# 创建数据目录
[root@registry ~]# mkdir -p /opt/registry/{data,auth,certs}

# 生成自签名证书
[root@registry ~]# openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout /opt/registry/certs/domain.key \
-x509 -days 365 \
-out /opt/registry/certs/domain.crt \
-subj “/C=CN/ST=Beijing/L=Beijing/O=FGEDU/CN=registry.fgedu.net.cn”
Generating a RSA private key
………………………………………..++++
…………….++++
writing new private key to ‘/opt/registry/certs/domain.key’

# 创建用户认证文件
[root@registry ~]# htpasswd -Bbn admin admin123 > /opt/registry/auth/htpasswd
[root@registry ~]# htpasswd -Bbn fgedu fgedu123 >> /opt/registry/auth/htpasswd

# 启动Registry容器
[root@registry ~]# docker run -d –name fgedu-registry \
-p 5000:5000 \
–restart=always \
-v /opt/registry/data:/var/lib/registry \
-v /opt/registry/auth:/auth \
-v /opt/registry/certs:/certs \
-e REGISTRY_AUTH=htpasswd \
-e “REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm” \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.更多视频教程www.fgedu.net.cnkey \
registry:2
abc123def456789012345678901234567890123456789012345678901234

# 查看Registry状态
[root@registry ~]# docker ps | grep registry
abc123def456 registry:2 “/entrypoint.sh /etc…” 1 minute ago Up 1 minute 0.0.0.0:5000->5000/tcp fgedu-registry

# 测试Registry访问
[root@registry ~]# curl -k https://localhost:5000/v2/_catalog
{“repositories”:[]}

# 客户端配置信任证书
[root@client ~]# mkdir -p /etc/docker/certs.d/registry.fgedu.net.cn:5000
[root@client ~]# scp registry:/opt/registry/certs/domain.crt \
/etc/docker/certs.d/registry.fgedu.net.cn:5000/ca.crt

# 登录私有仓库
[root@client ~]# docker login registry.fgedu.net.cn:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

# 标记镜像
[root@client ~]# docker tag nginx:latest registry.fgedu.net.cn:5000/fgedu/nginx:v1.0

# 推送镜像
[root@client ~]# docker push registry.fgedu.net.cn:5000/fgedu/nginx:v1.0
The push refers to repository [registry.fgedu.net.cn:5000/fgedu/nginx]
a2abf6c4d29d: Pushed
a9edb18cadd1: Pushed
589b7251471a: Pushed
v1.0: digest: sha256:abc123def456 size: 1234

# 拉取镜像
[root@client ~]# docker pull regi学习交流加群风哥QQ113257174stry.fgedu.net.cn:5000/fgedu/nginx:v1.0
v1.0: Pulling from fgedu/nginx
Digest: sha256:abc123def456
Status: Downloaded newer image for registry.fgedu.net.cn:5000/fgedu/nginx:v1.0

# 查看仓库中的镜像
[root@client ~]# curl -k -u admin:admin123 https://registry.fgedu.net.cn:5000/v2/_catalog
{“repositories”:[“fgedu/nginx”]}

# 查看镜像标签
[root@client ~]# curl -k -u admin:admin123 https://registry.fgedu.net.cn:5000/v2/fgedu/nginx/tags/list
{“name”:”fgedu/nginx”,”tags”:[“v1.0”]}

# 登出私有仓库
[root@client ~]# docker logout registry.fgedu.net.cn:5000
Removing login credentials for registry.fgedu.net.cn:5000

# 下载Harbor
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz

# 解压安装
[root@harbor ~]# tar zxvf harbor-offline-installer-v2.9.0.tgz -C /opt/
[root@harbor ~]# cd /opt/harbor

# 配置harbor.yml
[root@harbor harbor]# cat > harbor.yml << 'EOF' hostname: harbor.fgedu.net.cn http: port: 80 https: port: 443 certificate: /opt/harbor/cert/harbor.crt private_key: /opt/harbor/cert/harbor.key harbor_admin_password: Harbor12345 database: password: root123 max_idle_conns: 100 max_open_conns: 900 data_volume: /data/harbor trivy: ignore_unfixed: false skip_update: false offline_scan: false security_check: vuln insecure: false jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: disabled log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 2.9.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - trivy EOF # 安装Harbor [root@harbor harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 24.0.7 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 2.21.0 [Step 2]: loading Harbor images ... Loaded image: goharbor/harbor-core:v2.9.0 Loaded image: goharbor/harbor-portal:v2.9.0 Loaded image: goharbor/harbor-jobservice:v2.9.0 Loaded image: goharbor/registry-photon:v2.9.0 Loaded image: goharbor/harbor-registryctl:v2.9.0 Loaded image: goharbor/redis-photon:v2.9.0 Loaded image: goharbor/trivy-adapter-photon:v2.9.0 Loaded image: goharbor/harbor-db:v2.9.0 Loaded image: goharbor/harbor-exporter:v2.9.0 Loaded image: goharbor/nginx-photon:v2.9.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /opt/harbor Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Generated certificate, key file: /data/secret/core/private_key.pem, cert file: /data/secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... [+] Running 10/10 ✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 2.1s ✔ Container harbor-db Started 3.5s ✔ Container redis Started 3.2s ✔ Container registry Started 4.0s ✔ Container registryctl Started 4.1s ✔ Container harbor-core Started 5.2s ✔ Container harbor-portal Started 5.0s ✔ Container harbor-jobservice Started 6.5s ✔ Container nginx Started 7.0s ✔ ----Harbor has been installed and started successfully.---- # 查看Harbor服务状态 [root@harbor harbor]# docker compose ps NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS harbor-co更多学习教程公众号风哥教程itpux_comre goharbor/harbor-core:v2.9.0 "/harbor/entrypoint.…" core 1 minute ago Up 1 minute (healthy) harbor-db goharbor/harbor-db:v2.9.0 "/docker-entrypoint.…" postgresql 1 minute ago Up 1 minute (healthy) harbor-jobservice goharbor/harbor-jobservice "/harbor/entrypoint.…" jobservice 1 minute ago Up 1 minute (healthy) harbor-log goharbor/harbor-log:v2.9.0 "/bin/sh -c /usr/loc…" log 1 minute ago Up 1 minute (healthy) harbor-portal goharbor/harbor-portal:v2.9.0 "nginx -g 'daemon of…" portal 1 minute ago Up 1 minute (healthy) nginx goharbor/nginx-photon:v2.9.0 "nginx -g 'daemon of…" proxy 1 minute ago Up 1 minute (healthy) redis goharbor/redis-photon:v2.9.0 "redis-server /etc/r…" redis 1 minute ago Up 1 minute (healthy) registry goharbor/registry-photon "/home/harbor/start.…" registry 1 minute ago Up 1 minute (healthy) registryctl goharbor/harbor-registryctl "/home/harbor/start.…" registryctl 1 minute ago Up 1 minute (healthy)