1. harbor仓库搭建¶
1. 前提¶
# 10.0.8.8
#1.安装docker-compose
apt install docker-compose
#2. 创建目录
mkdir /data
2. 下载¶
# https://github.com/goharbor/harbor
# https://github.com/goharbor/harbor/tags
# 查看tag,最新的是v1.10.10,但是测试后发现,邮件配置有点问题,最后我使用的是v2.4.1
# 选择online版本,offline版本国内下载速度太慢。
# 可以直接右键点击后复制链接地址
# 10.0.8.8
mkdir /opt/harbor
cd /opt/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-online-installer-v2.4.1.tgz
3. 解压缩¶
tar -zxvf harbor-online-installer-v2.4.1.tgz
4. 修改配置文件¶
#1. 复制配置文件
cd harbor
cp harbor.yml.tmpl harbor.yml
#2. 修改配置文件
vim harbor.yml
#1. 修改主机地址
5 hostname: 10.0.8.8
#2. 修改端口
10 port: 800
#3. 注释https相关
12 # https related config
13 #https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 #certificate: /your/certificate/path
18 #private_key: /your/private/key/path
1 # Configuration file of Harbor
2
3 # The IP address or hostname to access admin UI and registry service.
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
5 hostname: 10.0.8.8
6
7 # http related config
8 http:
9 # port for http, default is 80. If https enabled, this port will redirect to https port
10 port: 800
11
12 # https related config
13 #https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 #certificate: /your/certificate/path
18 #private_key: /your/private/key/path
19
20 # # Uncomment following will enable tls communication between all harbor components
21 # internal_tls:
22 # # set enabled to true means internal tls is enabled
23 # enabled: true
24 # # put your cert and key files on dir
25 # dir: /etc/harbor/tls/internal
26
27 # Uncomment external_url if you want to enable external proxy
28 # And when it enabled the hostname will no longer used
29 # external_url: https://reg.mydomain.com:8433
30
31 # The initial password of Harbor admin
32 # It only works in first time to install harbor
33 # Remember Change the admin password from UI after launching Harbor.
34 harbor_admin_password: Harbor12345
35
36 # Harbor DB configuration
37 database:
38 # The password for the root user of Harbor DB. Change this before any production use.
39 password: root123
40 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
41 max_idle_conns: 100
42 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
43 # Note: the default number of connections is 1024 for postgres of harbor.
44 max_open_conns: 900
45
46 # The default data volume
47 data_volume: /data
48
49 # Harbor Storage settings by default is using /data dir on local filesystem
50 # Uncomment storage_service setting If you want to using external storage
51 # storage_service:
52 # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
53 # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
54 # ca_bundle:
55
56 # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
57 # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
58 # filesystem:
59 # maxthreads: 100
60 # # set disable to true when you want to disable registry redirect
61 # redirect:
62 # disabled: false
63
64 # Trivy configuration
65 #
66 # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
67 # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
68 # in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
69 # should download a newer version from the Internet or use the cached one. Currently, the database is updated every
70 # 12 hours and published as a new release to GitHub.
71 trivy:
72 # ignoreUnfixed The flag to display only fixed vulnerabilities
73 ignore_unfixed: false
74 # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
75 #
76 # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
77 # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
78 # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
79 skip_update: false
80 #
81 # insecure The flag to skip verifying registry certificate
82 insecure: false
83 # github_token The GitHub access token to download Trivy DB
84 #
85 # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
86 # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
87 # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
88 # https://developer.github.com/v3/#rate-limiting
89 #
90 # You can create a GitHub token by following the instructions in
91 # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
92 #
93 # github_token: xxx
94
95 jobservice:
96 # Maximum number of job workers in job service
97 max_job_workers: 10
98
99 notification:
100 # Maximum retry count for webhook job
101 webhook_job_max_retry: 10
102
103 chart:
104 # Change the value of absolute_url to enabled can enable absolute url in chart
105 absolute_url: disabled
106
107 # Log configurations
108 log:
109 # options are debug, info, warning, error, fatal
110 level: info
111 # configs for logs in local storage
112 local:
113 # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
114 rotate_count: 50
115 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
116 # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
117 # are all valid.
118 rotate_size: 200M
119 # The directory on your host that store log
120 location: /var/log/harbor
121
122 # Uncomment following lines to enable external syslog endpoint.
