Docker Private Warehouse Harbor Registry security certification build [Https]

Source: Internet
Author: User
Tags download redis ldap openssl x509

Harbor Source Address: Https://github.com/vmware/harbor
Harbort Features:
Role-based control
Users and warehouses are organized on a project basis, and users can have different permissions based on the project.
Mirroring-based Replication policy
Mirroring can be replicated between multiple Harbor instances.
Support for LDAP
Harbor user authorization can use an existing LDAP user.
Mirror Delete & garbage collection
Image can be deleted and the space occupied by image is recycled.
User UI
Users can easily browse, search, and manage a mirrored warehouse.
Mirror Delete & garbage collection
Most of the user operations API, user-friendly to expand the system.
Ease of deployment Features
Harbor provides online, offline installation, in addition to the virtual appliance installation
System Requirements:
docker1.10.0 or later, installation documentation: https://docs.docker.com/engine/installation/
docker-compose1.6.0 or later, installation documentation: https://docs.docker.com/compose/install/
Software Installation:
Yum-y install Certbot libevent-devel gcc libffi-devel python-devel openssl-devel python2-pip
Yum-y Install Docker
To start Docker, use the following command line:
Systemctl Start Docker
Systemctl Enable Docker
Using the Pip methodInstalling Docker-compose, use the following command:
Pip Install-u docker-compose
View the version of Docker-compose as follows:
Docker-compose version
Offline version download:
Https://github.com/vmware/harbor/releases
Take the v1.1.2 version as an example
wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
MV harbor-offline-installer-v1.1.2.tgz/data/&& cd/data/
Tar xvf harbor-offline-installer-v1.1.2.tgz
Mkdir-p/data/harbor/cert
Switch work path cut certificate store directory
Cd/data/harbor/cert
Create a CA root certificate
OpenSSL Req-newkey rsa:4096 \
-nodes-sha256-keyout Ca.key-x509-days 365 \
-out ca.crt-subj "/c=cn/l=shenzhen/o=lisea/cn=harbor-registry"
Generate a certificate signature, set the access domain name to harbor.test.com
OpenSSL Req-newkey rsa:4096 \
-nodes-sha256-keyout harbor.test.com.key \
-out server.csr-subj "/c=cn/l=shenzhen/o=lisea/cn=harbor.test.com"
generate a host certificate
OpenSSL x509-req-days 365 \
-in server.csr-ca Ca.crt-cakey ca.key \
-cacreateserial-out HARBOR.TEST.COM.CRT
configuration file Modification:
Vim Harbor.cfg
# Configure as needed, at least change the host to the IP address or domain name of the harbor server
hostname = harbor.test.com
Ui_url_protocol = HTTPS
# Mail related information configuration, such as forgot password send mail
Email_server = smtp.163.com
Email_server_port = 25
Email_username = [email protected]
Email_password = xxxxxx
Email_from = Docker <[email protected]>
Email_ssl = False
# Set Certificate path
Ssl_cert =/data/harbor/cert/harbor.test.com.crt
Ssl_cert_key =/data/harbor/cert/harbor.test.com.key
Install by self-scripting one-click
SH install.sh
via browser access management [set up local Hosts file locally redirect to Harbor server IP]
Https://harbor.test.com
User defaults to Admin
Password defaults to Harbor12345
Client Use test
Create public project, access level selection

Create Warehouse certificate Store directory
Mkdir/etc/docker/certs.d/harbor.test.com
Obtain the certificate from the harbor server to the warehouse certificate directory
SCP [Email PROTECTED]:/DATA/HARBOR/CERT/CA.CRT/ETC/DOCKER/CERTS.D/HARBOR.TEST.COM/CA.CRT
User Login [local need to do hosts harbor.test.com domain name redirect to Harbor server IP]
Docker login-u admin-p Harbor12345 harbor.test.com
Tip "Login succeeded" is successful
Docker Download Redis Image:
Docker Pull Redis
Renaming a mirror using Docker tag

Upload image to harbor Warehouse

Log on to the web to see if the image was uploaded successfully

Delete local mirror
Docker RMI harbor.test.com/public/redis:v1.0.0
Download the image from the harbor
Docker Pull harbor.lisea.cn/public/redis:v1.0.0
Other Notes:
To stop the Harbor service:
$ docker-compose Stop
To start the Harbor service:
$ docker-compose Start
If you need to modify the configuration of the Harbor, you first need to stop the running Harbor instance, update the Harbor.cfg file, and run it again install.sh
$ docker-compose Down
$ vim Harbor.cfg
$ sh install.sh
Delete the Harbor container, save the image file and the Harbor database file:
$ sudo docker-compose rm
Delete Harbor database information and image files (generally for pure installation):
$ rm-r/data/database
$ rm-r/data/registry
By default, regirstry data is persisted to the target host's/data/directory, and the data does not change when the Harbor container is deleted or recreated.

Docker Private Warehouse Harbor Registry security certification build [Https]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.