centos安装部署Harbor并且配置https

原创

已于 2023-10-24 18:12:58 修改 · 471 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#docker #容器

于 2023-10-24 12:15:37 首次发布

文章目录

安装搭建环境
创建ssl证书
- 安装所需工具
- 创建ssl证书
修改Harbor文件
- 修改配置文件
启动harbor
- 访问查看一下
上传镜像到harbor

安装搭建环境

首先需要安装部署docker，我们这里使用的是docker安装部署Harbor仓库。
这里我们就不安装了，点击下方连接，有详细的安装步骤。
Harbor包下载链接
 docker-compose下载链接

安装docker安装文档链接

上传所需的包

安装部署Harbor仓库时必须要有docker-compose，所以我们这上传

[root@localhost ~]# ls
docker-compose-linux-x86_64  harbor-offline-installer-v2.1.1.tgz

给docker-compose增加权限

[root@localhost ~]# mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# docker-compose -v
Docker Compose version v2.22.0

解压软件包到指定位置

[root@localhost ~]# tar -zxvf harbor-offline-installer-v2.1.1.tgz -C /usr/local/
harbor/harbor.v2.1.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

创建ssl证书

首先需要常见ssl证书存放目录

[root@localhost harbor]# mkdir cret
[root@localhost harbor]# cd cret/

安装所需工具

[root@localhost cret]# yum -y install openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 1:1.0.2k-12.el7 will be updated
---> Package openssl.x86_64 1:1.0.2k-26.el7_9 will be an update
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-26.el7_9 for package: 1:openssl-1.0.2k-26.el7_9.x86_64
--> Running transaction check
---> Package openssl-libs.x86_64 1:1.0.2k-12.el7 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-26.el7_9 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================
 Package                                          Arch                                       Version                                                Repository                                   Size
======================================================================================================================================================================================================
Updating:
 openssl                                          x86_64                                     1:1.0.2k-26.el7_9                                      updates                                     494 k
Updating for dependencies:
 openssl-libs                                     x86_64                                     1:1.0.2k-26.el7_9                                      updates                                     1.2 M

Transaction Summary
======================================================================================================================================================================================================
Upgrade  1 Package (+1 Dependent package)

Total download size: 1.7 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): openssl-1.0.2k-26.el7_9.x86_64.rpm                                                                                                                                      | 494 kB  00:00:00
(2/2): openssl-libs-1.0.2k-26.el7_9.x86_64.rpm                                                                                                                                 | 1.2 MB  00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 1.4 MB/s | 1.7 MB  00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:openssl-libs-1.0.2k-26.el7_9.x86_64                                                                                                                                              1/4
  Updating   : 1:openssl-1.0.2k-26.el7_9.x86_64                                                                                                                                                   2/4
  Cleanup    : 1:openssl-1.0.2k-12.el7.x86_64                                                                                                                                                     3/4
  Cleanup    : 1:openssl-libs-1.0.2k-12.el7.x86_64                                                                                                                                                4/4
  Verifying  : 1:openssl-libs-1.0.2k-26.el7_9.x86_64                                                                                                                                              1/4
  Verifying  : 1:openssl-1.0.2k-26.el7_9.x86_64                                                                                                                                                   2/4
  Verifying  : 1:openssl-1.0.2k-12.el7.x86_64                                                                                                                                                     3/4
  Verifying  : 1:openssl-libs-1.0.2k-12.el7.x86_64                                                                                                                                                4/4

Updated:
  openssl.x86_64 1:1.0.2k-26.el7_9

Dependency Updated:
  openssl-libs.x86_64 1:1.0.2k-26.el7_9

Complete!

创建ssl证书

首先创建ca密钥

[root@localhost cret]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................................................................................................++
..............................................................................................................................................................................................++
e is 65537 (0x10001)

在创建ca证书，前提是已经创建了ca密钥
中间的IP地址，修改为自己宿主机的IP地址
注意：这里的IP地址需要和配置文件中的相同。

[root@localhost cret]# openssl req -x509 -new -nodes -sha512 -days 3650  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=192.168.1.11"  -key ca.key  -out ca.crt

在创建已宿主机IP地址为名称的私钥

[root@localhost cret]# openssl genrsa -out 192.168.1.11.key 4096
Generating RSA private key, 4096 bit long modulus
...............................................................................................................................................................................................++
...........++
e is 65537 (0x10001)

[root@localhost cret]# openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=192.168.1.11" -key 192.168.1.11.key -out 192.168.1.11.csr

[root@localhost cret]# cat > v3.ext <<-EOF
>  authorityKeyIdentifier=keyid,issuer
> basicConstraints=CA:FALSE
> keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth
> subjectAltName = @alt_names
>
> [alt_names]
> DNS.1=192.168.1.11
> EOF

[root@localhost cret]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in 192.168.1.11.csr -out 192.168.1.11.crt
Signature ok