基于Docker搭建Harbor私有镜像仓库
Harbor 是 VMware 开源的企业级 Docker 容器镜像仓库,支持镜像存储、访问控制、镜像复制、安全扫描、审计日志等功能,适合企业级私有化部署。
1.前置环境说明
Harbor的部署依赖于Docker和Docker Compose环境。鉴于Docker已在系统中完成安装,以下将重点介绍Docker Compose的配置及Harbor的安装步骤。
下面示例是在线安装,离线安装可以去github下载安装包
[root@docker01 ~]# curl -s -o /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
[root@docker01 ~]# yum -y install docker-compose-plugin
[root@docker01 ~]# vim /root/.bashrc
...
alias docker-compose='docker compose'[root@docker01 ~]# source /root/.bashrc
[root@docker01 ~]# docker-compose version
# 卸载软件
[root@docker01 ~]# yum -y remove docker-compose-plugin2.软件下载
直接从github下载离线安装包,如果觉得网络慢或者下载不了,可以私聊小刘获取。
[root@docker01 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.12.0/harbor-offline-installer-v2.12.0.tgz3.解压
[root@docker01 ~]# mkdir -p /liux/softwares/
[root@docker01 ~]# cd /liux/softwares/
#解压
[root@docker01 ~]# tar xf harbor-offline-installer-v2.12.0.tgz4.修改配置文件,暂时禁用https
[root@docker01 ~]# cd /liux/softwares/harbor/
[root@docker01 harbor]# cp harbor.yml.tmpl harbor.yml
[root@docker01 harbor]# vim harbor.yml# 添加主机名称
hostname: 192.168.91.52
...
# 注释掉https的相关配置
# https:
# # https port for harbor, default is 443
# port:443
# # The path of cert and key filesfor nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
...
# 设置管理员密码
harbor_admin_password: 123665.安装harbor
[root@docker01 harbor]# ./install.sh [Step 0]: checking if docker is installed ...Note: docker version: 28.0.4[Step 1]: checking docker-compose is installed ...Note: Docker Compose version v2.27.1[Step 2]: loading Harbor images ...
......
[Step 5]: starting Harbor ...
[+] Running 10/10✔ Network harbor_harbor Created 0.0s ✔ Container harbor-log Started 0.4s ✔ Container harbor-db Started 0.9s ✔ Container registry Started 0.8s ✔ Container harbor-portal Started 0.9s ✔ Container registryctl Started 0.8s ✔ Container redis Started 0.9s ✔ Container harbor-core Started 1.2s ✔ Container nginx Started 1.5s ✔ Container harbor-jobservice Started 1.5s
✔ ----Harbor has been installed and started successfully.----6.修改docker的配置文件,添加http私有仓库地址
默认情况下,Docker 要求所有通过 HTTPS 访问的镜像仓库必须使用有效的 SSL 证书。如果 Harbor 使用 HTTP 协议,docker会拒绝连接。
在 Docker 的配置文件中添加 "insecure-registries": ["192.168.91.52"] 是为了允许 Docker 客户端通过 HTTP 协议访问指定的私有镜像仓库(如 Harbor),而不需要验证 SSL 证书。
以下是配置方法:
[root@docker01 harbor]# cat /etc/docker/daemon.json {
"registry-mirrors": ["https://k0jntw7k.mirror.aliyuncs.com","https://docker.m.daocloud.io","https://dockerpull.com","https://docker.registry.cyou","https://atomhub.openatom.cn","https://docker.1panel.live","https://hub.rat.dev","https://docker.awsl9527.cn","https://do.nark.eu.org","https://docker.ckyl.me","https://hub.uuuadc.top","https://docker.chenby.cn"],
"data-root": "/liux/data/docker",
"insecure-registries": ["192.168.91.52"]
}
[root@docker01 harbor]# systemctl restart docker7.页面登录访问harbor
用户为admin,密码是配置文件中设置的harbor_admin_password: liux12366
通过以上步骤,可以成功搭建一个 Harbor 仓库。在下一章节中,我们将详细介绍 Harbor 仓库的使用方法,帮助您更好地管理和分发容器镜像。