震惊！不掺杂一点水分的docker harbor搭建干货！

生产环境docker harbor搭建

环境已包含docker和docker-compose

下载docker harbor

下载地址：https://github.com/goharbor/harbor/releases/

修改配置文件并安装

root@harbor:/opt# tar zxf harbor-online-installer-v2.10.2.tgz 
root@harbor:/opt# cd harbor/
root@harbor:/opt/harbor# vim harbor.yml
#只列出修改项，密码之类的自己改
hostname: XXX.XXX.XXX	#修改为域名
http:
  port: 80
#证书直接使用域名证书即可
https:
  port: 443
  certificate: /usr/local/nginx/conf/vhost/ssl_cert/XXX.pem
  private_key: /usr/local/nginx/conf/vhost/ssl_cert/XXX.key
#数据安装目录，不修改默认为/data
data_volume: /images
#开始安装，执行完毕后docker harbor是开启状态。
root@harbor:/opt/harbor# ./install.sh

harbor的启动与停止

#启动
root@harbor:/opt/harbor# docker-compose stop
#停止
root@harbor:/opt/harbor# docker-compose start

本地登录

root@harbor:/opt/harbor# docker login dev-harbor.goliveplus.cn
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传镜像

root@harbor:/opt/harbor# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED       SIZE
goharbor/redis-photon         v2.10.2   9d1db211d49a   7 weeks ago   170MB
goharbor/harbor-registryctl   v2.10.2   e5a807ba1f59   7 weeks ago   155MB
goharbor/registry-photon      v2.10.2   850d2b3f27f3   7 weeks ago   89MB
goharbor/nginx-photon         v2.10.2   9282c21c2fee   7 weeks ago   159MB
goharbor/harbor-log           v2.10.2   f288fe2baa96   7 weeks ago   168MB
goharbor/harbor-jobservice    v2.10.2   a3247b57a920   7 weeks ago   146MB
goharbor/harbor-core          v2.10.2   6cd434d62456   7 weeks ago   174MB
goharbor/harbor-portal        v2.10.2   7e5a522c7853   7 weeks ago   167MB
goharbor/harbor-db            v2.10.2   cd385df354d4   7 weeks ago   274MB
goharbor/prepare              v2.10.2   bf4632d26b65   7 weeks ago   214MB
#我们找个最小的push，记得把XXX.XXX.XXX换成域名
root@harbor:/opt/harbor# docker tag goharbor/registry-photon:v2.10.2 XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
root@harbor:/opt/harbor# docker push XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
The push refers to repository [XXX.XXX.XXX/library/goharbor/registry-photon]
0cfb29c07835: Pushed 
971632584e63: Pushed 
f51244ac7c03: Pushed 
e3ef818740f3: Pushed 
1a53aa673223: Pushed 
55596c913966: Pushed 
v2.10.2: digest: sha256:ef75a1f4fd0fa5cf5a01af40e56ed767e84e246325ce93098864a61d371dbca7 size: 1576

下载镜像

root@harbor:/opt/harbor# docker images
REPOSITORY                                                  TAG       IMAGE ID       CREATED       SIZE
………………
XXX.XXX.XXX/library/goharbor/registry-photon   v2.10.2   850d2b3f27f3   7 weeks ago   89MB
………………
root@harbor:/opt/harbor# docker rmi XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
Untagged: XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
Untagged: XXX.XXX.XXX/library/goharbor/registry-photon@sha256:ef75a1f4fd0fa5cf5a01af40e56ed767e84e246325ce93098864a61d371dbca7
root@harbor:/opt/harbor# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED       SIZE
goharbor/redis-photon         v2.10.2   9d1db211d49a   7 weeks ago   170MB
goharbor/harbor-registryctl   v2.10.2   e5a807ba1f59   7 weeks ago   155MB
goharbor/registry-photon      v2.10.2   850d2b3f27f3   7 weeks ago   89MB
goharbor/nginx-photon         v2.10.2   9282c21c2fee   7 weeks ago   159MB
goharbor/harbor-log           v2.10.2   f288fe2baa96   7 weeks ago   168MB
goharbor/harbor-jobservice    v2.10.2   a3247b57a920   7 weeks ago   146MB
goharbor/harbor-core          v2.10.2   6cd434d62456   7 weeks ago   174MB
goharbor/harbor-portal        v2.10.2   7e5a522c7853   7 weeks ago   167MB
goharbor/harbor-db            v2.10.2   cd385df354d4   7 weeks ago   274MB
goharbor/prepare              v2.10.2   bf4632d26b65   7 weeks ago   214MB
root@harbor:/opt/harbor# docker pull XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
v2.10.2: Pulling from library/goharbor/registry-photon
Digest: sha256:ef75a1f4fd0fa5cf5a01af40e56ed767e84e246325ce93098864a61d371dbca7
Status: Downloaded newer image for XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
root@harbor:/opt/harbor# docker images
REPOSITORY                                                  TAG       IMAGE ID       CREATED       SIZE
………………
XXX.XXX.XXX/library/goharbor/registry-photon   v2.10.2   850d2b3f27f3   7 weeks ago   89MB
………………

nginx反向代理配置

#因为是生产环境，肯定会有互联网服务器的连接，所以要使用nginx代理出来
#我的harbor是部署在内网中的，我们有一个总代理服务器，接下来的操作在总代理服务器上进行
[root@proxy:/usr/local/nginx/conf/vhost]# cat harbor.conf
server{
  listen  443  ssl;
  listen 80;
  server_name XXX.XXX.XXX;
  
