官方文档入口

配置

1
2
3
4
5
6
7

wget https://github.com/goharbor/harbor/releases/download/v2.5.0/harbor-offline-installer-v2.5.0.tgz

tar zxf harbor-offline-installer-v2.5.0.tgz && cd harbor

cp harbor.yml.tmpl harbor.yml

参考openssl自签名证书

1
2
3
4
5
6
7
8
9

sudo mkdir -p /data/harbor/cert
sudo cp mkl.io.key mkl.io.crt /data/harbor/cert

openssl x509 -inform PEM -in mkl.io.crt -out mkl.io.cert
sudo mkdir -p /etc/docker/certs.d/harbor.mkl.io
sudo cp {ca.crt,mkl.io.key,mkl.io.cert} /etc/docker/certs.d/harbor.mkl.io

#好像不用重启
#sudo systemctl restart docker

需要使用此镜像仓库的节点，信任CA证书即可

1
2

sudo mkdir -p /etc/docker/certs.d/harbor.mkl.io
sudo wget http://mkl.io/downloads/ssl/ca.crt -O /etc/docker/certs.d/harbor.mkl.io/ca.crt

harbor.yml参考

hostname: harbor.mkl.io
http:
  port: 8082
https:
  port: 8446
  certificate: /data/harbor/cert/mkl.io.crt
  private_key: /data/harbor/cert/mkl.io.key
external_url: https://harbor.mkl.io
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 100
  max_open_conns: 900
data_volume: /data/harbor

运行

1
2

sudo ./install.sh
sudo docker-compose up -d

如果修改harbor.yml后，需重新配置

1
2
3

sudo ./prepare
sudo docker-compose down -v
sudo docker-compose up -d

踩坑

报错：

yanyong@newmaster:~/harbor/harbor$ sudo docker push harbor.mkl.io/library/nginx:alpine
The push refers to repository [harbor.mkl.io/library/nginx]
6fda88393b8b: Pushing [==================================================>]  7.168kB
a770f8eba3cb: Preparing 
318191938fd7: Pushing [==================================================>]  4.096kB
89f4d03665ce: Preparing 
67bae81de3dc: Preparing 
8d3ac3489996: Waiting 
unauthorized: unauthorized to access repository: library/nginx, action: push: unauthorized to access repository: library/nginx, action: push

解决办法：

proxy_http_version                 1.1;
proxy_cache_bypass                 $http_upgrade;

# Proxy headers
proxy_set_header Upgrade           $http_upgrade;
proxy_set_header Connection        $connection_upgrade;
proxy_set_header Host              $host;
proxy_set_header X-Real-IP         $remote_addr;
#proxy_set_header Forwarded         $proxy_add_forwarded;
proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host  $host;
proxy_set_header X-Forwarded-Port  $server_port;

# Proxy timeouts
proxy_connect_timeout              3600s;
proxy_send_timeout                 3600s;
proxy_read_timeout                 3600s;