企业级私有registry Harbor通过https访问的详细配置
2019独角兽企业重金招聘Python工程师标准>>> 
Harbor安装请参考https://my.oschina.net/u/1762991/blog/1204555
根据文档https://github.com/vmware/harbor/blob/0.5.0/docs/installation_guide.md
Harbor配置通过https访问需要修改配置文件
To change Harbor's configuration, first stop existing Harbor instance, update harbor.cfg, and then run install.sh again:
1.停止docker-compose
$ sudo docker-compose down
2.编辑配置文件
$ vim harbor.cfg
3.执行install.sh
$ sudo install.sh
添加一个步骤,就是创建私有CA,通过CA来签署证书,此步骤在1之后进行
1.停止docker-compose
[docker@c7ks1 harbor]$ docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------------------
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 0.0.0.0:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
[docker@c7ks1 harbor]$ docker-compose down
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-db ... done
Stopping registry ... done
Stopping harbor-ui ... done
Stopping harbor-log ... done
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-db ... done
Removing registry ... done
Removing harbor-ui ... done
Removing harbor-log ... done
Removing network harbor_default
2.创建私有CA及签署证书(这里CA服务器给自己发证书)
A、生成密钥对
[root@c7ks1 ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
Generating RSA private key, 4096 bit long modulus
....................................................................................................................................................................................++
............................................................................................................................................................................................................++
e is 65537 (0x10001)
B、自签证书,从私钥中抽取中公钥信息
req: 生成证书签署请求
-news: 生成新请求
-key /path/to/keyfile: 指定私钥文件
-out /path/to/somefile: 【自签时】证书存放位置
-x509: 生成自签署证书
-days n: 有效天数
[root@c7ks1 ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:zhejiangsheng
Locality Name (eg, city) [Default City]:hangzhuo
Organization Name (eg, company) [Default Company Ltd]:c7ks1
Organizational Unit Name (eg, section) []:tech
Common Name (eg, your name or your server's hostname) []:c7ks1
Email Address []:deliwucn@qq.com
C、初始化工作环境
[root@c7ks1 ~]# touch /etc/pki/CA/{index.txt,serial}
[root@c7ks1 ~]# echo 01 > /etc/pki/CA/serial
D、创建Harbor存放证书的目录
[root@c7ks1 ~]# mkdir /data/source/harbor/ssl
E、生成证书签署请求
[root@c7ks1 ~]# (umask 077;openssl genrsa -out /data/source/harbor/ssl/harbor.key 4096)
Generating RSA private key, 4096 bit long modulus
.................................................................................................................................................................................................................................................++
....................................................................................................++
e is 65537 (0x10001)
[root@c7ks1 ~]# openssl req -new -key /data/source/harbor/ssl/harbor.key -out /data/source/harbor/ssl/harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:zhejiangsheng
Locality Name (eg, city) [Default City]:hangzhuo
Organization Name (eg, company) [Default Company Ltd]:c7ks1
Organizational Unit Name (eg, section) []:tech
Common Name (eg, your name or your server's hostname) []:c7ks1
Email Address []:deliwu@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
F、把签署请求发送给CA服务器(由于是同一个机器,所以不需要发送)
G、签署证书
[root@c7ks1 ~]# openssl ca -in /data/source/harbor/ssl/harbor.csr -out /data/source/harbor/ssl/harbor.crt -days 265
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 10 14:45:30 2017 GMT
Not After : Apr 1 14:45:30 2018 GMT
Subject:
countryName = CN
stateOrProvinceName = zhejiangsheng
organizationName = c7ks1
organizationalUnitName = tech
commonName = c7ks1
emailAddress = deliwu@qq.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D0:65:52:77:7E:73:CA:A1:B0:E2:46:C8:63:06:03:12:27:F1:C9:7C
X509v3 Authority Key Identifier:
keyid:41:BB:A7:DE:71:FF:E7:6D:40:4C:D0:6A:D2:B1:34:9F:2F:17:F0:CD
Certificate is to be certified until Apr 1 14:45:30 2018 GMT (265 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@c7ks1 ~]#
把证书文件/data/source/harbor/ssl/harbor.crt发送给请求者,如果是Windows机器,则直接双击进行安装证书即可,把证书放到安全的位置
3.编辑配置文件
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https
......
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/source/harbor/ssl/harbor.crt
ssl_cert_key = /data/source/harbor/ssl/harbor.key
错误做法:
由于看到https://github.com/vmware/harbor/blob/0.5.0/docs/installation_guide.md
For HTTPS protocol
1.Enable HTTPS in Harbor by following this guide.
