【Docker】如何在Linux上快速安装和配置Harbor

目录

前言

一、测试环境

二、获取harbor软件包

三、获取TLS文件（HTTP略过）

四、配置harbor

1.解压harbor安装包

2.修改配置文件内容

3.执行环境准备脚本

4.执行安装脚本

五、访问Harbor Web界面

 六、harbor容器启停

1.关闭harbor

2.开启harbor

七、harbor的使用

1.登录harbor

2.镜像上传与下载

总结

---

前言

        Harbor 是一个开源的容器镜像仓库，旨在帮助企业安全、有效地存储和管理容器镜像。通过支持多种镜像管理功能，如镜像复制、漏洞扫描、访问控制和镜像签名，Harbor 提供了一个稳定、高性能的解决方案，满足了企业级容器化应用的需求。此外，Harbor 还与 Kubernetes 和 Docker 紧密集成，简化了容器的部署与运维流程，提升了 DevOps 团队的工作效率。

一、测试环境

        Docker version：26.1.4

        Docker compose version：v2.27.1 (Docker Inc.)

二、获取harbor软件包

        从Harbor的官方GitHub仓库下载最新的Harbor离线安装版安装包：

        下载地址：Releases · goharbor/harbor (github.com)

        也可以通过以下命令从github进行下载

# wget https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz

三、获取TLS文件（HTTP略过）

        Harbor 是一个开源的云原生容器镜像仓库，通常用于存储和管理 Docker 镜像。使用 HTTP 协议传输数据存在安全隐患，因此官方建议尽快升级到 HTTPS。

# mkdir -p /data/cert


# openssl req -newkey rsa:2048 -nodes -keyout /data/cert/harbor.key -x509 -days 365 -out /data/cert/harbor.crt

四、配置harbor

1.解压harbor安装包

# tar -zvxf harbor-offline-installer-v2.11.1.tgz

2.修改配置文件内容

        创建配置文件

# cd harbor/


# mv harbor.yml.tmpl harbor.yml

        编辑配置文件内容

# vi harbor.yml


 


hostname: www.Tjlyae.com 


http:


  port: 80	


https:		#如测试环境不启用https协议可以注释以下几行


  port: 443


  certificate: /data/cert/www.Tjlyae.com.crt		  


  private_key: /data/cert/www.Tjlyae.com.key


  


harbor_admin_password: Harbor12345


data_volume: /data

3.执行环境准备脚本

# ./prepare


 


prepare base dir is set to /root/harbor


Clearing the configuration file: /config/portal/nginx.conf


Clearing the configuration file: /config/log/logrotate.conf


Clearing the configuration file: /config/log/rsyslog_docker.conf


Generated configuration file: /config/portal/nginx.conf


Generated configuration file: /config/log/logrotate.conf


Generated configuration file: /config/log/rsyslog_docker.conf


Generated configuration file: /config/nginx/nginx.conf


Generated configuration file: /config/core/env


Generated configuration file: /config/core/app.conf


Generated configuration file: /config/registry/config.yml


Generated configuration file: /config/registryctl/env


Generated configuration file: /config/registryctl/config.yml


Generated configuration file: /config/db/env


Generated configuration file: /config/jobservice/env


Generated configuration file: /config/jobservice/config.yml


Generated and saved secret to file: /data/secret/keys/secretkey


Successfully called func: create_root_cert


Generated configuration file: /compose_location/docker-compose.yml


Clean up the input dir

4.执行安装脚本

# ./install.sh


 


 


[Step 0]: checking if docker is installed ...


 


Note: docker version: 26.1.4


 


[Step 1]: checking docker-compose is installed ...


 


Note: Docker Compose version v2.27.1


 


[Step 2]: loading Harbor images ...


 


[Step 3]: preparing environment ...


 


[Step 4]: preparing harbor configs ...


prepare base dir is set to /root/harbor


 


[Step 5]: starting Harbor ...


