准备

创建 https 工作目录

mkdir -p /docker-data/dokcer/harbor/https
cd /docker-data/dokcer/harbor/https

设置 docker 可远程访问

参考 《docker 安装》 文档中 “开启远程访问”

https 配置

参考

https://goharbor.io/docs/2.0.0/install-config/configure-https/

替换下面的 harbor.jeecode.com 为自己的域名，全部粘贴执行

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=jeecode/OU=Personal/CN=harbor.jeecode.com" \
 -key ca.key \
 -out ca.crt

openssl genrsa -out harbor.jeecode.com.key 4096

openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=jeecode/OU=Personal/CN=harbor.jeecode.com" \
    -key harbor.jeecode.com.key \
    -out harbor.jeecode.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.jeecode.com
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.jeecode.com.csr \
    -out harbor.jeecode.com.crt

openssl x509 -inform PEM -in harbor.jeecode.com.crt -out harbor.jeecode.com.cert

配置安装 harbor

下载

https://goharbor.io/docs/2.0.0/install-config/download-installer/

https://github.com/goharbor/harbor/releases

1. 解压 harbor-offline-installer-v2.0.1-rc1.tgz

   tar -zxf harbor-offline-installer-v2.0.1-rc1.tgz
   

2. 修改配置 harbor.yml

   需要修改域名

   cp /docker-data/dokcer/harbor/harbor/harbor.yml.tmpl /docker-data/dokcer/harbor/harbor/harbor.yml
   
   # 替换其中的 hostname 内容
   sed -i "s:reg.mydomain.com:harbor.jeecode.com:g" /docker-data/dokcer/harbor/harbor/harbor.yml
   
   # 替换其中的 https 内容
   sed -i "s:/your/certificate/path:/docker-data/dokcer/harbor/https/harbor.yoyosys.jeecode.com.cert:g" /docker-data/dokcer/harbor/harbor/harbor.yml
   
   sed -i "s:/your/private/key/path:/docker-data/dokcer/harbor/https/harbor.yoyosys.jeecode.com.key:g" /docker-data/dokcer/harbor/harbor/harbor.yml
   
   

3. 初始化并启动 harbor

   # 初始化 https
   /docker-data/dokcer/harbor/harbor/prepare
   # 安装并启动 harbor
   /docker-data/dokcer/harbor/harbor/install.sh
   

4. 查看 harbor 是否启动成功

   docker-compose -f /docker-data/dokcer/harbor/harbor/docker-compose.yml ps 
   
   # 全部为 healthy 说明成功
   

访问 harbor 控制台

https://harbor.jeecode.com

用户名密码

admin/Harbor12345

其他机器配置

配置私服地址（忽略安全认证）

cat /etc/docker/daemon.json

需要修改域名

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://o8ws93z4.mirror.aliyuncs.com"],
  "insecure-registries":["harbor.jeecode.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

登录到私服

需要修改域名

# 登录
docker login -u admin -p Harbor12345 harbor.jeecode.com

在 harbor 上创建用户项目 jeecode

验证

提交 redis 到私服

docker pull nginx

docker tag nginx:latest harbor.jeecode.com/jeecode/nginx:v1

docker push harbor.jeecode.com/jeecode/nginx:v1


# 在其他机器上
docker run --rm -p 80:80 harbor.jeecode.com/jeecode/nginx:v1