2.Modify docker-compose.yml
Replace the first "443" to a customized port, e.g. 4443:443.
proxy:
image: library/nginx:1.11.5
restart: always
volumes:
- ./config/nginx:/etc/nginx
ports:
- 80:80
- 4443:443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
3.Modify templates/registry/config.yml
Add the customized port, e.g. ":4443", after "$ui_url".
auth:
token:
issuer: registry-token-issuer
realm: $ui_url:4443/service/token
rootcertbundle: /etc/registry/root.crt # 这里有一个证书文件,我修改为了我刚才存放的位置
service: token-service
4.Run install.sh to update and start Harbor.
$ sudo docker-compose down
$ sudo install.sh
[root@c7ks1 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 1.10.2
Note: docker-compose version: 1.8.0
[Step 1]: loading Harbor images ...
[Step 2]: preparing environment ...
loaded secret key
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/app.conf
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/cert/harbor.crt
Clearing the configuration file: ./common/config/nginx/cert/harbor.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/ui/app.conf
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/private_key.pem
Generated configuration file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
[Step 4]: starting Harbor ...
Creating network "harbor_default" with the default driver
Creating harbor-log
Creating registry
Creating harbor-db
Creating harbor-ui
Creating nginx
Creating harbor-jobservice
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://192.168.40.113.
For more details, please visit https://github.com/vmware/harbor .
[root@c7ks1 harbor]# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 0.0.0.0:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Restarting 5000/tcp
查看日志一直报错
[root@c7ks1 harbor]# tail -100 /var/log/harbor/2017-07-10/docker_ui.log
Jul 10 23:04:39 c7ks1 docker/ui[11221]: 2017-07-10T15:04:39Z [INFO] User id: 1 already has its encrypted password.
Jul 10 23:04:39 c7ks1 docker/ui[11221]: 2017-07-10T15:04:39Z [DEBUG] [utils.go:245]: Start syncing repositories from registry to DB...
Jul 10 23:04:39 c7ks1 docker/ui[11221]: 2017-07-10T15:04:39Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:41 c7ks1 docker/ui[11221]: 2017-07-10T15:04:41Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:43 c7ks1 docker/ui[11221]: 2017-07-10T15:04:43Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:45 c7ks1 docker/ui[11221]: 2017-07-10T15:04:45Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:47 c7ks1 docker/ui[11221]: 2017-07-10T15:04:47Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:49 c7ks1 docker/ui[11221]: 2017-07-10T15:04:49Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:51 c7ks1 docker/ui[11221]: 2017-07-10T15:04:51Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:53 c7ks1 docker/ui[11221]: 2017-07-10T15:04:53Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:55 c7ks1 docker/ui[11221]: 2017-07-10T15:04:55Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:57 c7ks1 docker/ui[11221]: 2017-07-10T15:04:57Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:04:59 c7ks1 docker/ui[11221]: 2017-07-10T15:04:59Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:01 c7ks1 docker/ui[11221]: 2017-07-10T15:05:01Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:03 c7ks1 docker/ui[11221]: 2017-07-10T15:05:03Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:05 c7ks1 docker/ui[11221]: 2017-07-10T15:05:05Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:07 c7ks1 docker/ui[11221]: 2017-07-10T15:05:07Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:09 c7ks1 docker/ui[11221]: 2017-07-10T15:05:09Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:11 c7ks1 docker/ui[11221]: 2017-07-10T15:05:11Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:13 c7ks1 docker/ui[11221]: 2017-07-10T15:05:13Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:15 c7ks1 docker/ui[11221]: 2017-07-10T15:05:15Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:17 c7ks1 docker/ui[11221]: 2017-07-10T15:05:17Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:19 c7ks1 docker/ui[11221]: 2017-07-10T15:05:19Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:23 c7ks1 docker/ui[11221]: 2017-07-10T15:05:23Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:25 c7ks1 docker/ui[11221]: 2017-07-10T15:05:25Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:27 c7ks1 docker/ui[11221]: 2017-07-10T15:05:27Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:29 c7ks1 docker/ui[11221]: 2017-07-10T15:05:29Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:31 c7ks1 docker/ui[11221]: 2017-07-10T15:05:31Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:33 c7ks1 docker/ui[11221]: 2017-07-10T15:05:33Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:35 c7ks1 docker/ui[11221]: 2017-07-10T15:05:35Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:37 c7ks1 docker/ui[11221]: 2017-07-10T15:05:37Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:39 c7ks1 docker/ui[11221]: panic: Failed to connect to registry client after 60 seconds