Creating network "harbor_harbor" with the default driver


Creating harbor-log ... done


Creating harbor-db     ... done


Creating registry      ... done


Creating registryctl   ... done


Creating redis         ... done


Creating harbor-portal ... done


Creating harbor-core   ... done


Creating harbor-jobservice ... done


Creating nginx             ... done


✔ ----Harbor has been installed and started successfully.----

五、访问Harbor Web界面

        安装完成后，你可以通过浏览器访问Harbor Web界面。在浏览器中输入你配置的hostname（或IP地址）与端口信息，如：https://www.tjlyae.com:8080

 六、harbor容器启停

1.关闭harbor

        harbor容器的关闭需要再harbor目录下执行docker compose down命令， 仅停止并删除本地Docker主机上的harbor相关容器，但它不会影响Harbor仓库中的镜像。

# docker compose down


 


[+] Running 10/9


 ✔ Container nginx              Removed                                                                                                         0.4s


 ✔ Container registryctl        Removed                                                                                                         0.4s


 ✔ Container harbor-jobservice  Removed                                                                                                         0.4s


 ✔ Container harbor-portal      Removed                                                                                                         0.3s


 ✔ Container harbor-core        Removed                                                                                                         0.3s


 ✔ Container harbor-db          Removed                                                                                                         0.4s


 ✔ Container registry           Removed                                                                                                         0.3s


 ✔ Container redis              Removed                                                                                                         0.3s


 ✔ Container harbor-log         Removed                                                                                                        10.2s


 ✔ Network harbor_harbor        Removed                                                                                                         0.1s                                                                2.7s

2.开启harbor

        harbor容器的开启则是需要再harbor目录下执行docker compose up -d命令， 它会根据 docker-compose.yml 文件重新创建和启动容器

# docker compose up -d


 


[+] Running 10/10


 ✔ Network harbor_harbor        Created                                                                                                         0.1s


 ✔ Container harbor-log         Started                                                                                                         0.7s


 ✔ Container harbor-portal      Started                                                                                                         1.8s


 ✔ Container harbor-db          Started                                                                                                         1.4s


 ✔ Container registryctl        Started                                                                                                         1.9s


 ✔ Container redis              Started                                                                                                         1.6s


 ✔ Container registry           Started                                                                                                         1.7s


 ✔ Container harbor-core        Started                                                                                                         2.0s


 ✔ Container harbor-jobservice  Started                                                                                                         2.8s


 ✔ Container nginx              Started                

七、harbor的使用

1.登录harbor

        在docker主机上执行docker login www.tjlyae.com，输入账号及密码信息登录harbor

# docker login www.tjlyae.com


Username: admin


Password:


WARNING! Your password will be stored unencrypted in /root/.docker/config.json.


Configure a credential helper to remove this warning. See


https://docs.docker.com/engine/reference/commandline/login/#credentials-store


 


Login Succeeded

2.镜像上传与下载

        镜像上传

# docker tag nessus:latest www.tjlyae.com/library/nessus:1.0


# docker push  www.tjlyae.com/library/nessus:1.0


The push refers to repository [www.tjlyae.com/library/nessus]


5674ba0dc5af: Pushed


8d01668276cb: Pushed


2af940cf5ed3: Pushed


39c541662e81: Pushed


8542abe291b5: Pushed


548a79621a42: Pushed


1.0: digest: sha256:f3c40a230981e86a2863828c80a0ad46e370118d49d22a25e9c2b31a207e43e1 size: 1574

        镜像上传成功后，就可以指定位置查看到相关信息

        镜像下载

# docker pull  www.tjlyae.com/library/nessus:1.0

总结

        Harbor为企业级容器镜像管理提供了强大的功能，支持用户认证、镜像复制、策略管理和审计日志等。在本教程中，我们介绍了如何在Linux上安装和配置Harbor，帮助你快速搭建一个私有的镜像仓库，为容器化应用的开发和部署提供有力支持。