从官方下载这个https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-offline-installer-v2.13.1.tgz
shitou@shitou:~$ sudo tar -zxvf harbor-offline-installer-v2.13.1.tgz
harbor/harbor.v2.13.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
解压之后呢,就是进入文件夹
shitou@shitou:~$ ls
adminhome jx
amprobe kickstart.sh
bk kubeadm-config.yaml
cri-dockerd_0.3.19.3-0.ubuntu-bionic_amd64.deb mysql_8.1.0.tar
data Netdata
docker registry
go registry.sh
halo shitou
halohub.2.21.6.tar ub
harbor ubuntu
harbor-offline-installer-v2.13.1.tgz ubuntu.sources.list
hub usr.sbin.libvirtd
installer
shitou@shitou:~$ cd harbor/
shitou@shitou:~/harbor$ ls
common.sh harbor.v2.13.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
cp -r /home/shitou/harbor /home/shitou/harbor.bf
复制一下做个备份,shitou@shitou:~/harbor$ sudo cat harbor.yml
hostname: registry.local
https:
port: 443
certificate: /etc/docker/certs.d/registry.local:443/registry.crt
private_key: /etc/docker/certs.d/registry.local:443/registry.key
harbor_admin_password: YourPassword123
data_volume: /home/shitou/harbor
hostname: registry.local定义 Harbor 镜像仓库的主机名(或域名)。
客户端(如 Docker)需要通过这个主机名访问 Harbor(例如
docker push registry.local/your-image:tag)。需确保客户端能解析这个主机名(可通过修改
/etc/hosts或 DNS 配置实现)。
https部分
配置 Harbor 的 HTTPS 加密通信(Harbor 推荐使用 HTTPS 保证安全性):port: 443:HTTPS 协议的默认端口(标准端口,客户端访问时可省略端口号)。certificate: /etc/docker/certs.d/registry.local:443/registry.crt:指定 SSL 证书的路径。
这个证书用于证明registry.local这个主机名的合法性,客户端会验证证书以确保通信安全。private_key: /etc/docker/certs.d/registry.local:443/registry.key:指定 SSL 证书对应的私钥路径。
私钥用于解密客户端发送的加密数据,需妥善保管,不能泄露。
harbor_admin_password: YourPassword123定义 Harbor 管理员(admin 用户)的初始登录密码。
首次登录 Harbor 的 Web 界面或通过 API 操作时,需使用此密码,建议部署后及时修改为强密码。
data_volume: /home/shitou/Harbor指定 Harbor 的数据存储目录。
Harbor 运行时会产生大量数据(如镜像文件、数据库数据、日志等),都会保存在这个目录下。
建议将此目录挂载到容量较大的磁盘,避免数据存储不足。
创建证书文件夹,
创建私钥,
然后创建证书,
验证证书文件文件如下操作
shitou@shitou:~/harbor$ sudo mkdir -p /etc/docker/certs.d/registry.local:443/
shitou@shitou:~/harbor$ sudo openssl genrsa -out /etc/docker/certs.d/registry.local:443/registry.key 2048
shitou@shitou:~/harbor$ sudo openssl req -new -x509 -days 3650 -key /etc/docker/certs.d/registry.local:443/registry.key \
-out /etc/docker/certs.d/registry.local:443/registry.crt \
-subj "/C=CN/ST=YourProvince/L=YourCity/O=YourCompany/OU=YourDepartment/CN=registry.local"
shitou@shitou:~/harbor$ ls -l /etc/docker/certs.d/registry.local:443/
total 8
-rw-r--r-- 1 root root 1403 Aug 21 10:28 registry.crt
-rw------- 1 root root 1704 Aug 21 10:23 registry.key
将证书添加到系统级的信任证书库,让所有应用(包括 Docker)都信任该证书
sudo cp /etc/docker/certs.d/registry.local:443/registry.crt /etc/docker/certs.d/registry.local:443/
cp: '/etc/docker/certs.d/registry.local:443/registry.crt' and '/etc/docker/certs.d/registry.local:443/registry.crt' are the same file
shitou@shitou:~/harbor$ sudo cp /etc/docker/certs.d/registry.local:443/registry.crt /usr/local/share/ca-certificates/
shitou@shitou:~/harbor$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
shitou@shitou:~/harbor$ sudo systemctl restart docker
sudo ./prepare
prepare base dir is set to /home/shitou/harbor
Unable to find image 'goharbor/prepare:v2.13.1' locally
shitou@shitou:~/harbor$ pwd
/home/shitou/harbor
shitou@shitou:~/harbor$ sudo ./prepare
prepare base dir is set to /home/shitou/harbor
Unable to find image 'goharbor/prepare:v2.13.1' locally
v2.13.1: Pulling from goharbor/prepare
259e20632a89: Pull complete
7d3ece46a4c5: Pull complete
c1722bb1f878: Pull complete
8f5bfd06b81e: Pull complete
f798554d9e78: Pull complete
e391babcfe75: Pull complete
c79e2a1b427f: Pull complete
5b50d84a3d92: Pull complete
7f20adbb65c4: Pull complete
99c1d7ada9b9: Pull complete
Digest: sha256:4f4ea8cb379f8bcc61992bfe07b7abb661684223bdc2af14cb87727f912f3be0
Status: Downloaded newer image for goharbor/prepare:v2.13.1
Traceback (most recent call last):
File "/usr/src/app/main.py", line 15, in <module>
cli()
File "/usr/lib/python3.11/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/app/commands/prepare.py", line 33, in prepare
config_dict = parse_yaml_config(conf, with_trivy=with_trivy)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/app/utils/configs.py", line 225, in parse_yaml_config
config_dict['max_job_workers'] = js_config["max_job_workers"]
~~~~~~~~~^^^^^^^^^^^^^^^^^^^
KeyError: 'max_job_workers'
启动
shitou@shitou:~/harbor$ sudo ./install.sh
sudo ./install/sh启动仓库
报错
shitou@shitou:~/harbor$ sudo ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 28.3.3
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.39.1
[Step 2]: loading Harbor images ...
