跳转至

1. harbor仓库搭建

1. 前提

# 10.0.8.8
#1.安装docker-compose
apt install docker-compose
#2. 创建目录
mkdir /data

2. 下载

# https://github.com/goharbor/harbor

img_6.png

# https://github.com/goharbor/harbor/tags
# 查看tag,最新的是v1.10.10,但是测试后发现,邮件配置有点问题,最后我使用的是v2.4.1

img_7.png

# 选择online版本,offline版本国内下载速度太慢。
# 可以直接右键点击后复制链接地址

img_8.png

# 10.0.8.8
mkdir /opt/harbor
cd /opt/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-online-installer-v2.4.1.tgz

3. 解压缩

tar -zxvf harbor-online-installer-v2.4.1.tgz

4. 修改配置文件

#1. 复制配置文件
cd harbor
cp harbor.yml.tmpl harbor.yml

#2. 修改配置文件
vim harbor.yml
#1. 修改主机地址
  5  hostname: 10.0.8.8
#2. 修改端口
 10    port: 800
#3. 注释https相关
 12  # https related config
 13  #https:
 14    # https port for harbor, default is 443
 15    # port: 443
 16    # The path of cert and key files for nginx
 17    #certificate: /your/certificate/path
 18    #private_key: /your/private/key/path