Jul 10 23:05:39 c7ks1 docker/ui[11221]:
Jul 10 23:05:39 c7ks1 docker/ui[11221]: goroutine 1 [running]:
Jul 10 23:05:39 c7ks1 docker/ui[11221]: panic(0xacbec0, 0xc820242580)
Jul 10 23:05:39 c7ks1 docker/ui[11221]: #011/usr/local/go/src/runtime/panic.go:481 +0x3e6
Jul 10 23:05:39 c7ks1 docker/ui[11221]: github.com/vmware/harbor/src/ui/api.initRegistryClient(0xab5220, 0x0, 0x0)
Jul 10 23:05:39 c7ks1 docker/ui[11221]: #011/go/src/github.com/vmware/harbor/src/ui/api/utils.go:450 +0x45a
Jul 10 23:05:39 c7ks1 docker/ui[11221]: github.com/vmware/harbor/src/ui/api.catalog(0x0, 0x0, 0x0, 0x0, 0x0)
Jul 10 23:05:39 c7ks1 docker/ui[11221]: #011/go/src/github.com/vmware/harbor/src/ui/api/utils.go:314 +0x72
Jul 10 23:05:39 c7ks1 docker/ui[11221]: github.com/vmware/harbor/src/ui/api.SyncRegistry(0x0, 0x0)
Jul 10 23:05:39 c7ks1 docker/ui[11221]: #011/go/src/github.com/vmware/harbor/src/ui/api/utils.go:247 +0x7b
Jul 10 23:05:39 c7ks1 docker/ui[11221]: main.main()
Jul 10 23:05:39 c7ks1 docker/ui[11221]: #011/go/src/github.com/vmware/harbor/src/ui/main.go:84 +0x290
Jul 10 23:05:39 c7ks1 docker/ui[11221]: 2017-07-10T15:05:39Z [INFO] token expiration: 30 minutes
Jul 10 23:05:39 c7ks1 docker/ui[11221]: 2017-07-10T15:05:39Z [INFO] Config path: /etc/ui/app.conf
Jul 10 23:05:39 c7ks1 docker/ui[11221]: 2017-07-10T15:05:39Z [INFO] initializing database: type-MySQL host-mysql port-3306 user-root database-registry
Jul 10 23:05:39 c7ks1 docker/ui[11221]: 2017-07-10T15:05:39Z [INFO] User id: 1 already has its encrypted password.
Jul 10 23:05:39 c7ks1 docker/ui[11221]: 2017-07-10T15:05:39Z [DEBUG] [utils.go:245]: Start syncing repositories from registry to DB...
Jul 10 23:05:39 c7ks1 docker/ui[11221]: 2017-07-10T15:05:39Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:41 c7ks1 docker/ui[11221]: 2017-07-10T15:05:41Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:43 c7ks1 docker/ui[11221]: 2017-07-10T15:05:43Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:45 c7ks1 docker/ui[11221]: 2017-07-10T15:05:45Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:47 c7ks1 docker/ui[11221]: 2017-07-10T15:05:47Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refused
Jul 10 23:05:49 c7ks1 docker/ui[11221]: 2017-07-10T15:05:49Z [ERROR] [utils.go:442]: failed to connect to registry client, retry after 2 seconds :dial tcp 172.18.0.3:5000: getsockopt: connection refuse
后面我查找了一下config.yml文件,发现有两个
[root@c7ks1 harbor]# find ./ -name "config.yml"
./common/templates/registry/config.yml
./common/config/registry/config.yml
[root@c7ks1 harbor]# diff common/config/registry/config.yml common/templates/registry/config.yml
24c24
< realm: https://192.168.40.113/service/token
---
> realm: $ui_url/service/token
发现他们的配置都不一样
我就把$ui_url改为https://192.168.40.113,重试上面修改配置的步骤,但是还是报同样的错
这时,我把
./common/templates/registry/config.yml
./common/config/registry/config.yml
都改为最初的配置
即:
./common/templates/registry/config.yml
。。
auth:
token:
issuer: registry-token-issuer
realm: $ui_url:/service/token
rootcertbundle: /etc/registry/root.crt
service: token-service
。。
./common/config/registry/config.yml
auth:
token:
issuer: registry-token-issuer
realm: https://192.168.40.113:/service/token
rootcertbundle: /etc/registry/root.crt
service: token-service
重新执行install.sh
[root@c7ks1 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 1.10.2
Note: docker-compose version: 1.8.0
[Step 1]: loading Harbor images ...
[Step 2]: preparing environment ...
loaded secret key
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/app.conf
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/nginx/cert/harbor.crt
Clearing the configuration file: ./common/config/nginx/cert/harbor.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/ui/app.conf
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/private_key.pem
Generated configuration file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
Note: stopping existing Harbor instance ...