123 # external_endpoint:
124 # # protocol used to transmit log to external endpoint, options is tcp or udp
125 # protocol: tcp
126 # # The host of external endpoint
127 # host: localhost
128 # # Port of external endpoint
129 # port: 5140
130
131 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
132 _version: 2.4.0
133
134 # Uncomment external_database if using external database.
135 # external_database:
136 # harbor:
137 # host: harbor_db_host
138 # port: harbor_db_port
139 # db_name: harbor_db_name
140 # username: harbor_db_username
141 # password: harbor_db_password
142 # ssl_mode: disable
143 # max_idle_conns: 2
144 # max_open_conns: 0
145 # notary_signer:
146 # host: notary_signer_db_host
147 # port: notary_signer_db_port
148 # db_name: notary_signer_db_name
149 # username: notary_signer_db_username
150 # password: notary_signer_db_password
151 # ssl_mode: disable
152 # notary_server:
153 # host: notary_server_db_host
154 # port: notary_server_db_port
155 # db_name: notary_server_db_name
156 # username: notary_server_db_username
157 # password: notary_server_db_password
158 # ssl_mode: disable
159
160 # Uncomment external_redis if using external Redis server
161 # external_redis:
162 # # support redis, redis+sentinel
163 # # host for redis: <host_redis>:<port_redis>
164 # # host for redis+sentinel:
165 # # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
166 # host: redis:6379
167 # password:
168 # # sentinel_master_set must be set to support redis+sentinel
169 # #sentinel_master_set:
170 # # db_index 0 is for core, it's unchangeable
171 # registry_db_index: 1
172 # jobservice_db_index: 2
173 # chartmuseum_db_index: 3
174 # trivy_db_index: 5
175 # idle_timeout_seconds: 30
176
177 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
178 # uaa:
179 # ca_file: /path/to/ca
180
181 # Global proxy
182 # Config http proxy for components, e.g. http://my.proxy.com:3128
183 # Components doesn't need to connect to each others via http proxy.
184 # Remove component from `components` array if want disable proxy
185 # for it. If you want use proxy for replication, MUST enable proxy
186 # for core and jobservice, and set `http_proxy` and `https_proxy`.
187 # Add domain to the `no_proxy` field, when you want disable proxy
188 # for some special registry.
189 proxy:
190 http_proxy:
191 https_proxy:
192 no_proxy:
193 components:
194 - core
195 - jobservice
196 - trivy
197
198 # metric:
199 # enabled: false
200 # port: 9090
201 # path: /metrics
202
203 # Trace related config
204 # only can enable one trace provider(jaeger or otel) at the same time,
205 # and when using jaeger as provider, can only enable it with agent mode or collector mode.
206 # if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
207 # if using jaeger agetn mode uncomment agent_host and agent_port
208 # trace:
209 # enabled: true
210 # # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
211 # sample_rate: 1
212 # # # namespace used to differenciate different harbor services
213 # # namespace:
214 # # # attributes is a key value dict contains user defined attributes used to initialize trace provider
215 # # attributes:
216 # # application: harbor
217 # # # jaeger should be 1.26 or newer.
218 # # jaeger:
219 # # endpoint: http://hostname:14268/api/traces
220 # # username:
221 # # password:
222 # # agent_host: hostname
223 # # # export trace data by jaeger.thrift in compact mode
224 # # agent_port: 6831
225 # # otel:
226 # # endpoint: hostname:4318
227 # # url_path: /v1/traces
228 # # compression: false
229 # # insecure: true
230 # # timeout: 10s
5. 安装¶
./install.sh
6. 查看¶
docker-compose ps
7. 访问¶
# 10.0.8.8:800
# 默认用户名和密码为admin:Harbor12345
8. 修改密码¶
# 点击右上角的admin,在下拉列表中点击修改密码
# 输入旧密码:Harbor12345
# 输入新密码:
# 再次输入!
# 点击确定
9. 添加用户邮箱¶
# 点击右上角admin,下拉列表中点击用户设置
# 设置邮箱:chupeng130@163.com
# 点击确定
10. 设置邮箱¶
# 点击左侧的系统管理-配置管理-邮箱,输入
# 邮件服务器:smtp.163.com
# 端口:25(默认)
# 用户名:chupeng130@163.com
# 密码:(授权码)
# 邮件来源:admin <chupeng130@163.com>
# 点击右下角的测试,
# 成功后,点击保存!
最后更新:
2022-02-22 04:55:01