docker的私有仓库harbor

标签：ssl harbor com 私有 docker root bogon yunjisuan

[root@localhost ~]# mkdir -p /data/ssl

 

[root@localhost ~]# cd /data/ssl/

 

[root@localhost ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key

.................++

.................++

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Beijing                

Locality Name (eg, city) [Default City]:Beijing  

Organization Name (eg, company) [Default Company Ltd]:yunjisuan

Organizational Unit Name (eg, section) []:yunjisuan

Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com

Email Address []:

 

[root@localhost ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr

Generating a 4096 bit RSA private key

......................................................................................................................................................................++

.........................................................................................................................................................................................................................................++

writing new private key to 'www.yunjisuan.com.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Beijing     

Locality Name (eg, city) [Default City]:Beijing

Organization Name (eg, company) [Default Company Ltd]:yunjisuan

Organizational Unit Name (eg, section) []:yunjisuan

Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 

[root@localhost ssl]# ls

ca.crt  ca.key  www.yunjisuan.com.csr  www.yunjisuan.com.key

 

 

[root@bogon ssl]# openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt

Signature ok

subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com

Getting CA Private Key

 

[root@bogon ssl]# ls

ca.crt  ca.key  ca.srl  www.yunjisuan.com.crt  www.yunjisuan.com.csr  www.yunjisuan.com.key

 

[root@bogon ssl]# cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/   #签发证书

 

[root@bogon ssl]# update-ca-trust enable

[root@bogon ssl]# update-ca-trust extract  #让证书立即生效

 

[root@bogon ssl]# sestatus

SELinux status:                 disabled   #查看se的状态

 

[root@bogon ssl]# systemctl stop firewalld #关闭防火墙

 

[root@bogon ssl]# yum -y install yum-utils device-mapper-persistent-data lvm2 #安装依赖包

 

[root@bogon ssl]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100  1919  100  1919    0     0   2141      0 --:--:-- --:--:-- --:--:--  2139

 

[root@bogon ssl]# yum -y install docker-ce

 

[root@bogon ssl]# systemctl start docker

[root@bogon ssl]# systemctl status docker

● docker.service - Docker Application Container Engine

   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)

   Active: active (running) since 二 2024-01-23 19:36:45 CST; 9s ago

     Docs: https://docs.docker.com

 Main PID: 75367 (dockerd)

    Tasks: 8

   Memory: 29.0M

   CGroup: /system.slice/docker.service

           └─75367 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

 

1月 23 19:36:44 bogon systemd[1]: Starting Docker Application Container Engine...

1月 23 19:36:44 bogon dockerd[75367]: time="2024-01-23T19:36:44.876530652+08:00" level=info msg="Starting up"

1月 23 19:36:44 bogon dockerd[75367]: time="2024-01-23T19:36:44.994809327+08:00" level=info msg="Loading containers: start."

1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.795362083+08:00" level=info msg="Loading containers: done."

1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.827181646+08:00" level=info msg="Docker daemon" commit=61...=25.0.0

1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.827463867+08:00" level=info msg="Daemon has completed ini...zation"

1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.887077116+08:00" level=info msg="API listen on /run/docker.sock"

1月 23 19:36:45 bogon systemd[1]: Started Docker Application Container Engine.

Hint: Some lines were ellipsized, use -l to show in full.

 

 

[root@bogon ssl]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

 

[root@bogon ssl]# docker version

Client: Docker Engine - Community

 Version:           25.0.0

 API version:       1.44

 Go version:        go1.21.6

 Git commit:        e758fe5

 Built:             Thu Jan 18 17:13:17 2024

 OS/Arch:           linux/amd64

 Context:           default

 

Server: Docker Engine - Community

 Engine:

  Version:          25.0.0

  API version:      1.44 (minimum version 1.24)

  Go version:       go1.21.6

  Git commit:       615dfdf

  Built:            Thu Jan 18 17:12:10 2024

  OS/Arch:          linux/amd64

  Experimental:     false

 containerd:

  Version:          1.6.27

  GitCommit:        a1496014c916f9e62104b33d1bb5bd03b0858e59

 runc:

  Version:          1.1.11

  GitCommit:        v1.1.11-0-g4bccb38

 docker-init:

  Version:          0.19.0

  GitCommit:        de40ad0

 

[root@bogon ssl]# mkdir -p /etc/ssl/harbor  #创建证书目录并复制

 

[root@bogon ssl]# cp www.yunjisuan.com.crt www.yunjisuan.com.key /etc/ssl/harbor/

[root@Harbor install]# wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-off1ine-installer-v1.5.0.te2

[root@bogon ssl]# mkdir -p /data/install

[root@192 ~]# tar xf harbor-offline-installer-v1.5.0.tgz -C /data/install/
[root@192 ~]# cd /data/install/harbor/
[root@192 harbor]# vim harbor.cfg

[ root@Harbor ~]# curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose    #安装docker-compose命令

[root@192 bin]# chmod +x docker-compose

[root@192 bin]# mv docker-compose /usr/bin/

[root@192 bin]# which docker-compose
/usr/bin/docker-compose
[root@192 bin]# docker-compose --version
docker-compose version 1.21.2, build a133471
[root@192 harbor]# ./install.sh --with-notary --with-clair

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://www.yunjisuan.com.
For more details, please visit https://github.com/vmware/harbor .  #显示这个即可
#用户名：admin 密码：Harbor12345

#改好以后点击保存

[root@192 ~]# docker login 192.168.200.217   #这里报错是正常的，的用域名访问
Username: admin
Password:
Error response from daemon: Get https://192.168.200.217/v1/users/: x509: cannot validate certificate for 192.168.200.217 because it doesn't contain any IP SANs

[root@192 ~]# echo '192.168.200.217 www.yunjisuan.com'>>/etc/hosts

[root@192 ~]# docker login -uadmin -pHarbor12345 www.yunjisuan.com
Login Succeeded

[root@192 ~]# docker images #查看镜像
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
vmware/redis-photon           v1.5.0              7c03076402d9        5 years ago         207 MB
vmware/clair-photon           v2.0.1-v1.5.0       7ae4e0670a3f        5 years ago         301 MB
vmware/notary-server-photon   v0.5.1-v1.5.0       0b2b23300552        5 years ago         211 MB
vmware/notary-signer-photon   v0.5.1-v1.5.0       67c41b4a1283        5 years ago         209 MB
vmware/registry-photon        v2.6.2-v1.5.0       3059f44f4b9a        5 years ago         198 MB
vmware/nginx-photon           v1.5.0              e100456182fc        5 years ago         135 MB
vmware/harbor-log             v1.5.0              62bb6b8350d9        5 years ago         200 MB
vmware/harbor-jobservice      v1.5.0              aca9fd2e867f        5 years ago         194 MB
vmware/harbor-ui              v1.5.0              1055166068d0        5 years ago         212 MB
vmware/harbor-adminserver     v1.5.0              019bc4544829        5 years ago         183 MB
vmware/harbor-db              v1.5.0              82354dcf564f        5 years ago         526 MB
vmware/mariadb-photon         v1.5.0              403e7e656499        5 years ago         526 MB
vmware/postgresql-photon      v1.5.0              35c891dea9cf        5 years ago         221 MB
vmware/harbor-migrator        v1.5.0              466c57ab0dc3        5 years ago         1.16 GB
vmware/photon                 1.0                 4b481ecbef2a        5 years ago         130 MB

 

 

 

标签：ssl,harbor,com,私有,docker,root,bogon,yunjisuan
From： https://www.cnblogs.com/caizongzi/p/17983307