chill/chill_notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88785b02f16983609acdb42b61a15060989463dc
chill_notes/Linux/CentOS/CentOS安装Harbor并开启HTTPS.md
FNS Service 5604527d48 Update from Sync Service
2026-04-21 20:37:55 +08:00

225 lines
3.9 KiB
Markdown
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# CentOS 安装 Harbor 并开启 HTTPS
> 私有 Docker 镜像仓库
---
## 环境
- 服务器 IP192.168.69.128
- 系统CentOS 7
---
## 一、生成自签名证书
### 1. 创建证书目录
```bash
mkdir -p /opt/cert
cd /opt/cert
```
### 2. 生成根证书
```bash
openssl req \
-newkey rsa:4096 -nodes -sha256 \
-keyout ca.key \
-x509 -days 3650 -out ca.crt \
-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=test_company/OU=IT/CN=test/emailAddress=11111111@qq.com"
```
### 3. 生成证书签名请求
```bash
openssl req \
-newkey rsa:4096 -nodes -sha256 \
-keyout harbor-registry.key \
-out harbor-registry.csr \
-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=test_company/OU=IT/CN=192.168.69.128/emailAddress=11111111@qq.com"
```
### 4. 生成证书
```bash
# 创建扩展配置文件
echo "subjectAltName = IP:192.168.69.128" > extfile.cnf
# 签名
openssl x509 -req -days 365 \
-in harbor-registry.csr \
-CA ca.crt -CAkey ca.key \
-CAcreateserial \
-extfile extfile.cnf \
-out harbor-registry.crt
```
### 5. 证书文件
```bash
ls -la /opt/cert/
# ca.crt ca.key ca.srl extfile.cnf harbor-registry.crt harbor-registry.csr harbor-registry.key
```
---
## 二、停止现有 Harbor
```bash
# 方式一docker-compose
docker-compose down -v
# 方式二:强制停止
docker ps | grep -v CONTAINER | awk '{print $1}' | xargs docker stop
docker ps -a | grep -v CONTAINER | awk '{print $1}' | xargs docker rm -vf
```
---
## 三、配置 Harbor
### 1. 修改 harbor.cfg
```bash
vim /root/harbor/harbor.cfg
```
修改:
```ini
hostname = 192.168.69.128
ui_url_protocol = https
ssl_cert = /opt/cert/harbor-registry.crt
ssl_cert_key = /opt/cert/harbor-registry.key
```
### 2. 生成配置
```bash
cd /root/harbor
./prepare
```
---
## 四、重启 Harbor
```bash
docker-compose down
docker-compose up -d
```
---
## 五、客户端配置
### 1. 复制证书到 Docker
```bash
# 创建证书目录
mkdir -p /etc/docker/certs.d/192.168.69.128
# 复制证书
cp /opt/cert/ca.crt /etc/docker/certs.d/192.168.69.128/
# CentOS/RHEL 需要更新证书信任
cp /opt/cert/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
```
### 2. 重启 Docker
```bash
systemctl restart docker
```
---
## 六、验证
### 1. 浏览器访问
```
https://192.168.69.128
```
### 2. Docker 登录
```bash
docker login 192.168.69.128
# 用户名admin
# 密码Harbor12345
```
---
## 常用命令
```bash
# 启动/停止
docker-compose up -d
docker-compose down
# 查看状态
docker-compose ps
# 查看日志
docker-compose logs -f
```
---
## 常见问题
### 1. Docker login 失败
```bash
# 确保 /etc/docker/daemon.json 中没有 insecure-registries 配置
# 如果有,移除并重启 Docker
systemctl restart docker
```
### 2. 证书不受信任
```bash
# CentOS
sudo cp ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
# Ubuntu
sudo cp ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
```
### 3. 浏览器访问提示不安全
这是自签名证书的正常警告,点击"高级"→"继续访问"即可。
---
## 简化命令汇总
```bash
# 1. 生成证书
cd /opt/cert
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt -subj "/C=CN/ST=GD/L=GZ/O=test/OU=IT/CN=test"
openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor-registry.key -out harbor-registry.csr -subj "/C=CN/ST=GD/L=GZ/O=test/OU=IT/CN=192.168.69.128"
echo "subjectAltName = IP:192.168.69.128" > extfile.cnf
openssl x509 -req -days 365 -in harbor-registry.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out harbor-registry.crt
# 2. 配置 Harbor
vim /root/harbor/harbor.cfg
# 修改 hostname, ui_url_protocol, ssl_cert, ssl_cert_key
# 3. 重启
cd /root/harbor
./prepare
docker-compose down
docker-compose up -d
# 4. 客户端配置
mkdir -p /etc/docker/certs.d/192.168.69.128
cp ca.crt /etc/docker/certs.d/192.168.69.128/
```
Reference in New Issue View Git Blame Copy Permalink