Install the Harbor1.4.0 open-source docker image repository (including the letsencrypt certificate) and dockerletsencrypt

Source: Internet
Author: User
Tags ldap certbot docker compose letsencrypt

Install the Harbor1.4.0 open-source docker image repository (including the letsencrypt certificate) and dockerletsencrypt
Document version 20180216

Harbor has been successfully installed on Ubuntu Linux 14.04 and CentOS Linux 7.4. The process is organized as follows for your reference:

Note: Use a non-root user to operate Docker, create a docker group sudo groupadd docker to add the current USER to the docker group sudo gpasswd-a $ {USER} docker to restart the docker Service (the following is the CentOS7 command) sudo systemctl restart docker the current user logs out of the system and logs in again.
1. Download the harbor installation file:
1. harbor project home page: https://github.com/vmware/harbor/

2. Check README. md. The Installation instructions are in "Installation & Configuration Guide" of README. md:
Https://github.com/vmware/harbor/blob/master/docs/installation_guide.md

3. README. md informs you that the master is a development version and may be unstable. You need to download the official release version:
Https://github.com/vmware/harbor/releases

For ease of installation, download the binary version. Currently, only the binary offline version is available for domestic images, which is close to 800 mb. download the latest version 1.4.0:
Harbor-offline-installer-v1.4.0.tgz
MD5: 6161843c84c9944a087

Revoke Delete, repackage named harbor. bytefish. online-installer-v1.4.0.tgz, size about 32 K.

5. Upload the harbor. bytefish. online-installer-v1.4.0.tgz to the server and decompress it to generate the harbor directory under the current directory.
$ Scp-I. ssh/id_rsa harbor. bytefish. online-installer-v1.4.0.tgz username @ docker.MySite.com:/path/harbor. bytefish. online-installer-v1.4.0.tgz $ ssh username @ docker.MySite.com-I. ssh/id_rsa $ tar-zxf harbor. bytefish. online-installer-v1.4.0.tgz & cd harbor

Ii. Confirm Server resources:
1. Minimum official requirements and suggestions for server resources:
Hardware:Resource Capacity DescriptionCPU minimal 2 CPU 4 CPU is preferedMem minimal 4GB 8GB is preferedDisk minimal 40GB 160GB is preferedSoftware:Software Version DescriptionPython version 2.7 or higher Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by defaultDocker engine version 1.10 or higher For installation instructions, please refer to: https://docs.docker.com/engine/installation/Docker Compose version 1.6.0 or higher For installation instructions, please refer to: https://docs.docker.com/compose/install/Openssl latest is prefered Generate certificate and keys for HarborNetwork ports:Port Protocol Description443 HTTPS Harbor UI and API will accept requests on this port for https protocol4443 HTTS Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled80 HTTP Harbor UI and API will accept requests on this port for http protocol

 


2. Confirm the docker version of the server:
$ Docker version

3. Confirm the docker-compose, Python, and OpenSSL versions:
$ Docker-compose version

4. Confirm the hardware:
$ Cat/proc/cpuinfo
$ Free

5. Check whether the network port is occupied:
$ Ss-tna

3. Edit and install the configuration file:
1. Edit the harbor. cfg file in the harbor directory. The modification content is as follows:
Hostname = docker.MySite.com # parameters related to the email service can also be configured on the website page after the installation is complete: email_identity = email_server = login # mailserver portemail_server_port = 25email_username = username@mailserver.comemail _ password = email service password email_from = adminemail_ssl = login = Setting an administrator password db_password = Setting a mysql password # self_registration on, it is for database authentication, visitors can register by themselves, and LDAP authentication cannot be self-registered: self_registration = off

2. Run install. sh with the root permission (the script will create the/data directory and related files under the root directory). The related docker image files will be automatically downloaded and automatically installed:
~ /Harbor $ sudo./install. sh

3, the container will automatically start, now available browser to open the http://docker.MySite.com, use the Administrator account admin login.

4. Configure LDAP:
1. Use the Administrator account admin Login http://docker.MySite.com, click "System Management", "Configuration Management", "Authentication Mode" to select LDAP, and configure the relevant parameters:
Ldap url: ldap: // MySite. comLDAP Search DN: cn = admin, dc = MySite, dc = comLDAP search password: Password LDAP basic DN: dc = MySite, dc = comLDAP filter: (| (objectclass = inetOrgPerson )) LDAP user UID attribute: uidLDAP search range: sub-tree LDAP check certificate .)

