第一步:下载镜像包
https://github.com/goharbor/harbor/releases
上传至服务器,并解压:
tar zxvf harbor-offline-installer-v1.10.0-rc2.tgz
cd harbor && mkdir ssl && cd ssl
生成根证书和认证key:
openssl genrsa -out ca.key 4096
========================================================
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=ABC/OU=ABC/CN= registry.abc.com " \
-key ca.key \
-out ca.crt
========================================================
openssl genrsa -out registry.abc.com.key 4096
========================================================
openssl req -sha512 -new \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=abc/OU=abc/CN= registry.abc.com " \
-key registry.abc.com.key \
-out registry.abc.com.csr
========================================================
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=registry.abc.com
DNS.2=k8s-master
EOF
========================================================
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.abc.com.csr \
-out registry.abc.com.crt
========================================================
修改配置文件参数:
vi harbor.yml
harbor_admin_password: 123456 (配置门户登录密码)
certificate: /root/harbor/ssl/registry.abc.com.crt (指定自定义签名证书路径)
private_key: /root/harbor/ssl/registry.abc.com.key (指定自定义证书key路径)
执行准备: ./prepare
开始安装:./install.sh
创建网站对应目录,并拷贝证书到 /etc/docker/certs.d/registry.abc.com 目录下
mkdir -p /etc/docker/certs.d/registry.abc.com
cp /root/harbor/ssl/* /etc/docker/certs.d/registry.abc.com/.
测试登录:
docker login registry.abc.com
输入账户:admin
密码: 12345
门户登录: https://registry.abc.com