  1  # Configuration file of Harbor
  2
  3  # The IP address or hostname to access admin UI and registry service.
  4  # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
  5  hostname: 10.0.8.8
  6
  7  # http related config
  8  http:
  9    # port for http, default is 80. If https enabled, this port will redirect to https port
 10    port: 800
 11
 12  # https related config
 13  #https:
 14    # https port for harbor, default is 443
 15    # port: 443
 16    # The path of cert and key files for nginx
 17    #certificate: /your/certificate/path
 18    #private_key: /your/private/key/path
 19
 20  # # Uncomment following will enable tls communication between all harbor components
 21  # internal_tls:
 22  #   # set enabled to true means internal tls is enabled
 23  #   enabled: true
 24  #   # put your cert and key files on dir
 25  #   dir: /etc/harbor/tls/internal
 26
 27  # Uncomment external_url if you want to enable external proxy
 28  # And when it enabled the hostname will no longer used
 29  # external_url: https://reg.mydomain.com:8433
 30
 31  # The initial password of Harbor admin
 32  # It only works in first time to install harbor
 33  # Remember Change the admin password from UI after launching Harbor.
 34  harbor_admin_password: Harbor12345
 35
 36  # Harbor DB configuration
 37  database:
 38    # The password for the root user of Harbor DB. Change this before any production use.
 39    password: root123
 40    # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
 41    max_idle_conns: 100
 42    # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
 43    # Note: the default number of connections is 1024 for postgres of harbor.
 44    max_open_conns: 900
 45
 46  # The default data volume
 47  data_volume: /data
 48
 49  # Harbor Storage settings by default is using /data dir on local filesystem
 50  # Uncomment storage_service setting If you want to using external storage
 51  # storage_service:
 52  #   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
 53  #   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
 54  #   ca_bundle:
 55
 56  #   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
 57  #   # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
 58  #   filesystem:
 59  #     maxthreads: 100
 60  #   # set disable to true when you want to disable registry redirect
 61  #   redirect:
 62  #     disabled: false
 63
 64  # Trivy configuration
 65  #
 66  # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
 67  # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
 68  # in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
 69  # should download a newer version from the Internet or use the cached one. Currently, the database is updated every
 70  # 12 hours and published as a new release to GitHub.
 71  trivy:
 72    # ignoreUnfixed The flag to display only fixed vulnerabilities
 73    ignore_unfixed: false
 74    # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
 75    #
 76    # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
 77    # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
 78    # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
 79    skip_update: false
 80    #
 81    # insecure The flag to skip verifying registry certificate
 82    insecure: false
 83    # github_token The GitHub access token to download Trivy DB
 84    #
 85    # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
 86    # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
 87    # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
 88    # https://developer.github.com/v3/#rate-limiting
 89    #
 90    # You can create a GitHub token by following the instructions in
 91    # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
 92    #
 93    # github_token: xxx
 94
 95  jobservice:
 96    # Maximum number of job workers in job service
 97    max_job_workers: 10
 98
 99  notification:
100    # Maximum retry count for webhook job
101    webhook_job_max_retry: 10
102
103  chart:
104    # Change the value of absolute_url to enabled can enable absolute url in chart
105    absolute_url: disabled
106
107  # Log configurations
108  log:
109    # options are debug, info, warning, error, fatal
110    level: info
111    # configs for logs in local storage
112    local:
113      # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
114      rotate_count: 50
115      # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
116      # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
117      # are all valid.
118      rotate_size: 200M
119      # The directory on your host that store log
120      location: /var/log/harbor
121
122    # Uncomment following lines to enable external syslog endpoint.
123    # external_endpoint:
124    #   # protocol used to transmit log to external endpoint, options is tcp or udp
125    #   protocol: tcp
126    #   # The host of external endpoint
127    #   host: localhost
128    #   # Port of external endpoint
129    #   port: 5140
130
131  #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
132  _version: 2.4.0
133
134  # Uncomment external_database if using external database.
135  # external_database:
136  #   harbor:
137  #     host: harbor_db_host
138  #     port: harbor_db_port
139  #     db_name: harbor_db_name
140  #     username: harbor_db_username
141  #     password: harbor_db_password
142  #     ssl_mode: disable
143  #     max_idle_conns: 2
144  #     max_open_conns: 0
145  #   notary_signer:
146  #     host: notary_signer_db_host
147  #     port: notary_signer_db_port
148  #     db_name: notary_signer_db_name
149  #     username: notary_signer_db_username
150  #     password: notary_signer_db_password
151  #     ssl_mode: disable
152  #   notary_server:
153  #     host: notary_server_db_host
154  #     port: notary_server_db_port
155  #     db_name: notary_server_db_name
156  #     username: notary_server_db_username
157  #     password: notary_server_db_password
158  #     ssl_mode: disable
159
160  # Uncomment external_redis if using external Redis server
161  # external_redis:
162  #   # support redis, redis+sentinel
163  #   # host for redis: <host_redis>:<port_redis>
164  #   # host for redis+sentinel:
165  #   #  <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
166  #   host: redis:6379
167  #   password:
168  #   # sentinel_master_set must be set to support redis+sentinel
169  #   #sentinel_master_set:
170  #   # db_index 0 is for core, it's unchangeable
171  #   registry_db_index: 1
172  #   jobservice_db_index: 2
173  #   chartmuseum_db_index: 3
174  #   trivy_db_index: 5
175  #   idle_timeout_seconds: 30
176
177  # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
178  # uaa:
179  #   ca_file: /path/to/ca
180
181  # Global proxy
182  # Config http proxy for components, e.g. http://my.proxy.com:3128
183  # Components doesn't need to connect to each others via http proxy.
184  # Remove component from `components` array if want disable proxy
185  # for it. If you want use proxy for replication, MUST enable proxy
186  # for core and jobservice, and set `http_proxy` and `https_proxy`.
187  # Add domain to the `no_proxy` field, when you want disable proxy
188  # for some special registry.
189  proxy:
190    http_proxy:
191    https_proxy:
192    no_proxy:
193    components:
194      - core
195      - jobservice
196      - trivy
197
198  # metric:
199  #   enabled: false
200  #   port: 9090
201  #   path: /metrics
202
203  # Trace related config
204  # only can enable one trace provider(jaeger or otel) at the same time,
205  # and when using jaeger as provider, can only enable it with agent mode or collector mode.
206  # if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
207  # if using jaeger agetn mode uncomment agent_host and agent_port
208  # trace:
209  #   enabled: true
210  #   # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
211  #   sample_rate: 1
212  #   # # namespace used to differenciate different harbor services
213  #   # namespace:
214  #   # # attributes is a key value dict contains user defined attributes used to initialize trace provider
215  #   # attributes:
216  #   #   application: harbor
217  #   # # jaeger should be 1.26 or newer.
218  #   # jaeger:
219  #   #   endpoint: http://hostname:14268/api/traces
220  #   #   username:
221  #   #   password:
222  #   #   agent_host: hostname
223  #   #   # export trace data by jaeger.thrift in compact mode
224  #   #   agent_port: 6831
225  #   # otel:
226  #   #   endpoint: hostname:4318
227  #   #   url_path: /v1/traces
228  #   #   compression: false
229  #   #   insecure: true
230  #   #   timeout: 10s

5. 安装

./install.sh

6. 查看

docker-compose ps

7. 访问

# 10.0.8.8:800
# 默认用户名和密码为admin:Harbor12345

img_9.png

8. 修改密码

# 点击右上角的admin,在下拉列表中点击修改密码

img_10.png

# 输入旧密码:Harbor12345
# 输入新密码:
# 再次输入!
# 点击确定

img_11.png

9. 添加用户邮箱

# 点击右上角admin,下拉列表中点击用户设置

img_12.png

# 设置邮箱:chupeng130@163.com
# 点击确定

img_13.png

10. 设置邮箱

# 点击左侧的系统管理-配置管理-邮箱,输入
# 邮件服务器:smtp.163.com
# 端口:25(默认)
# 用户名:chupeng130@163.com
# 密码:(授权码)
# 邮件来源:admin <chupeng130@163.com> 
# 点击右下角的测试,
# 成功后,点击保存!

img_14.png

最后更新: 2022-02-22 04:55:01