Step one ： Deploy Docker Containers （Https）

Go to the download page https://github.com/goharbor/harbor/releases, Download the online or offline installation package as required . The online installation package does not contain image files .

Imported to deployment docker Of Linux in , And extract the file ：

tar xzvf harbor-online-installer-version.tgz

perhaps ：

tar xzvf harbor-offline-installer-version.tgz

After decompression , Start HTTPs Related configuration . The first is to create CA The private key ：

openssl genrsa -out ca.key 4096

Then create a CA Certificate

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
 -key ca.key \
 -out ca.crt

X.509 A certificate consists of several fields . The Subject Domain is one of the most relevant domains for this tutorial . It gives the client to which the certificate belongs DName.DName It's giving X.500 Unique name of the directory object . It is called a relatively distinguished name by many (RDN) Property value pairs of . Some of the most common RDN And its explanation is as follows ：

• CN: Common name
• OU： Organizational unit
• O： organization
• L: place
• S: The name of the state or province
• C： The name of the country

for example ：

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=UK/ST=Wales/L=Cardiff/O=Cardiff University/OU=Headquarter/CN=project.com" \
 -key ca.key \
 -out ca.crt

Generate CA Private key and certificate , Need generation Harbor Private key and certificate for ：

Generate private key command ：

openssl genrsa -out yourdomain.com.key 4096

In subsequent articles ,yourdomain.com.key The actual name will be used instead of ：

openssl genrsa -out harbor.project.com.key 4096

Next , Generate Harbor Certificate request file for ：

openssl req -sha512 -new \
    -subj "/C=UK/ST=Wales/L=Cardiff/O=Cardiff University/OU=Headquarter/CN=harbor.project.com" \
    -key harbor.project.com.key \
    -out harbor.project.com.csr

To configure x509 v3 Expand the file , This file is configured to help generate alternate names that match the topic (SAN) and x509 v3 Certificate file required for certificate extension of . among ,SAN Or topic alternate names are a structured way , Used to indicate all domain names and protected by the certificate IP Address . Be regarded as SAN The short list of items for includes subdomains and IP Address . The format of the file is as follows ：

cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=yourdomain.com DNS.2=yourdomain DNS.3=hostname EOF

Examples are as follows ：

cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=harbor.project.com DNS.2=harbor.project DNS.3=harbor EOF

When the configuration is complete , Use this file and openssl by Harbor Generate Certificate ：

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.project.com.csr \
    -out harbor.project.com.crt

Now? , We have what we need to use later ca Certificate ,harbor Private key and certificate for .

Be careful ： If you want to use your own CA, for example window server Medium CA by harbor Issue certificate . Please directly use the following website to generate certificate requests and private key files that meet the requirements ： https://decoder.link/csr_generator

Next , We need to give Harbor Container add Certificate . Because volume mapping is used when deploying containers , So we're going directly to Harbor Copy the private key and certificate of to the host /data/cert Under the directory ：

cp harbor.project.com.crt /data/cert
cp harbor.project.com.key /data/cert

After completion , transformation harbor.project.com.crt by harbor.project.cert, for Docker Use .Docker The daemons will .crt The document is interpreted as CA certificate , take .cert The document is interpreted as Harbor certificate .

openssl x509 -inform PEM -in harbor.project.com.crt -out harbor.project.com.cert

Create a storage verification Harbor Of the container certificate Docker The catalog of , And will Harbor The private key , certificate , as well as CA Copy the certificate of ：

mkdir -p /etc/docker/certs.d/harbor.project.com/
cp harbor.project.com.cert /etc/docker/certs.d/harbor.project.com/
cp harbor.project.com.key /etc/docker/certs.d/harbor.project.com/
cp ca.crt /etc/docker/certs.d/harbor.project.com/

After completion , After decompression Harbor Under the table of contents , Find the following harbor.yml file , And modify the contents ：

The specific parameters are as follows ：https://goharbor.io/docs/2.1.0/install-config/configure-yml-file/. When the configuration is complete , Still in the unzipped Directory , find install.sh file , Use the following command to harbor Deployment of ：

sudo ./install.sh

Be careful , The prerequisite for this step is to install a that meets the version requirements docker-compose, Otherwise, an error will be reported . After installation , Verify that the container is running successfully ：

You can see , The States here are healthy, No problem . Next , We can access it by command or viewer Harbor Mirror warehouse .

CLI The order is as follows ：

docker login harbor.project.com -u admin -p Harbor12345

Next is Web land , Access the host's 443 Https Port can ：

Step two ： Connect AD Domain

First , Configure your own AD Domain , And create the corresponding Harbor Landing user . as follows , I have finished configuring AD Domain project.com And the user HarborAdmin

complete AD After domain configuration , stay Harbor Connection in progress ：

To configure AD Parameters of domain connection . The specific parameters are explained as follows : https://docs.bmc.com/docs/fpsc121/ldap-attributes-and-associated-fields-495323340.html

After the configuration is completed, you can click the test button at the bottom of the page to check whether it can be connected normally . If the test is successful , You can save the configuration .

Next, you can click on the user management bar , by HarborAdmin Set administrator permissions ：

After setting up , We can logout And use AD Login with the account of the domain Harbor The warehouse .

Step three ：Push+Pull Mirror image

CLI Command line login Harbor after , You can mirror our image Push Store in a private warehouse . First, in the Harbor Create private warehouse in ：

Next, you need to mark the image tag,tag The format is ：

docker tag SOURCE_IMAGE[:TAG] harbor.project.com/project_images1/IMAGE[:TAG]

for example , We want to push nginx:latest Mirror to Harbor, Then use the following command ：

 docker tag nginx:latest harbor.project.com/project_images1/nginx:v1

After the modification is completed , We can use the following command , Push the mirror image to Harbor In the private warehouse of ：

docker push harbor.project.com/project_images1/nginx:v1

stay Harbor Check in , You can see that the push has been successful ：

In the same way pull Mirror to local ：

docker pull harbor.project.com/project_images1/nginx:v1

Reference material ：https://goharbor.io/docs/2.1.0/install-config/