sudo vim /etc/apt/sources.list
deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
echo "DOCKER_OPTS=\"\$DOCKER_OPTS --registry-mirror=https://ex93eg1r.mirror.aliyuncs.com\"" | sudo tee -a /etc/default/docker
sudo service docker restart
root@docker:/usr/local/harbor# docker tag redis:latest 192.168.31.228/library/redis:latest
root@docker:/usr/local/harbor# docker images -a
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 3 days ago 163 MB
vmware/harbor-ui v1.1.2 4ee8f190f366 3 days ago 183 MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 3 days ago 142 MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 3 days ago 329 MB
192.168.31.228/library/redis latest 83744227b191 6 days ago 98.9 MB
redis latest 83744227b191 6 days ago 98.9 MB
vmware/registry 2.6.1-photon 0f6c96580032 4 weeks ago 150 MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 months ago 199 MB
vmware/harbor-log v1.1.2 9c46a7b5e517 3 months ago 192 MB
root@docker:/usr/local/harbor# docker push 192.168.31.228/library/redis
The push refers to a repository [192.168.31.228/library/redis]
ebfb0a55a275: Pushed
1213cad8924b: Pushed
8ae00f04131b: Pushed
e74a993fa648: Pushed
3c8f219ed9b6: Pushed
414f472e5061: Pushed
latest: digest: sha256:6022356f9d729c858000fc10fc1b09d1624ba099227a0c5d314f7461c2fe6020 size: 1571
openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
> -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
...................................................................................................++
.............................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ameizi
Organizational Unit Name (eg, section) []:ameizi
Common Name (e.g. server FQDN or YOUR name) []:registry.ameizi.me
Email Address []:sxyx2008@163.com
root@docker:/usr/local/harbor/ssl$ ll
openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout registry.ameizi.me.key \
> -out registry.ameizi.me.csr
Generating a 4096 bit RSA private key
................++
.............................................................++
writing new private key to 'registry.ameizi.me.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ameizi
Organizational Unit Name (eg, section) []:ameizi
Common Name (e.g. server FQDN or YOUR name) []:registry.ameizi.me
Email Address []:sxyx2008@163.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@docker:/usr/local/harbor/ssl$ ll
total 24
drwxr-xr-x 2 root root 4096 Jun 16 13:00 ./
drwxr-xr-x 4 root root 4096 Jun 16 12:41 ../
-rw-r--r-- 1 root root 2130 Jun 16 12:57 ca.crt
-rw-r--r-- 1 root root 3272 Jun 16 12:57 ca.key
-rw-r--r-- 1 root root 1756 Jun 16 13:00 registry.ameizi.me.csr
-rw-r--r-- 1 root root 3268 Jun 16 13:00 registry.ameizi.me.key
3 签署证书
方案一
初始化CA信息
mkdir demoCA
cd demoCA
touch index.txt
echo '01' > serial
cd ../
客户端登录遇到x509: certificate signed by unknown authority错误
root@docker:/usr/local/harbor# docker login registry.ameizi.me
Username: admin
Password:
Error response from daemon: Get https://registry.ameizi.me/v1/users/: x509: certificate signed by unknown authority
harbor私服搭建
为ubuntu添加163镜像源
在
/etc/apt/sources.list
文件头部添加如下内容http://mirrors.163.com/.help/ubuntu.html
http://mirrors.163.com/.help/sources.list.trusty
更新使其生效
安装docker
卸载旧版本
安装前配置
安装docker
测试docker
解决docker只能以
sudo
模式运行配置阿里云Docker加速器
注意
ubuntu环境下docker的配置文件路径为
/etc/default/docker
(可参考/etc/init.d/docker
文件中的配置)docker开启2376或2375监听端口
ubuntu环境中修改/etc/default/docker文件后重启docker服务
重启docker服务即可
安装docker-compose
第一种方法
第二种方法
使用
pip
安装harbor安装及配置
下载解压
下载其安装包https://github.com/vmware/harbor/releases
当前最新版本为
harbor-online-installer-v1.1.2.tgz
解压后其目录结构如下
修改
harbor.cfg
配置修改
/usr/local/harbor/harbor.cfg
文件中下列参数值如下所示注意:
hostname
配置项为运行docker服务的机器IP地址修改
/etc/default/docker
文件为
DOCKER_OPTS
添加--insecure-registry=192.168.31.228
解决http模式docker拒绝访问的问题如下所示
重启docker服务
详情参考https://github.com/vmware/harbor/blob/master/docs/user_guide.md
安装harbor
经过漫长的等待后,安装完毕。浏览器访问http://192.168.31.228 admin/admin
查看docker容器运行情况
命令行登录私服
向私服推送镜像
Harbor作为mirror registry
建议使用root用户操作,镜像仓库不允许push操作,只作为官方仓库缓存
修改
templates/registry/config.yml
文件,在文件末尾添加如下内容:修改
/etc/default/docker
文件重启docker
重新部署
push镜像到私服
注意
Harbor作为mirror服务器时只能pull不能push
Harbor作为mirror服务器时不能从ui上删除镜像仓库
Harbor开启https配置
注意
以下操作如无说明均在
/usr/local/harbor/ssl
目录操作,即在/usr/local/harbor
目录下创建ssl
目录使用root用户操作
使用openssl创建证书
1 创建CA
具体操作如下
2 创建签名请求
具体操作如下
3 签署证书
方案一
初始化CA信息
具体操作如下
方案二
具体操作如下
安装配置
修改
harbor.cfg
文件拷贝证书到
/data/cert/
目录执行./install.sh
修改
hosts
修改
/etc/default/docker
文件如下所示,去除--insecure-registry=192.168.31.228
配置重启docker
浏览器访问
https://registry.ameizi.me admin/admin
客户端登录遇到
x509: certificate signed by unknown authority
错误解决方法
创建
/etc/docker/certs.d/registry.ameizi.me
目录拷贝
ca.crt
到/etc/docker/certs.d/registry.ameizi.me/
目录下重启docker
具体操作如下
向私服push镜像
使用maven插件构建和推送镜像到私服
详情参考https://github.com/ameizi/spring-boot-docker-example
参考文章
docker安装
https://store.docker.com/editions/community/docker-ce-server-ubuntu
https://docs.docker.com/engine/installation/linux/ubuntu/
docker-compose安装
https://docs.docker.com/compose/install/
https://github.com/docker/compose/releases/
docker免sudo配置
https://docs.docker.com/engine/installation/linux/linux-postinstall/
harbor安装配置
https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
https://github.com/vmware/harbor/blob/master/docs/user_guide.md
docker阿里云加速配置
https://cr.console.aliyun.com/#/accelerator
harbor mirror registry配置
https://github.com/vmware/harbor/blob/master/contrib/Configure_mirror.md
http://www.jianshu.com/p/8d4fcff97a35
harbor https配置
https://github.com/vmware/harbor/blob/master/docs/configure_https.md
docker开启2376或2375监听端口
https://docs.docker.com/engine/reference/commandline/dockerd/