由于政策原因，dockerhub仓库无法正常拉取镜像，对我们平时做实验有很大的影响，所以我们自己搭建一个私有镜像供自己实验使用。

1.harbor原理

由于政策原因dockerhub无法拉取，我需要在公有云香港位置创建一个开源的私有harbor镜像从仓库，那么实现的原理如下图所示：

2.ECS创建

本次实验用的Linux版本为centos stream 9

创建完成：

3.系统配置

关闭防火墙及SELinux

[root@ecs-harbor ~]# systemctl stop firewalld;systemctl disable firewalld
[root@ecs-harbor ~]# setenforce 0
setenforce: SELinux is disabled
[root@ecs-harbor ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

安装docker

[root@ecs-harbor ~]# yum install -y vim net-tools bash-completion yum-utils---安装基础包
[root@ecs-harbor ~]# bash
[root@ecs-harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo---配置阿里云为源头
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@ecs-harbor ~]# ls /etc/yum.repos.d/
centos-addons.repo  centos.repo  docker-ce.repo
[root@ecs-harbor ~]# yum list docker-ce --showduplicates | sort -r---查看docker-ce的版本
[root@ecs-harbor ~]# yum install -y docker-ce---安装最新版本的docker-ce（社区版）
[root@ecs-harbor ~]# docker -v---查看docker版本，有回显则安装成功
Docker version 27.1.2, build d01f264

[root@ecs-harbor ~]# systemctl start docker---开启docker服务
[root@ecs-harbor ~]# systemctl enable docker---永久使能docker服务
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

4.Harbor安装

Harbor的下载链接：https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-offline-installer-v2.7.0.tgz

使用wget下载harbor包并解压

[root@ecs-harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-offline-installer-v2.7.0.tgz
[root@ecs-harbor ~]# ls
harbor-offline-installer-v2.7.0.tgz

[root@ecs-harbor ~]# tar -zxvf harbor-offline-installer-v2.7.0.tgz
harbor/harbor.v2.7.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@ecs-harbor ~]# ls
harbor  harbor-offline-installer-v2.7.0.tgz
[root@ecs-harbor ~]# cd harbor/
[root@ecs-harbor harbor]# ls
common.sh  harbor.v2.7.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@ecs-harbor harbor]#

配置harbor

修改harbor.yml

[root@ecs-harbor harbor]# vim harbor.yml

#第五行，修改主机名为ECS的私网IP地址

 5 hostname: 192.168.10.121

#注释https

 12 # https related config
 13 # https:
 14   # https port for harbor, default is 443
 15   # port: 443
 16   # The path of cert and key files for nginx
 17   # certificate: /your/certificate/path
 18   # private_key: /your/private/key/path

#可自定义修改管理员密码
 34 harbor_admin_password: Harbor12345

配置docker.service

[root@ecs-harbor ~]# vim /usr/lib/systemd/system/docker.service

#第13行末尾添加--insecure-registry=192.168.10.121:80

13 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.    sock --insecure-registry=192.168.10.121:80
[root@ecs-harbor ~]#vim /etc/docker/daemon.json

#配置加速器
{
  "registry-mirrors": ["https://cc2d8woc.mirror.aliyuncs.com"]
}
[root@ecs-harbor ~]# systemctl daemon-reload
[root@ecs-harbor ~]# systemctl restart docker

运行prepare脚本准备镜像

prepare脚本会自动下载所需的镜像

[root@ecs-harbor harbor]# ./prepare
[root@ecs-harbor harbor]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED         SIZE
goharbor/prepare   v2.7.0    f0f57240ce77   20 months ago   164MB

修改脚本命令

本版本使用的是9的命令，harbor2.7默认使用7版本的命令，7版本和9版本的命令不一样，所以需要修改

例如：

[root@ecs-harbor ~]# docker-compose --version---7版本命令
-bash: docker-compose: command not found
[root@ecs-harbor ~]# docker compose version---9版本命令
Docker Compose version v2.29.1
[root@ecs-harbor harbor]# vim common.sh

119         elif [[ $(docker compose version) =~ (([0-9]+)\.([0-9]+)([\.0-9]*))     ]]
[root@ecs-harbor harbor]# vim install.sh

#加引号让系统认为这是一个命令

26 DOCKER_COMPOSE="docker compose"

安装harbor

[root@ecs-harbor harbor]# ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 27.1.2