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-ui ... done
Removing harbor-db ... done
Removing registry ... done
Removing harbor-log ... done
Removing network harbor_default
[Step 4]: starting Harbor ...
Creating network "harbor_default" with the default driver
Creating harbor-log
Creating harbor-ui
Creating harbor-db
Creating registry
Creating harbor-jobservice
Creating nginx
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://192.168.40.113.
For more details, please visit https://github.com/vmware/harbor .
发现容器都正常up了
[root@c7ks1 harbor]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------------------
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 0.0.0.0:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
可以访问了
转载于:https://my.oschina.net/u/1762991/blog/1305480
企业级私有registry Harbor通过https访问的详细配置相关推荐
- 部署Docker仓库之企业级私有仓库Harbor
私有仓库Harbor 一.概述 二.特点 三.Harbor仓库结构 四.部署Harbor 1.环境准备 2.安装harbor 3.修改配置文件 4.启动Harbor 5.登陆Harbor 6.新建项目 ...
- harbor镜像仓库-https访问的证书配置 (docker配置harbor https证书)
harbor镜像仓库-https访问的证书配置 生成CA证书 随便搞个什么文件夹,用于存放生成的证书 创建key文件: root@eb7023:/data/certs>openssl genrs ...
- linux location root访问文件夹404_如何使网站支持https访问?nginx配置https证书
购买SSL证书 要想使用https访问你的网址,首先得拥有颁发的SSL证书.我使用的是免费版,有效期为一年,过期后再重新申请. 申请SSL证书 购买后,可在搜索框输入证书关键字进入到控制台. 点击证书 ...
- Ubuntu18.04安装部署GitLab-ce(HTTP/HTTPS访问,SAML配置)附:docker gitlab-ce部署
Gitlab推荐配置: 4核 4GB内存 支持500个用户 8核 8GB内存 支持1000个用户 最低配置建议:2核 4G内存 一.安装和配置必要的依赖项 sudo apt update sudo a ...
- Tomcat访问日志详细配置
在server.xml里的<host>标签下加上 <Valve className="org.apache.catalina.valves.AccessLogValve&q ...
- 企业级Docker Registry —— Harbor搭建和使用
本节内容: Harbor介绍 安装部署Harbor 环境要求 环境信息 安装部署harbor 配置harbor 配置存储 完成安装和启动harbor 访问Harbor 修改管理员密码 启动后相关容器 ...
- 镜像浏览器_Docker 企业级私有镜像仓库 Harbor 部署
Docker官方仓库为 Docker Registry 作为镜像仓库,部署过程中会遇到了很多问题. 除此之处,Docker Registry 没有管理页面,甚至连一些运维必备的功能都是缺失的,还有什么 ...
- docker进阶-搭建私有企业级镜像仓库Harbor
为什么要搭建私有镜像仓库 对于一个刚刚接触Docker的人来说,官方的Docker hub是用于管理公共镜像.既然官方提供了镜像仓库我们为什么还要去自己搭建私有仓库呢?虽然也可以托管私有镜像.我们 ...
- Docker仓库之企业级可视化私有仓库Harbor(安装、快速、入门)
一.Harbor简介 Harbor被部署为多个Docker容器.因此,您可以将其部署在任何支持Docker的Linux发行版上.目标主机需要Docker和Docker Compose才能安装. 硬件 ...
最新文章
- python资料书-关于 Python 的经典入门书籍有哪些?
- 周报措辞规范(周报规范用语、不规范用语)
- IOS的OC项目下回调函数的定义以及传参
- 自然语言处理-LDA主题模型
- java中的 BigDecimal 和 String 的相互转换
- 13.远程登录 Linux
- 不是方阵有逆矩阵吗_Lecture 3 | 乘法和逆矩阵
- 《vSphere性能设计:性能密集场景下CPU、内存、存储及网络的最佳设计实践》一1.2.4 存储...
- 用 Lucene 构建文档数据库
- 【入门】求三个数的平均数
- 武汉市星创天地申报条件和程序
- 基于51单片机的简易计算器proteus仿真 数码管显示
- 原生64位卸载工具Revo Uninstaller Pro V2.5.7
- 2022年最新陕西水利水电施工安全员考试题库及答案
- 谈谈一只菜鸟转行Erlang游戏服务端的经历(希望大佬指导,也希望我的经历能给一些还未毕业的同学或者正在迷茫自己工作内容的同学一些感触)
- 基于Unity开发实现的坦克游戏设计
- python从入门到入魔第八天——turtle库使用(含玫瑰花绘制实例)
- 摩根大通表示CBDC不能蚕食商业金融系统
- VCO电路中的电源设计
- R语言初级教程(04): 算术运算