0.1:1080;}}配置HTTPS(重要)生成证书颁发机构证书生成CA证书私钥opensslgenrsa-outca.key4096生成CA证书opensslreq-x509-new-nodes-sha512-days3650\-subj"/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com"\-keyca.key\-outca.crt生成服务器证书生成私钥opensslgenrsa-outyourdomain.com.key4096生成证书签名请求(CSR)opensslreq-x509-new-nodes-sha512-days3650\-subj"/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com"\-keyca.key\-outca.crt生成一个x509v3扩展文件cat>v3.ext<<-EOFauthorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEnciphermentextendedKeyUsage=serverAuthsubjectAltName=IP:yourdomain.comEOF使用此v3.ext文件为您的Harbor主机生成证书opensslx509-req-sha512-days3650\-分机ev3.ext\-CAca.crt-CAkeyca.key-CAcreateserial\-inyourdomain.com.csr\-outyourdomain.com.crt向Harbor和Docker提供证书创建文件夹mkdir-p/data/cert/复制证书文件夹的证书密钥cpyourdomain.com.crt/data/cert/cpyourdomain.com.key/data/cert/将yourdomain.com.crt转换为yourdomain.com.cert以便Docker使用opensslx509-通知PEM-inyourdomain.com.crt-outyourdomain.com.cert创建一个文件夹用于存储密钥和CA文件mkdir-p/etc/docker/certs.d/yourdomain.com/将服务器证书、密钥和CA复制文件到Harbor主机上的Docker证书文件夹cpyourdomain.com.cert/etc/docker/certs.d/yourdomain.com/cpyourdomain.com.key/etc/docker/certs.d/yourdomain.com/cpca。crt/etc/docker/certs.d/yourdomain.com/restartdockersystemctlrestartdocker修改harbor.yml文件中的secretkey选项,注释掉默认,修改为自己配置的/data/cert/#certificate:/your/certificate/path#private_key:/your/private/key/pathcertificate:/data/cert/49.235.207.16.crtprivate_key:/data/cert/49.235.207.16.keyexecutepreparetoenablehttps./prepare通过码头工人r-compose启动harbordocker-composeup-d10。重启nginx并启动systemctlrestartnginxsystemctlenablenginx验证harbor服务器验证docker登录yourdomain.com并根据提示输入harbor.yml中配置的密码在浏览器中验证:输入“yourdomain.com”并添加一个如果不安全则例外。
