harbor离线安装 配置https 全程记录

1. 下载harbor最新版本

下载网址:

找最新的版本: https://github.com/goharbor/harbor/releases/download/v2.11.2/harbor-offline-installer-v2.11.2.tgz

这里我直接使用迅雷下载, 然后上传

1.1解压

sudo tar -xf harbor-offline-installer-v2.11.2.tgz -C /opt/

2. 配置Harbor

cd /opt/harborsudo cp harbor.yml.tmpl harbor.yml
sudo vi harbor.yml修改主机hostname: 172.16.20.20修改 httpshttps:# https port for harbor, default is 443port: 443# The path of cert and key files for nginxcertificate: /mnt/registry/secret/cert/server.crtprivate_key: /mnt/registry/secret/cert/server.key其中server.crt, server.key是通过如下命令获取注意: 172.16.20.20 是我的ip, 你用的时候换成自己的ip生成包含 SAN 的证书
openssl genrsa -out server.key 2048生成证书请求 (CSR)
openssl req -new -key server.key -out server.csr -config openssl.cnf自签署证书并加入 SANopenssl x509 -req -in server.csr -signkey server.key -days 36500 -out server.crt -extensions v3_req -extfile openssl.cnf其中 openssl.cnf内容如下[req]
default_bits        = 2048
default_keyfile     = server.key
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
x509_extensions     = v3_ca
string_mask         = utf8only[req_distinguished_name]
countryName         = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = JiangSu
localityName        = Locality Name (eg, city)
localityName_default = NanJing
organizationalName = Organization Name (eg, company)
organizationalName_default = Example Inc.
commonName          = Common Name (e.g. server FQDN or YOUR name)
commonName_default  = 172.16.20.20
commonName_max      = 64[v3_req]
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names[alt_names]
DNS.1   = 172.16.20.20
IP.1    = 172.16.20.20

2.1 证书生成好后 客户端需要安装

windows环境 下载证书 server.crt, 双击安装 存储到 受信任的根证书颁发机构

Linux环境

centos7 上面, 复制证书

sudo cp server.crt /usr/local/share/ca-certificates/sudo yum install -y ca-certificatessudo update-ca-trust force-enable
sudo update-ca-trust extract

Ubuntu 22.04上面

sudo cp server.crt /etc/ssl/certs/172.16.20.20.server.crtsudo update-ca-certificates

3.安装

sudo ./install.sh --with-trivy

4. 登陆

https正常显示

5. 使用命令记录

sudo docker ps -a
netstat -ntpl | grep docker停止命令
sudo docker-compose stop启动命令
sudo docker-compose start重启命令
sudo docker-compose restart创建并启动
sudo docker-compose up -d停止并删除容器
sudo docker-compose down -v

6. docker登陆并推送

打好tag
docker tag 172.16.20.20:6081/nfd/node-feature-discovery:v0.16.6 172.16.20.20/nfd/node-feature-discovery:v0.16.6推送
docker push 172.16.20.20/nfd/node-feature-discovery:v0.16.6