a1c062b75037: Loading layer 112.5MB/112.5MB
Loaded image: goharbor/nginx-photon:v2.13.1
0313db149044: Loading layer 8.661MB/8.661MB
979a1d806ec4: Loading layer 4.096kB/4.096kB
95fcbc8f5e7d: Loading layer 3.072kB/3.072kB
1563cc5ca85f: Loading layer 18.22MB/18.22MB
9052cd037f14: Loading layer 19.01MB/19.01MB
Loaded image: goharbor/registry-photon:v2.13.1
2a74242fce76: Loading layer 9.154MB/9.154MB
7051c425c9f6: Loading layer 4.096kB/4.096kB
09bf6325cada: Loading layer 3.072kB/3.072kB
62bfb82cbb95: Loading layer 152.9MB/152.9MB
88175ab477ee: Loading layer 15.55MB/15.55MB
def8aedceb03: Loading layer 169.3MB/169.3MB
Loaded image: goharbor/trivy-adapter-photon:v2.13.1
129a0c114767: Loading layer 16.74MB/16.74MB
5d882b32fd1d: Loading layer 175.4MB/175.4MB
bb5aed1e6368: Loading layer 26.55MB/26.55MB
6e3e69b3fa5d: Loading layer 18.81MB/18.81MB
87b25df5bc9d: Loading layer 5.12kB/5.12kB
2df2b670a3fd: Loading layer 6.144kB/6.144kB
c7bc696996b7: Loading layer 3.072kB/3.072kB
7464dffdebc4: Loading layer 2.048kB/2.048kB
f2bf3eb38932: Loading layer 2.56kB/2.56kB
eb18adfd748d: Loading layer 14.85kB/14.85kB
Loaded image: goharbor/harbor-db:v2.13.1
668f8134d9ee: Loading layer 8.661MB/8.661MB
136a010438aa: Loading layer 4.096kB/4.096kB
13ecff9c6c3c: Loading layer 18.22MB/18.22MB
9175e80e9d6c: Loading layer 3.072kB/3.072kB
e3fa69edda63: Loading layer 37.94MB/37.94MB
0fae968fe6dc: Loading layer 56.95MB/56.95MB
Loaded image: goharbor/harbor-registryctl:v2.13.1
484fc2e66f7a: Loading layer 11.61MB/11.61MB
9728d2f8d35e: Loading layer 38.17MB/38.17MB
042d109f1f08: Loading layer 4.608kB/4.608kB
55e101fed5da: Loading layer 38.96MB/38.96MB
Loaded image: goharbor/harbor-exporter:v2.13.1
6df01472c12f: Loading layer 16.74MB/16.74MB
1ca8d10018a5: Loading layer 110.6MB/110.6MB
dc97fcdae1e6: Loading layer 3.072kB/3.072kB
0f4f6ee28fb0: Loading layer 59.9kB/59.9kB
d7c041e4d4c7: Loading layer 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.13.1
1ee71c057d05: Loading layer 11.61MB/11.61MB
6ed9dc4c93ef: Loading layer 3.584kB/3.584kB
4fb3c4dc127f: Loading layer 2.56kB/2.56kB
7a90943a3266: Loading layer 61.27MB/61.27MB
692a3cf4d69a: Loading layer 62.06MB/62.06MB
Loaded image: goharbor/harbor-jobservice:v2.13.1
Loaded image: goharbor/prepare:v2.13.1
8e54ebad2e30: Loading layer 112.5MB/112.5MB
fcddba002ec2: Loading layer 6.835MB/6.835MB
f189708e4ec1: Loading layer 252.9kB/252.9kB
12a44914e0ce: Loading layer 1.539MB/1.539MB
Loaded image: goharbor/harbor-portal:v2.13.1
d7b9b7bbef30: Loading layer 11.61MB/11.61MB
bbf71872cc8e: Loading layer 3.584kB/3.584kB
ed64e383afa8: Loading layer 2.56kB/2.56kB
06299919dcf1: Loading layer 72.79MB/72.79MB
a526ab30ecef: Loading layer 5.632kB/5.632kB
3a688ffbe170: Loading layer 128kB/128kB
71a181ad7580: Loading layer 209.9kB/209.9kB
3dfba38dce7a: Loading layer 73.92MB/73.92MB
3e180e143141: Loading layer 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.13.1
7713ddec7223: Loading layer 125.3MB/125.3MB
7cc1fa8f95b9: Loading layer 3.584kB/3.584kB
6618ef51f460: Loading layer 3.072kB/3.072kB
1c2336412318: Loading layer 2.56kB/2.56kB
1a0f2bad6ce4: Loading layer 3.072kB/3.072kB
361f15319e64: Loading layer 3.584kB/3.584kB
f7e7f16d4ceb: Loading layer 20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.13.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /home/shitou/harbor
Traceback (most recent call last):
File "/usr/src/app/main.py", line 15, in <module>
cli()
