Hardbor私有仓库搭建

yum install chrony -y
systemctl enable --now chronyd

systemctl stop firewalld && systemctl disable firewalld

setenforce 0
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config

yum install docker-ce docker-compose 

systemctl enable --now docker

wget https://github.com/goharbor/harbor/releases/download/v2.5.5/harbor-offline-installer-v2.5.5.tgz
tar -zxf harbor-offline-installer-v2.5.5.tgz -C /usr/local

cp /etc/local/harbor/{harbor.yml.tmpl,harbor.yml}
vim /etc/local/harbor.yml
……
hostname = 192.168.2.210
……

/usr/local/harbor/install.sh

echo "export PATH=$PATH:/usr/local/harbor/"
docker-compose up -v

vim /etc/docker/daemon.json
{
"insecure-registries" : ["192.168.2.210"]
}

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/CN=yuanbao.com" -key ca.key -out ca.crt

openssl genrsa -out yuanbao.key 4096

openssl req -sha512 -new -subj "/CN=yuanbao.com" -key yuanbao.key -out yuanbao.csr

cat > v3.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=yuanbao.com
DNS.2=yuanbao
EOF

openssl x509 -req -sha512 -days 3650 -exfile v3.ext -CA ca.key -CAcreateserial -in yuanbao.csr -out yuanbao.crt

openssl x509 -inform PEM -in yuanbao.crt -out yuanbao.cert

mkdir /etc/docker/certs.d/yuanbao.com -p
cp {ca.key,yuanbao.cert,yuanbal.key} /etc/docker/certs.d/yuanbao.com/
cp {ca.key,yuanbao.cert,yuanbal.key} /data/certs/

vim /usr/local/harbor/harbor.yml
……
https
  port:443
certificate: /data/certs/yuanbao.crt
  private_key: /data/certs/yuanbao.key
……

/usr/local/harbor/peare

systemctl restart docker
docker-compose down -v
docker-ccompose up -d

echo "192.168.2.210 yuanbao.com" >> /etc/hosts