安装Harbor

#来源教程
https://blog.csdn.net/xixihahalelehehe/article/details/144217850?ops_request_misc=%257B%2522request%255Fid%2522%253A%25222f6bb3e4dbcecfe68e7ebd197138d799%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=2f6bb3e4dbcecfe68e7ebd197138d799&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-5-144217850-null-null.nonecase&utm_term=harbor%20&spm=1018.2226.3001.4450

# https://www.cnblogs.com/kevingrace/p/6547616.html

ubuntu@ubuntu:~/.docker$ cat /etc/docker/daemon.json
{
    "registry-mirrors": [
    "https://docker.registry.cyou",
    "https://docker-cf.registry.cyou",
    "https://dockercf.jsdelivr.fyi",
    "https://docker.jsdelivr.fyi",
    "https://dockertest.jsdelivr.fyi",
    "https://mirror.aliyuncs.com",
    "https://dockerproxy.com",
    "https://mirror.baidubce.com",
    "https://docker.m.daocloud.io",
    "https://docker.nju.edu.cn",
    "https://docker.mirrors.sjtug.sjtu.edu.cn",
    "https://docker.mirrors.ustc.edu.cn",
    "https://mirror.iscas.ac.cn",
    "https://docker.rainbond.cc"
  ]
}

# 找一个最新的即可
sudo curl -L "https://github.com/goharbor/harbor/releases/download/v2.8.3/harbor-offline-installer-v2.8.3.tgz" -o harbor-offline-installer-v2.8.3.tgz

# 解压
 tar xzvf harbor-offline-installer-v2.8.3.tgz

# 源文件
ls harbor
common.sh  harbor.v2.8.3.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
# 复制配件
cp harbor.yml.tmpl harbor.yml

  port: 88 # 本来是80的
    certificate: /data/cert/harbor.demo.com.crt
  private_key: /data/cert/harbor.demo.com.key
  data_volume: /data

ubuntu@ubuntu:~/.docker$ cat /etc/hosts

127.0.0.1 harbor.demo.com

$ vim harbor.yml
hostname: harbor.demo.com
http:
  port: 88
https:
  port: 443
  certificate: /data/cert/harbor.demo.com.crt
  private_key: /data/cert/harbor.demo.com.key
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 100
  max_open_conns: 900
data_volume: /data
trivy:
  ignore_unfixed: false
  skip_update: false
  offline_scan: false
  security_check: vuln
  insecure: false
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 2.6.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - trivy
upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false
cache:
  enabled: false
  expire_hours: 24

#3.1 生成证书颁发机构证书

#生成 CA 证书私钥ca.key

openssl genrsa -out ca.key 4096

#生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.demo.com" -key ca.key -out ca.crt


#3.2 生成服务器证书
#生成私钥

openssl genrsa -out harbor.demo.com.key 4096


#生成证书签名请求 (CSR)

openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.demo.com"  -key harbor.demo.com.key -out harbor.demo.com.csr



#生成 x509 v3 扩展文件

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.demo.com
DNS.2=harbor.demo
DNS.3=hostname
EOF



#使用该v3.ext文件为您的 Harbor 主机生成证书

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.demo.com.csr -out harbor.demo.com.crt



# 3.3 向 Harbor 和 Docker 提供证书
#将服务器证书和密钥复制到 Harbor 主机上的 certficates 文件夹中

mkdir -p /data/cert
cp harbor.demo.com.crt /data/cert/
cp harbor.demo.com.key /data/cert/


# 转换harbor.demo.com.crt为harbor.demo.com.key.cert，供 docker使用

openssl x509 -inform PEM -in harbor.demo.com.crt -out harbor.demo.com.cert


# 将服务器证书、密钥和 CA 文件复制到 Harbor 主机上的 docker 证书文件夹中。您必须首先创建适当的文件夹

mkdir -p /etc/docker/certs.d/harbor.demo.com/
cp harbor.demo.com.cert /etc/docker/certs.d/harbor.demo.com/
cp harbor.demo.com.key /etc/docker/certs.d/harbor.demo.com/
cp ca.crt /etc/docker/certs.d/harbor.demo.com/

# systemctl daemon-reload &&  systemctl restart docker && systemctl status docker




#4. 部署 harbor
运行prepare脚本以启用 HTTPS

./prepare

./install.sh

docker login harbor.demo.com:88

sudo docker tag nginx:1.22.1 harbor.demo.com:88/library/nginx:99.96

sudo docker push harbor.hualu.tech:88/library/nginx:99.96

#登录完之后会会存储密码 下次不用再登录
ubuntu@ubuntu:~/.docker$ cat /home/ubuntu/.docker/config.json
{
        "auths": {
                "harbor.hualu.tech": {
                        "auth": "YWRtaW46SGFyYm9yMTIzNDU="
                }
        }
}

启动的时候其实是启动了多个docker 容器，如果有问题，需要看下容器启动有问题。

harbor-jobservice	healthy	
harbor	goharbor/harbor-jobservice:v2.13.2	2025-09-09 16:42:31	172.19.0.2	-	
administrators

nginx	healthy	
harbor	goharbor/nginx-photon:v2.13.2	2025-09-09 16:42:31	172.19.0.5	88:8080443:8443	
administrators

harbor-core	healthy	
harbor	goharbor/harbor-core:v2.13.2	2025-09-09 16:42:28	172.19.0.6	-	
administrators

harbor-db	healthy	
harbor	goharbor/harbor-db:v2.13.2	2025-09-09 16:42:27	172.19.0.7	-	
administrators

redis	healthy	
harbor	goharbor/redis-photon:v2.13.2	2025-09-09 16:42:27	172.19.0.8	-	
administrators

registryctl	healthy	
harbor	goharbor/harbor-registryctl:v2.13.2	2025-09-09 16:42:27	172.19.0.3	-	
administrators

harbor-portal	healthy	
harbor	goharbor/harbor-portal:v2.13.2	2025-09-09 16:42:27	172.19.0.9	-	
administrators

registry	healthy	
harbor	goharbor/registry-photon:v2.13.2	2025-09-09 16:42:27	172.19.0.10	-	
administrators

harbor-log	healthy	
harbor	goharbor/harbor-log:v2.13.2	2025-09-09 16:42:26	172.19.0.4	1514:10514	
administrator

如果有问题
需要在harbor目录下
执行
docker-compose down 

则会把所有服务停了

并且删除 配置在harbor.yml 里面配置的data 路径
并且删除harbor目录下的common 包里的数据文件