2. Click "test LDAP server". If the connection succeeds, "LDAP server connection is normal" is displayed on the top of the browser ." .

3. You can log on to the web page using an account in LDAP, but cannot Log On Through docker login. You also need to configure the website https certificate.

5. Configure the https certificate:
1. Installation instructions:
Https://github.com/vmware/harbor/blob/master/docs/configure_https.md

2. Run docker-compose down in the/home/ubuntu/harbor directory to stop and delete the container:
$ Docker-compose down

3. I originally wanted to install the certificate through the official certbot script (certbot.eff.org) of Let's Encrypt, but the script cannot be executed successfully. It is estimated that nginx is in the container, however, some software packages are automatically installed using this script. Then try to get letsencrypt through git for installation:
$ Git clone https://github.com/letsencrypt/letsencrypt

4. Go to the letsencrypt directory and generate a certificate.
$ cd letsencrypt$ sudo ./letsencrypt-auto certonly --standalone --email username@mailserver.com -d docker.MySite.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for docker.MySite.comWaiting for verification...Cleaning up challengesIMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/docker.MySite.com/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/docker.MySite.com/privkey.pemYour cert will expire on 2018-05-15. To obtain a new or tweakedversion of this certificate in the future, simply runletsencrypt-auto again. To non-interactively renew *all* of yourcertificates, run "letsencrypt-auto renew"- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le

5. The certificate expiration date is. The generated Certificate file is located in the/etc/letsencrypt/live/docker.mysite.com/folder (link file ):
$ sudo ls /etc/letsencrypt/live/docker.MySite.com/ -llrwxrwxrwx 1 root root 40 Feb 14 23:30 cert.pem -> ../../archive/docker.MySite.com/cert1.pemlrwxrwxrwx 1 root root 41 Feb 14 23:30 chain.pem -> ../../archive/docker.MySite.com/chain1.pemlrwxrwxrwx 1 root root 45 Feb 14 23:30 fullchain.pem -> ../../archive/docker.MySite.com/fullchain1.pemlrwxrwxrwx 1 root root 43 Feb 14 23:30 privkey.pem -> ../../archive/docker.MySite.com/privkey1.pem-rw-r--r-- 1 root root 543 Feb 14 23:30 README
Cert. pem-server certificate
Chain. pem-all certificates required by the browser, but not the server certificate, such as the root certificate and intermediate Certificate
Fullchain. pem-includes cert. pem and chain. pem content
Privkey. pem-private key of the certificate

6. Create the letsencrypt directory and copy the Certificate file to the directory:
$ mkdir /home/ubuntu/harbor/letsencrypt/ && cd /home/ubuntu/harbor/letsencrypt/$ sudo cp /etc/letsencrypt/archive/docker.MySite.com/fullchain1.pem docker.MySite.com.crt$ sudo cp /etc/letsencrypt/archive/docker.MySite.com/privkey1.pem docker.MySite.com.key

7. modify the configuration file/home/ubuntu/harbor. cfg:
# Set ui_url_protocol to httpsui_url_protocol = https # Set the Certificate file ssl_cert =/home/ubuntu/harbor/letsencrypt/cipher. crtssl_cert_key =/home/ubuntu/harbor/letsencrypt/cipher. key

8. Run the prepare script once with the root permission and start the docker reconstruction container:
$ sudo /home/ubuntu/harbor/prepare$ docker-compose up -d

6. upload an image:
1. Open the http://docker.MySite.com with a browser, log on with a common user account, and create a project "test ":


2. log on to docker.MySite.com on the client:
$ Docker login docker. MySite. comUsername: bytefishPassword: Password Login Succeeded

3. tag The client image and upload it to docker.MySite.com:
Format:
Docker tag SOURCE_IMAGE [: TAG] docker.mysite.com/project name /image%:tag%docker push docker.mysite.com/project name /image%:tag]
Example:
$ docker tag hello-world:latest docker.MySite.com/test/hello-world:test$ docker push docker.MySite.com/test/hello-world:testThe push refers to a repository [docker.MySite.com/test/hello-world]f999ae22f308: Mounted from library/hello-worldtest: digest: sha256:0b1396cdcea05f91f38fc7f5aecd58ccf19fb5743bbb79cff5eb3c747b36d909 size: 524
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.