1、系统环境及软件版本(本系统为X86架构)
2、系统安装前准备
修改系统名称
# 修改系统主机名称
hostnamectl set-hostname harbor
# 配置域名解析
echo "192.168.8.182 slw.harbor.cn" >> /etc/hosts
# 安装必要软件包
dnf install vim curl wget -y3、离线安装docker
转到 https://download.docker.com/linux/static/stable/,选择您的硬件平台,然后下载与要安装的 Docker Engine 版本相关的 .tgz 文件。
# 下载二进制安装包
wget https://download.docker.com/linux/static/stable/x86_64/docker-28.0.4.tgz
# 解压压缩包
tar zxf docker-28.0.4.tgz
# 存放到系统可执行目录
cp docker/* /usr/bin/
编写docker.service 文件加入Linux服务当中并开启守护进程
cat >> /etc/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service time-set.target
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
# TasksMax=infinity
# Older systemd versions default to a LimitNOFILE of 1024:1024, which is insufficient for many
# applications including dockerd itself and will be inherited. Raise the hard limit, while
# preserving the soft limit for select(2).
#LimitNOFILE=1024:524288
LimitNOFILE=524288
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
EOF设置开机自启动
systemctl daemon-reload
systemctl enable --now docker.service
# 查看系统状态
systemctl status docker.service安装docker compose
mkdir -p /usr/local/lib/docker/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.36.2/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
docker compose version
4、离线安装harbor
去 Harbor releases page. 寻找离线安装包
我们此处选择下载2.13.2的安装包
wget https://github.com/goharbor/harbor/releases/download/v2.13.2/harbor-offline-installer-v2.13.2.tgz
tar zxf harbor-offline-installer-v2.13.2.tgz
配置HTTPS访问
mkdir -p harborcrt
cd harborcrt
# 配置ca证书私钥
[root@harbor harborcrt]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
....................................++++
.........................................................................++++
e is 65537 (0x010001)
# 生成ca证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=MyPersonal Root CA" \
-key ca.key \
-out ca.crt
# 生成服务器证书,此步骤会生成一个crt文件和一个key文件
# 生成证书私钥
[root@harbor harborcrt]# openssl genrsa -out slw.harbor.cn.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
....................++++
...........................................................................................................................................................++++
e is 65537 (0x010001)
# 生成csr文件
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=slw.harbor.cn" \
-key slw.harbor.cn.key \
-out slw.harbor.cn.csr
# 生成X509 V3文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=slw.harbor.cn
DNS.2=harbor
EOF
# 使用 v3.ext 文件为您的 Harbor 主机生成证书
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in slw.harbor.cn.csr \
-out slw.harbor.cn.crt向harbor和docker提供证书
mkdir -p /data/cert/
cp slw.harbor.cn.crt /data/cert
cp slw.harbor.cn.key /data/cert
# 证书转化
openssl x509 -inform PEM -in slw.harbor.cn.crt -out slw.harbor.cn.cert
mkdir -p /etc/docker/certs.d/slw.harbor.cn/
cp slw.harbor.cn.cert /etc/docker/certs.d/slw.harbor.cn/
cp slw.harbor.cn.key /etc/docker/certs.d/slw.harbor.cn/
cp ca.crt /etc/docker/certs.d/slw.harbor.cn/
# 重启docker
systemctl restart docker
修改配置文件
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
hostname: slw.harbor.cn
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/slw.harbor.cn.crt
private_key: /data/cert/slw.harbor.cn.key
安装harbor
./prepare && ./install.sh