第一步：下载镜像包

https://github.com/goharbor/harbor/releases

上传至服务器，并解压：

tar zxvf harbor-offline-installer-v1.10.0-rc2.tgz

cd harbor && mkdir ssl && cd ssl

生成根证书和认证key：

openssl genrsa -out ca.key 4096

========================================================

openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=ABC/OU=ABC/CN= registry.abc.com " \
-key ca.key \
-out ca.crt

========================================================

openssl genrsa -out registry.abc.com.key 4096

========================================================

openssl req -sha512 -new \
-subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=abc/OU=abc/CN= registry.abc.com " \
-key registry.abc.com.key \
-out registry.abc.com.csr

========================================================

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]

DNS.1=registry.abc.com
DNS.2=k8s-master
EOF

========================================================

openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.abc.com.csr \
-out registry.abc.com.crt

========================================================

修改配置文件参数：

vi harbor.yml

harbor_admin_password: 123456 (配置门户登录密码)

certificate: /root/harbor/ssl/registry.abc.com.crt （指定自定义签名证书路径）
private_key: /root/harbor/ssl/registry.abc.com.key （指定自定义证书key路径）

执行准备： ./prepare

开始安装：./install.sh

创建网站对应目录，并拷贝证书到 /etc/docker/certs.d/registry.abc.com 目录下

mkdir -p /etc/docker/certs.d/registry.abc.com

cp /root/harbor/ssl/* /etc/docker/certs.d/registry.abc.com/.

测试登录：

docker login registry.abc.com

输入账户：admin

密码： 12345

门户登录： https://registry.abc.com