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.29.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.7.0
716575e41c45: Loading layer  145.8MB/145.8MB
af0525d96b0b: Loading layer  16.72MB/16.72MB
939977d7cbf6: Loading layer   5.12kB/5.12kB
005530be0f99: Loading layer  6.144kB/6.144kB
9764bccefdd0: Loading layer  3.072kB/3.072kB
38fe09b6e0e7: Loading layer  2.048kB/2.048kB
9d659849215a: Loading layer   2.56kB/2.56kB
bee3f2947ec7: Loading layer   2.56kB/2.56kB
e4e05d8658d3: Loading layer   2.56kB/2.56kB
e7991cc39265: Loading layer  9.728kB/9.728kB
Loaded image: goharbor/harbor-db:v2.7.0
d79110caaa26: Loading layer  8.902MB/8.902MB
b8cddfca4e88: Loading layer  3.584kB/3.584kB
071b47da1d9b: Loading layer   2.56kB/2.56kB
d22932d9f6c7: Loading layer  84.83MB/84.83MB
b2f2e9cbceac: Loading layer  5.632kB/5.632kB
53cce0f5bd54: Loading layer    108kB/108kB
40a6c61dcc44: Loading layer  44.03kB/44.03kB
6d7dba633513: Loading layer  85.77MB/85.77MB
44309ebcfcf7: Loading layer   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.7.0
cebcabcec86e: Loading layer    127MB/127MB
f3a76df94b70: Loading layer  3.584kB/3.584kB
ac9852cda3ce: Loading layer  3.072kB/3.072kB
a5bab3cf8af7: Loading layer   2.56kB/2.56kB
d52202b6a929: Loading layer  3.072kB/3.072kB
bd8a7ca8438d: Loading layer  3.584kB/3.584kB
a6a054173348: Loading layer  20.99kB/20.99kB
Loaded image: goharbor/harbor-log:v2.7.0
1a3b490c3dc4: Loading layer  8.902MB/8.902MB
7cbd50b78394: Loading layer  25.65MB/25.65MB
7119ae84be31: Loading layer  4.608kB/4.608kB
c9c5875f25c8: Loading layer  26.44MB/26.44MB
Loaded image: goharbor/harbor-exporter:v2.7.0
c8c89cfdc06a: Loading layer  119.1MB/119.1MB
Loaded image: goharbor/nginx-photon:v2.7.0
59736e375413: Loading layer  5.759MB/5.759MB
6cc787909b61: Loading layer  91.75MB/91.75MB
a56e97e08300: Loading layer  3.072kB/3.072kB
57925eac82a6: Loading layer  4.096kB/4.096kB
6e36a605c736: Loading layer  92.54MB/92.54MB
Loaded image: goharbor/chartmuseum-photon:v2.7.0
175f4dc2d45f: Loading layer  119.1MB/119.1MB
4e26408b204b: Loading layer  6.143MB/6.143MB
f2e93a87e40b: Loading layer  1.249MB/1.249MB
e5cceb0b0435: Loading layer  1.194MB/1.194MB
Loaded image: goharbor/harbor-portal:v2.7.0
b887c32c40a7: Loading layer  8.902MB/8.902MB
938a7e3c75f5: Loading layer  3.584kB/3.584kB
5a5a28182655: Loading layer   2.56kB/2.56kB
ebab1e49abda: Loading layer  103.3MB/103.3MB
4ce14e0439d9: Loading layer    104MB/104MB
Loaded image: goharbor/harbor-jobservice:v2.7.0
fbaa7a10893c: Loading layer  5.759MB/5.759MB
c688ac7b41fa: Loading layer  4.096kB/4.096kB
d7c1e408fc7d: Loading layer  17.41MB/17.41MB
55958792b639: Loading layer  3.072kB/3.072kB
a914e1c2d3e7: Loading layer  30.69MB/30.69MB
b91233145a72: Loading layer  48.89MB/48.89MB
Loaded image: goharbor/harbor-registryctl:v2.7.0
4bfd949c2891: Loading layer  5.759MB/5.759MB
7fd746eb54cc: Loading layer  4.096kB/4.096kB
026a4a79ef61: Loading layer  3.072kB/3.072kB
4e8dca75f609: Loading layer  17.41MB/17.41MB
7e017925a772: Loading layer   18.2MB/18.2MB
Loaded image: goharbor/registry-photon:v2.7.0
bd6904b66a79: Loading layer  5.754MB/5.754MB
4bea14657109: Loading layer  8.987MB/8.987MB
629d40c48f45: Loading layer  15.88MB/15.88MB
48d73b35455c: Loading layer  29.29MB/29.29MB
fe12338e806d: Loading layer  22.02kB/22.02kB
dcbe4fc18411: Loading layer  15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.7.0
cc039d70dda6: Loading layer  119.9MB/119.9MB
c128fc8dd5aa: Loading layer  3.072kB/3.072kB
e030017184f0: Loading layer   59.9kB/59.9kB
f7a67f51f6d5: Loading layer  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.7.0
c4c80dff091a: Loading layer  5.754MB/5.754MB
26f51848acfb: Loading layer  8.987MB/8.987MB
fb0e59f893b6: Loading layer  14.47MB/14.47MB
e17fcd490db6: Loading layer  29.29MB/29.29MB
f0f3d13b4bdf: Loading layer  22.02kB/22.02kB
73965e1762cb: Loading layer  14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.7.0
2d831b255ec9: Loading layer  6.287MB/6.287MB
603534b77185: Loading layer  4.096kB/4.096kB
edbbda0ede29: Loading layer  3.072kB/3.072kB
11ccb87ea0a3: Loading layer  180.6MB/180.6MB
13afce1af948: Loading layer  13.22MB/13.22MB
b05259901192: Loading layer  194.6MB/194.6MB
Loaded image: goharbor/trivy-adapter-photon:v2.7.0

