Docker Private Warehouse Harbor Registry security certification build [Https]

Harbor Source Address: Https://github.com/vmware/harbor
Harbort Features:
Role-based control
Users and warehouses are organized on a project basis, and users can have different permissions based on the project.
Mirroring-based Replication policy
Mirroring can be replicated between multiple Harbor instances.
Support for LDAP
Harbor user authorization can use an existing LDAP user.
Mirror Delete & garbage collection
Image can be deleted and the space occupied by image is recycled.
User UI
Users can easily browse, search, and manage a mirrored warehouse.
Mirror Delete & garbage collection
Most of the user operations API, user-friendly to expand the system.
Ease of deployment Features
Harbor provides online, offline installation, in addition to the virtual appliance installation
System Requirements:
docker1.10.0 or later, installation documentation: https://docs.docker.com/engine/installation/
docker-compose1.6.0 or later, installation documentation: https://docs.docker.com/compose/install/
Software Installation:
Yum-y install Certbot libevent-devel gcc libffi-devel python-devel openssl-devel python2-pip
Yum-y Install Docker
To start Docker, use the following command line:
Systemctl Start Docker
Systemctl Enable Docker
Using the Pip methodInstalling Docker-compose, use the following command:
Pip Install-u docker-compose
View the version of Docker-compose as follows:
Docker-compose version
Offline version download:
Https://github.com/vmware/harbor/releases
Take the v1.1.2 version as an example
wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
MV harbor-offline-installer-v1.1.2.tgz/data/&& cd/data/
Tar xvf harbor-offline-installer-v1.1.2.tgz
Mkdir-p/data/harbor/cert
Switch work path cut certificate store directory
Cd/data/harbor/cert
Create a CA root certificate
OpenSSL Req-newkey rsa:4096 \
-nodes-sha256-keyout Ca.key-x509-days 365 \
-out ca.crt-subj "/c=cn/l=shenzhen/o=lisea/cn=harbor-registry"
Generate a certificate signature, set the access domain name to harbor.test.com
OpenSSL Req-newkey rsa:4096 \
-nodes-sha256-keyout harbor.test.com.key \
-out server.csr-subj "/c=cn/l=shenzhen/o=lisea/cn=harbor.test.com"
generate a host certificate
OpenSSL x509-req-days 365 \
-in server.csr-ca Ca.crt-cakey ca.key \
-cacreateserial-out HARBOR.TEST.COM.CRT
configuration file Modification:
Vim Harbor.cfg
# Configure as needed, at least change the host to the IP address or domain name of the harbor server
hostname = harbor.test.com
Ui_url_protocol = HTTPS
# Mail related information configuration, such as forgot password send mail
Email_server = smtp.163.com
Email_server_port = 25
Email_username = [email protected]
Email_password = xxxxxx
Email_from = Docker <[email protected]>
Email_ssl = False
# Set Certificate path
Ssl_cert =/data/harbor/cert/harbor.test.com.crt
Ssl_cert_key =/data/harbor/cert/harbor.test.com.key
Install by self-scripting one-click
SH install.sh
via browser access management [set up local Hosts file locally redirect to Harbor server IP]
Https://harbor.test.com
User defaults to Admin
Password defaults to Harbor12345
Client Use test
Create public project, access level selection

Create Warehouse certificate Store directory
Mkdir/etc/docker/certs.d/harbor.test.com
Obtain the certificate from the harbor server to the warehouse certificate directory
SCP [Email PROTECTED]:/DATA/HARBOR/CERT/CA.CRT/ETC/DOCKER/CERTS.D/HARBOR.TEST.COM/CA.CRT
User Login [local need to do hosts harbor.test.com domain name redirect to Harbor server IP]
Docker login-u admin-p Harbor12345 harbor.test.com
Tip "Login succeeded" is successful
Docker Download Redis Image:
Docker Pull Redis
Renaming a mirror using Docker tag

Upload image to harbor Warehouse

Log on to the web to see if the image was uploaded successfully

Delete local mirror
Docker RMI harbor.test.com/public/redis:v1.0.0
Download the image from the harbor
Docker Pull harbor.lisea.cn/public/redis:v1.0.0
Other Notes:
To stop the Harbor service:
$ docker-compose Stop
To start the Harbor service:
$ docker-compose Start
If you need to modify the configuration of the Harbor, you first need to stop the running Harbor instance, update the Harbor.cfg file, and run it again install.sh
$ docker-compose Down
$ vim Harbor.cfg
$ sh install.sh
Delete the Harbor container, save the image file and the Harbor database file:
$ sudo docker-compose rm
Delete Harbor database information and image files (generally for pure installation):
$ rm-r/data/database
$ rm-r/data/registry
By default, regirstry data is persisted to the target host's/data/directory, and the data does not change when the Harbor container is deleted or recreated.

Docker Private Warehouse Harbor Registry security certification build [Https]