# Docker Harbor

## Harbor创建

### 安装依赖软件

```
yum -y install openssl
```

### Installation Steps

1）Offline installer:

从github上下载官方最新包，然后上传到服务器上

2）解压

```
tar xvf harbor-offline-installer-<version>.tgz  -C /usr/local/
```

3）修改配置文件

```
# cd /usr/local/harbor
# vim harbor.yml
# 将hostname改为对应的本机地址（not localhost or 127.0.0.1）
# 修改harbor_admin_password管理用户密码，只能在这里改，改后不可再改
```

> hostname一定要用域名

4）安装启动

```
./install
```

## Configuring Harbor with HTTPS Access

### Getting Certificate Authority

```
# hostnamectl set-hostname sdqcharbor.com
# echo "本机地址 sdqcharbor.com" >> /etc/hosts
# mkdir -p /opt/certs
# cd /opt/certs
# openssl genrsa -out ca.key 4096
# openssl req -x509 -new -nodes -sha512 -days 3650 \
  -subj "/CN=sdqcharbor.com" \
  -key ca.key \
  -out ca.crt
```

### Getting Server Certificate

**1) Create your own Private Key:**

```
openssl genrsa -out sdqcharbor.com.key 4096
```

**2) Generate a Certificate Signing Request:**

```
openssl req -sha512 -new \
  -subj "/CN=sdqcharbor.com" \
  -key sdqcharbor.com.key \
  -out sdqcharbor.com.csr
```

**3) Generate the certificate of your registry host:**

```
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=sdqcharbor.com
DNS.2=192.168.162.45
EOF
```

```
openssl x509 -req -sha512 -days 3650     -extfile v3.ext     -CA ca.crt -CAkey ca.key -CAcreateserial     -in sdqcharbor.com.csr     -out sdqcharbor.com.crt
```

### Configuration and Installation

```
mkdir /data/cert
cp sdqcharbor.com.crt /data/cert/
cp sdqcharbor.com.key /data/cert/
```

**2) Configure Server Certificate, Key and CA for Docker**

```
openssl x509 -inform PEM -in sdqcharbor.com.crt -out sdqcharbor.com.cert
```

Delpoy .com.cert`,`yourdomain.com.key`, and`ca.crt\` for Docker:

```
mkdir /etc/docker/certs.d/sdqcharbor.com
cp sdqcharbor.com.cert sdqcharbor.com.key ca.crt /etc/docker/certs.d/sdqcharbor.com
```

**3) Configure Harbor**

vim /usr/local/harbor/harbor.yml

修改为以下内容

```
hostname: sdqcharbor.com
https:
  certificate: /data/cert/sdqcharbor.com.crt
  private_key: /data/cert/sdqcharbor.com.key
```

If Harbor is already running, stop and remove the existing instance. Your image data remain in the file system

```
docker-compose down -v
rm -rf /data/database/
rm -rf /data/registry/
```

编辑docker中配置文件，`daemon.json`，去掉`"insecure-registries": ["sdqcharbor.com"]`这一行

重启docker

```
systemctl daemon-reload
systemctl restart docker
```

预编译

```
./prepare
docker-compose -f ./docker-compose.yml up -d
```

登录

```
docker login sdqcharbor.com
```

上传镜像

```
docker tag centos:latest sdqcharbor.com/library/centos:latest
docker push sdqcharbor.com/library/centos:latest
```

## 参考文档

> [官方文档](https://goharbor.io/docs/1.10/install-config/download-installer/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.clay-wangzhi.com/docker/docker_harbor.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.