  ssl_certificate  /usr/local/nginx/conf/vhost/ssl_cert/XXX.XXX.XXX.pem;
  ssl_certificate_key /usr/local/nginx/conf/vhost/ssl_cert/XXX.XXX.XXX.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
  ssl_prefer_server_ciphers on;

  location  /  {
        proxy_pass  https://XXX.XXX.XXX;	#注意了，这里用harbor内部配置的域名，并且要在/etc/hosts添加解析。
        #这里解释下上面操作，
        client_max_body_size 0;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect http:// $scheme://;
    }

  error_log  /home/wwwlogs/XXX.XXX.XXX.log;
}

这里解释下上面代理的操作，我们的最终目的是要互联网服务器可以上传下载镜像，那么就需要把harbor代理出去。

所以首先我们要做公网DNS解析。

配置文件里的反向代理模块之所以用https域名，是因为harbor需要使用https登录，这就是我们之前在配置文件中为什么设置的hosts是域名，并且使用ssl证书的原因。

接下来就绕起来了，我们不可能让反向代理再代理回公网解析，所以我们要在/etc/hosts下添加一个内网解析，这样就形成了闭环。

互联网访问——>DNS解析——>反向代理服务器——>内网hosts解析——>harbor

注意：有内网DNS服务器的朋友就当我上面的话是放屁，也是这个思路。

局域网服务器

登录

#必须添加内网解析
[root@test:~]# vim /etc/hosts
192.168.33.23   XXX.XXX.XXX
[root@test:~]# docker login XXX.XXX.XXX
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传

[root@test:~]# docker tag mysql:5.7.28 XXX.XXX.XXX/library/mysql:5.7.28
[root@test:~]# docker push XXX.XXX.XXX/library/mysql:5.7.28
The push refers to repository [XXX.XXX.XXX/library/mysql]
ab91c8a5ef0a: Pushed
ce4569bf481c: Pushed
17d2117d1ff3: Pushed
400dd8938406: Pushed
2a60eb850753: Pushed
cf6a13051478: Pushed
fef9e518b701: Pushed
955b4c88a6e8: Pushed
61cb1c0dec27: Pushed
25575e327c84: Pushed
814c70fdae62: Pushed
5.7.28: digest: sha256:47960a0280616cfab409e46d2891cbd3c98cb6c30ecf4d0821bcb1a18d441d8e size: 2622

下载

[root@auto-test-platform ~]# docker pull XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
v2.10.2: Pulling from library/goharbor/registry-photon
969313660a9f: Pull complete
d077295f5c3c: Pull complete
f613da2476f0: Pull complete
208d43a03046: Pull complete
a077239278a5: Pull complete
126bfe830544: Pull complete
Digest: sha256:ef75a1f4fd0fa5cf5a01af40e56ed767e84e246325ce93098864a61d371dbca7
Status: Downloaded newer image for XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
[root@auto-test-platform ~]# docker images
REPOSITORY                                                          TAG               IMAGE ID       CREATED         SIZE
XXX.XXX.XXX/library/goharbor/registry-photon           v2.10.2           850d2b3f27f3   7 weeks ago     89MB
XXX.XXX.XXX/library/mysql                              5.7.28            db39680b63ac   4 years ago     437MB
mysql                                                               5.7.28            db39680b63ac   4 years ago     437MB

互联网服务器

登录

#互联网环境就不需要添加/etc/hosts了
[root@ECS ~]# docker login  XXX.XXX.XXX
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传

[root@ECS ~]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED         SIZE
openjdk            8         b273004037cc   22 months ago   526MB
[root@ECS ~]# docker tag openjdk:8 XXX.XXX.XXX/library/openjdk:8
[root@ECS ~]# docker push XXX.XXX.XXX/library/openjdk:8
The push refers to repository [XXX.XXX.XXX/library/openjdk]
6b5aaff44254: Pushed
53a0b163e995: Pushed
b626401ef603: Pushed
9b55156abf26: Pushed
293d5db30c9f: Pushed
03127cdb479b: Pushed
9c742cd6c7a5: Pushed
8: digest: sha256:3af2ac94130765b73fc8f1b42ffc04f77996ed8210c297fcfa28ca880ff0a217 size: 1795

下载

[root@ECS ~]# docker pull XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
v2.10.2: Pulling from library/goharbor/registry-photon
969313660a9f: Pull complete
d077295f5c3c: Pull complete
f613da2476f0: Pull complete
208d43a03046: Pull complete
a077239278a5: Pull complete
126bfe830544: Pull complete
Digest: sha256:ef75a1f4fd0fa5cf5a01af40e56ed767e84e246325ce93098864a61d371dbca7
Status: Downloaded newer image for XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
XXX.XXX.XXX/library/goharbor/registry-photon:v2.10.2
[root@ECS ~]# docker images
REPOSITORY                                                  TAG       IMAGE ID       CREATED         SIZE
XXX.XXX.XXX/library/goharbor/registry-photon   v2.10.2   850d2b3f27f3   7 weeks ago     89MB
XXX.XXX.XXX/library/openjdk                    8         b273004037cc   22 months ago   526MB
openjdk                                                     8         b273004037cc   22 months ago   526MB

web界面登录

这里就在浏览器里输入域名就可以，刚才我们上传的所有镜像都能在里面看到。