%title缩略图

第一步:下载镜像包

https://github.com/goharbor/harbor/releases

%title插图%num

上传至服务器,并解压:

tar zxvf harbor-offline-installer-v1.10.0-rc2.tgz

cd harbor && mkdir ssl && cd ssl

生成根证书和认证key:

openssl genrsa -out ca.key 4096

========================================================

openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=ABC/OU=ABC/CN= registry.abc.com " \
-key ca.key \
-out ca.crt

========================================================

openssl genrsa -out registry.abc.com.key 4096

========================================================

openssl req -sha512 -new \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=abc/OU=abc/CN= registry.abc.com " \
-key registry.abc.com.key \
-out registry.abc.com.csr

========================================================

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]

DNS.1=registry.abc.com
DNS.2=k8s-master
EOF

========================================================

openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.abc.com.csr \
-out registry.abc.com.crt

========================================================

修改配置文件参数:

vi harbor.yml

harbor_admin_password: 123456 (配置门户登录密码)

certificate: /root/harbor/ssl/registry.abc.com.crt (指定自定义签名证书路径)
private_key: /root/harbor/ssl/registry.abc.com.key (指定自定义证书key路径)

执行准备: ./prepare

开始安装:./install.sh

创建网站对应目录,并拷贝证书到 /etc/docker/certs.d/registry.abc.com 目录下

mkdir -p /etc/docker/certs.d/registry.abc.com

cp /root/harbor/ssl/* /etc/docker/certs.d/registry.abc.com/.

测试登录:

docker login registry.abc.com

输入账户:admin

密码: 12345

%title插图%num

门户登录: https://registry.abc.com

%title插图%num

作者 匿名

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

15 + 17 =