Docker鏡像倉庫Harbor搭建及配置
整體架構nginx
系統:centos7.5git
架構:本身裝的nginx (主域名,ssl) -> harbor自帶的nginx(non-ssl) -> harborgithub
安裝dockerredis
yum install -y dockersql
安裝docker-composedocker
- 下載最新的docker-compose版本
在https://github.com/docker/compose/releases找到最新的版本號,替換下面1.23.1centos
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- 添加可執行權限
chmod +x /usr/local/bin/docker-compose
- 測試安裝結果
docker-compose --version docker-compose version 1.23.1, build 1719ceb
離線下載Harbor安裝包api
在https://github.com/goharbor/harbor/releases找到最新的版本號下載並解壓session
wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.2.tgz tar xvf harbor-offline-installer-v1.6.2.tgz
修改harbor.cfg文件架構
進入harbor目錄,修改harbor.cfg文件
hostname = 主域名
註釋nginx配置文件
編輯 harbor/common/templates/nginx/nginx.http.conf
將全部proxy_set_header X-Forwarded-Proto $$scheme;註釋掉
修改harbor的存儲路徑(可選)
harbor.cfg,修改"secretkey"的路徑
secretkey_path = /data/harbor-data # 默認是 /data
docker-compose.yml,修改原先全部默認爲"/data"的volume的掛載路徑
version: '2'
services:
log:
image: goharbor/harbor-log:v1.6.1
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.6.2-v1.6.1
container_name: registry
restart: always
volumes:
- /data/harbor-data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
postgresql:
image: goharbor/harbor-db:v1.6.1
container_name: harbor-db
restart: always
volumes:
- /data/harbor-data/database:/var/lib/postgresql/data:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "postgresql"
adminserver:
image: goharbor/harbor-adminserver:v1.6.1
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/harbor-data/config/:/etc/adminserver/config/:z
- /data/harbor-data/secretkey:/etc/adminserver/key:z
- /data/harbor-data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: goharbor/harbor-ui:v1.6.1
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/harbor-data/secretkey:/etc/ui/key:z
- /data/harbor-data/ca_download/:/etc/ui/ca/:z
- /data/harbor-data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: goharbor/harbor-jobservice:v1.6.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/harbor-data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
depends_on:
- redis
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v1.6.1
container_name: redis
restart: always
volumes:
- /data/harbor-data/redis:/var/lib/redis
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v1.6.1
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- postgresql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
安裝Harbor
修改完配置文件後,在的當前目錄執行./install.sh,Harbor服務就會根據當期目錄下的docker-compose.yml開始下載依賴的鏡像,檢測並按照順序依次啓動各個服務
本身安裝(主域名)的nginx配置參考
server{
listen 80;
server_name 主域名;
return 301 https://$server_name$request_uri;
}
server{
listen 443;
server_name 主域名;
access_log /var/log/nginx/xxx.log main;
error_log /var/log/nginx/xxxx.log;
charset utf-8;
ssl on;
ssl_certificate 證書路徑;
ssl_certificate_key 私鑰路徑;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 0;
chunked_transfer_encoding on;
location ^~/ {
proxy_pass http://harbor-http的地址;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
}
- 1. Docker鏡像倉庫Harbor之搭建及配置
- 2. Harbor Docker 鏡像倉庫搭建
- 3. 搭建Harbor鏡像(docker)私有倉庫
- 4. Harbor---docker鏡像倉庫搭建
- 5. 用Harbor搭建Docker鏡像倉庫
- 6. 搭建docker私有鏡像倉庫harbor
- 7. Harbor鏡像倉庫搭建
- 8. docker實戰——Docker本地私有鏡像倉庫Harbor搭建及配置
- 9. docker harbor鏡像倉庫
- 10. 使用Harbor建立docker鏡像倉庫
- 更多相關文章...
- • Docker 鏡像加速 - Docker教程
- • Docker 鏡像使用 - Docker教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策