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http prot                                   ocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/db/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete,                                    it will be ignored, please remove it to avoid potential confusion

[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete,                                    it will be ignored, please remove it to avoid potential confusion
[+] Running 10/10
 ✔ Network harbor_harbor        Created                                    0.1s
 ✔ Container harbor-log         Started                                    0.3s
 ✔ Container harbor-db          Started                                    0.8s
 ✔ Container registry           Started                                    0.9s
 ✔ Container harbor-portal      Started                                    0.8s
 ✔ Container registryctl        Started                                    0.9s
 ✔ Container redis              Started                                    0.7s
 ✔ Container harbor-core        Started                                    1.0s
 ✔ Container nginx              Started                                    1.4s
 ✔ Container harbor-jobservice  Started                                    1.4s
✔ ----Harbor has been installed and started successfully.----
[root@ecs-harbor harbor]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED         SIZE
goharbor/harbor-exporter        v2.7.0    69796d5ea472   20 months ago   96.5MB
goharbor/chartmuseum-photon     v2.7.0    3a1128c43ada   20 months ago   227MB
goharbor/redis-photon           v2.7.0    cc91f43eb370   20 months ago   154MB
goharbor/trivy-adapter-photon   v2.7.0    acf7683e6266   20 months ago   431MB
goharbor/notary-server-photon   v2.7.0    cc32c079c5e8   20 months ago   113MB
goharbor/notary-signer-photon   v2.7.0    1c7e9e9a0c92   20 months ago   110MB
goharbor/harbor-registryctl     v2.7.0    6573a396157f   20 months ago   139MB
goharbor/registry-photon        v2.7.0    4d015df21516   20 months ago   78.1MB
goharbor/nginx-photon           v2.7.0    5f2878db2a82   20 months ago   154MB
goharbor/harbor-log             v2.7.0    6b4a9a2855bb   20 months ago   161MB
goharbor/harbor-jobservice      v2.7.0    cdde5030ac74   20 months ago   252MB
goharbor/harbor-core            v2.7.0    f1aaf647100d   20 months ago   215MB
goharbor/harbor-portal          v2.7.0    ea51148e87b6   20 months ago   162MB
goharbor/harbor-db              v2.7.0    fff87d4d50e4   20 months ago   195MB
goharbor/prepare                v2.7.0    f0f57240ce77   20 months ago   164MB

登录harbor

注意安全组需要放开http协议

输入公网地址登录

5.测试harbor

创建一个项目

公开：可以匿名访问

-1：对容量不设限

推送镜像

[root@ecs-harbor harbor]# docker tag mysql:latest 192.168.10.121:80/cangku/mysql:v1.0
[root@ecs-harbor harbor]# docker images | grep mysql
192.168.10.121:80/cangku/mysql   v1.0      7ce93a845a8a   4 weeks ago     586MB
mysql                            latest    7ce93a845a8a   4 weeks ago     586MB
[root@ecs-harbor harbor]# docker login 192.168.10.121:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores

Login Succeeded
[root@ecs-harbor harbor]# docker push 192.168.10.121:80/cangku/mysql:v1.0
The push refers to repository [192.168.10.121:80/cangku/mysql]
feceac7d17e7: Pushed
ad5af488d607: Pushed
a34bb1401e4c: Pushed
be2b3692128b: Pushed
afbd47451a75: Pushed
c2182014683d: Pushed
31d776291afd: Pushed
71bc13a2962e: Pushed
3dea2aeae1c6: Pushed
2606c15a4838: Pushed
v1.0: digest: sha256:32c94e5ee67674faa31cee798fbaa427da6632b4a53ea6ad26342af9b3c74911 size: 2411

拉取镜像

[root@ecs-harbor harbor]# docker pull 192.168.10.121:80/cangku/mysql:v1.0
v1.0: Pulling from cangku/mysql
d9a40b27c30f: Pull complete
fe4b01031aab: Pull complete
aa72c34c4347: Pull complete
473ade985fa2: Pull complete
cc168a9482de: Pull complete
3ca3786815dd: Pull complete
3e3fac98ea83: Pull complete
10e5505c3ae4: Pull complete
a79ade39aab9: Pull complete
ae34d51c6da2: Pull complete
Digest: sha256:32c94e5ee67674faa31cee798fbaa427da6632b4a53ea6ad26342af9b3c74911
Status: Downloaded newer image for 192.168.10.121:80/cangku/mysql:v1.0
192.168.10.121:80/cangku/mysql:v1.0