centos7安装harbor带ssl
1、安装依赖 yum install ebtables ethtool iproute iptables socat util-linux wget openssl-devel -y
2、安装 docker-compose yum install epel-release -y yum install python-pip -y pip install --upgrade pip curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose chmod a+x /usr/local/bin/docker-compose docker-compose --version 修改hosts文件 笔者以下使用的域名hub.domain.com,并不是实际注册的域名,而是通过修改Hosts文件指向了这个Harbor服务器的地址,你可以修改为自己需要的域名。 [ ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.43 hub.domain.com 创建为Harbor使用Https的CA证书 创建证书存放目录 [ ~]# mkdir -p /data/cert [ ~]# cd /data/cert/ 获得证书授权 [ cert]# openssl genrsa -out ca.key 4096 [ cert]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Guangzhou/L=Guangzhou/O=example/CN=hub.domain.com" -key ca.key -out ca.crt 获得证书服务器 # 创建私钥 [ cert]# openssl genrsa -out hub.domain.com.key 4096 # 生成证书签名 [ cert]# openssl req -sha512 -new -subj "/C=CN/ST=Guangzhou/L=Guangzhou/O=example/CN=hub.domain.com" -key hub.domain.com.key -out hub.domain.com.csr # 生成注册表主机的证书 [ cert]# cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=hub.domain.com DNS.2=hub.domain EOF [ cert]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in hub.domain.com.csr -out hub.domain.com.crt # 转换证书 [ cert]# openssl x509 -inform PEM -in hub.domain.com.crt -out hub.domain.com.cert 生成完之后的证书目录结构 [ cert]# tree . . ├── ca.crt ├── ca.key ├── ca.srl ├── hub.domain.com.cert ├── hub.domain.com.crt ├── hub.domain.com.csr ├── hub.domain.com.key └── v3.ext 0 directories, 8 files 安装及配置Harbor私有仓库 下载加解压离线安装版Harbor安装文件 [ cert]# cd .. [ data]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz [ data]# tar -xf harbor-offline-installer-v1.7.1.tgz [ data]# ls cert harbor harbor-offline-installer-v1.7.1.tgz 编辑harbor.cfg配置文件 [ data]# cd harbor.yml Edit the file harbor.yml, update the hostname and uncomment the https block, and update the attributes certificate and private_key: #set hostname hostname: yourdomain.com http: port: 80 https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /data/cert/yourdomain.com.crt private_key: /data/cert/yourdomain.com.key 为Harbor生成配置文件 [ harbor]# ./prepare 1 为Docker配置服务器证书,密钥和CA [ harbor]# mkdir -p /etc/docker/certs.d/hub.demian.com [ harbor]# cp hub.domain.com.cert /etc/docker/certs.d/hub.domain.com/ [ harbor]# cp hub.domain.com.key /etc/docker/certs.d/hub.domain.com/ [ harbor]# cp ca.crt /etc/docker/certs.d/hub.domain.com/ Edit the file harbor.yml, update the hostname and uncomment the https block, and update the attributes certificate and private_key: #set hostname hostname: yourdomain.com http: port: 80 https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /data/cert/yourdomain.com.crt private_key: /data/cert/yourdomain.com.key
相关推荐
链块学院 2020-11-06
afanti 2020-09-14
白开水 2020-07-19
liyansring 2020-07-18
shenzhenzsw 2020-07-18
啦啦啦啦啦 2020-06-28
yangliuhbhd 2020-06-12
小爷有点狂 2020-06-12
无风的雨 2020-06-12
changecan 2020-06-11
蒜蓉粉丝蒸扇贝 2020-06-10
lihongtai 2020-06-08
liaochaowu 2020-06-06
zwt00 2020-06-05
scmrpu 2020-06-02
kuzilala 2020-05-14
小信 2020-05-14