Harbor 镜像仓库搭建步骤

docker  

一、安装docker

1、添加 docker 的阿里云yum源

yum install yum-utils -y  
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo  

2、查看docker有哪些版本

yum list docker-ce --showduplicates | sort -r  

3、安装 docker-ce (ce社区版的意思)

yum -y install docker-ce docker-ce-cli  

4、修改daemon,并添加http的通信地址,不然docker默认使用https进行通信,如果配置了https协议就不需要添加

sed -i.bak "s#^ExecStart=/usr/bin/dockerd.*#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --exec-opt native.cgroupdriver=systemd#g" /usr/lib/systemd/system/docker.service  

5、添加docker配置

mkdir /etc/docker  
mkdir -p /data/apps/docker/data

cat > /etc/docker/daemon.json <<EOF  
{
    "registry-mirrors": [
        "https://xet0ja6w.mirror.aliyuncs.com",
        "https://nr240upq.mirror.aliyuncs.com",
        "https://registry.docker-cn.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://dockerhub.azk8s.cn",
        "http://hub-mirror.c.163.com"
    ],
    "max-concurrent-downloads": 10,
    "max-concurrent-uploads": 5,
    "log-driver": "json-file",
    "log-opts": {
       "max-size": "300m",
       "max-file": "2"
    },
    "insecure-registries": ["harbor.imdst.com"],
    "live-restore": true,
    "data-root": "/data/apps/docker/data"
}

EOF  

对上面的参数进行部分的解析

    # docker优化
    # registry-mirrors  自定义的镜像地址。如果不加,将从国外官方docker上拉取镜像
    # 修改docker Cgroup Driver 为systemtd启动管理,是k8s需要,默认是cgroupfs
    # max-concurrent-downloads: 最大并发下载
    # max-concurrent-uploads: 最大并发上传
    # log-driver: 日志格式化为 JSON。这是 Docker 默认的日志驱动程序。
    # log-opts: 日志设置,单文件最大,最大几个文件
    # 容器的默认日志都在 /var/lib/docker/containers/容器名/xxx.log,如果改了data-root就会跟着改变
    # insecure-registries: 私有harbor的地址,用于docker login http://地址使用的,如果不设置这个,默认走的是https
    # live-restore: 在docker守护进程不可用时使容器保持活动状态
    # data-root: 修改默认镜像和容器存储位置

6、重新加载system配置,设置docker开机自启和启动docker

systemctl daemon-reload && systemctl enable --now docker  
docker version  # 有输出版本就正常了  

二、安装 docker-compose

GitHub下载页面: https://github.com/docker/compose/releases/

1、下载 docker-compose

curl -L "https://github.com/docker/compose/releases/download/v2.19.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose  
# 添加权限
chmod +x /usr/local/bin/docker-compose  
# 测试
docker-compose -v  

三、安装 harbor

GitHub下载页面: https://github.com/goharbor/harbor/releases/

1、下载 harbor

wget https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz  

2、解压 harbor,并修改配置文件

cd /data/apps  
tar zxf harbor-offline-installer-v2.8.2.tgz  
rm -f harbor-offline-installer-v2.8.2.tgz  
cd harbor  
cp harbor.yml.tmpl harbor.yml  
# 注间修改以下备份的几个配置
vim harbor.yml  
hostname: 127.0.0.1 (本机IP地址也可以)  
http:  
  port: 5000 (默认端口)
harbor_admin_password: Harbor12345 (默认密码)  
database:  
  password: root123
  max_idle_conns: 100
  max_open_conns: 900
  conn_max_lifetime: 5m
  conn_max_idle_time: 0
data_volume: /data/apps/harbor/data (数据存储目录)  
trivy:  
  ignore_unfixed: false
  skip_update: false
  offline_scan: false
  security_check: vuln
  insecure: false
log:  
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /data/apps/harbor/logs (日志存储目录)

3、安装 harbor: ./install.sh

4、配置 nginx

主配置文件: nginx.conf
要修改上传大小的限制,不然docker push时,文件太大上传不了
client_max_body_size 4096m;

cat > /data/apps/nginx/conf/vhost/harbor.imdst.com.conf <<'EOF'  
server {  
    listen 80;
    server_name harbor.imdst.com;

    charset utf-8;

    location = /favicon.ico { access_log off; log_not_found off; }

    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # access_log  /data/www/wwwlogs/harbor.imdst.com.log main;
    # error_log  /data/www/wwwlogs/harbor.imdst.com.error.log;
}
EOF  

5、配置 harbor 的开机自启:

echo 'cd /data/apps/harbor && docker-compose start' >> /etc/rc.local

6、试着访问 harbor 看看:

harbor.imdst.com