File "/usr/lib/python3.11/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/app/commands/prepare.py", line 33, in prepare
config_dict = parse_yaml_config(conf, with_trivy=with_trivy)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/app/utils/configs.py", line 225, in parse_yaml_config
config_dict['max_job_workers'] = js_config["max_job_workers"]
~~~~~~~~~^^^^^^^^^^^^^^^^^^^
KeyError: 'max_job_workers'
shitou@shitou:~/harbor$ sudo rm -rf /etc/docker/certs.d/registry.local:443
shitou@shitou:~/harbor$ sudo mkdir -p /etc/docker/certs.d/192.168.31.19:443
shitou@shitou:~/harbor$ sudo openssl genrsa -out /etc/docker/certs.d/192.168.31.19:443/registry.key 2048
shitou@shitou:~/harbor$ sudo openssl req -new -key /etc/docker/certs.d/192.168.31.19:443/registry.key -out /tmp/registry.csr \
-subj "/C=CN/ST=YourProvince/L=YourCity/O=YourCompany/OU=YourDepartment/CN=192.168.31.19"
shitou@shitou:~/harbor$ sudo openssl x509 -req -days 3650 -in /tmp/registry.csr -signkey /etc/docker/certs.d/192.168.31.19:443/registry.key \
-out /etc/docker/certs.d/192.168.31.19:443/registry.crt
Certificate request self-signature ok
subject=C = CN, ST = YourProvince, L = YourCity, O = YourCompany, OU = YourDepartment, CN = 192.168.31.19
shitou@shitou:~/harbor$ sudo rm /tmp/registry.csr
sudo ./prepare
cd ~/harbor
sudo docker compose up -d
在 ~/harbor 目录执行 sudo docker compose down -v && sudo docker compose up -d 即可shitou@shitou:~/harbor$ cat docker-compose.yml
services:
log:
image: goharbor/harbor-log:v2.13.1
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.13.1
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/harbor_data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /var/harbor_data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.13.1
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/harbor_data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.13.1
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/harbor_data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.13.1
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /var/harbor_data/ca_download/:/etc/core/ca/:z
- /var/harbor_data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /var/harbor_data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /var/harbor_data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.13.1
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.13.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/harbor_data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.13.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/harbor_data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.13.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- /var/harbor_data/secret/cert:/etc/cert:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
- 443:8443
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: false
最后是再其他客户端
shitou@aishitou:~$ sudo mkdir -p /etc/docker/certs.d/192.168.31.19:443
[sudo] password for shitou:
shitou@aishitou:~$ sudo scp shitou@192.168.31.19:/etc/docker/certs.d/192.168.31.19:443/registry.crt /etc/docker/certs.d/192.168.31.19:443/
The authenticity of host '192.168.31.19 (192.168.31.19)' can't be established.
ED25519 key fingerprint is SHA256:2W8bDIh1As1xJWGSxNtVlR3u+qgZQRIppgPbHyJhwis.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.31.19' (ED25519) to the list of known hosts.
shitou@192.168.31.19's password:
registry.crt 100% 1277 531.8KB/s 00:00
shitou@aishitou:~$ sudo systemctl restart docker
