码上编程

Appearance

Harbor搭建 企业级镜像仓库管理

docker 快速搭建

下载最新安装包

1. 这里以下载离线安装包为例

bash
#  下载安装包
wget https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz
# 解压缩
tar -zxvf harbor-offline-installer-v2.11.1.tgz

2. 配置文件修改

harbor.yml 这里提供了一个示例文件

yaml
#改成域名或者ip 否则无法启动
hostname: 192.168.1.1
# http 端口 https 开启的话会重定向到https
http:
  port: 80
  # 开启https 则需要提前配置 证书和密钥 如不开启则直接注释
  #https:
  #  port: 443
  #  certificate: /your/certificate/path 证书路径
  #  private_key: /your/private/key/path 私钥路径
  # enable strong ssl ciphers (default: false)
  # strong_ssl_ciphers: false
# harbor 的admin 密码 默认Harbor12345
harbor_admin_password: Harbor12345
# Harbor DB configuration
database:
  password: root123
  max_idle_conns: 100
  max_open_conns: 900
  conn_max_lifetime: 5m
  conn_max_idle_time: 0
# 默认数据卷
data_volume: /data
trivy:
  ignore_unfixed: false
  skip_update: false
  skip_java_db_update: false
  offline_scan: false
  security_check: vuln
  insecure: false
  timeout: 5m0s
jobservice:
  max_job_workers: 10
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1 #days
notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3 #seconds
# Log configurations
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.11.0
# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - trivy
upload_purging:
  enabled: true
  # remove files in _upload directories which exist for a period of time, default is one week.
  age: 168h
  # the interval of the purge operations
  interval: 24h
  dryrun: false
cache:
  # not enabled by default
  enabled: false
  # keep cache for one day by default
  expire_hours: 24

稍微修改一下配置基于可以启动了

3.启动配置

bash
./install.sh

img.png

运行命令会自动根据配置文件来创建容器 生成的配置可以在docker-compose.yml 中找到

docker-compose配置文件端口映射

nginx 代理

harbor.local.com

text
server{
    server_name harbor;
    client_max_body_size 0; #(改成你想要的数值)0无上限
    listen 80;
    location / {
        proxy_pass http://127.0.0.1:81;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}