Harbor部署教程
- 安装docker相关依赖
-
- [更新 apt 包索引并安装必要的依赖](#更新 apt 包索引并安装必要的依赖)
- [安装 Docker Engine](#安装 Docker Engine)
- [验证 Docker 版本](#验证 Docker 版本)
- [编辑配置 文件](#编辑配置 文件)
- 重新加载配置docker
- 安装horbor
- docker重启,harbor停止运行解决办法
-
- [方法1:快速恢复(Docker 重启后临时修复)](#方法1:快速恢复(Docker 重启后临时修复))
- [方法 2:永久解决(配置自动关联与持久化)](#方法 2:永久解决(配置自动关联与持久化))
安装docker相关依赖
更新 apt 包索引并安装必要的依赖
sudo apt-get update -y
sudo apt-get -y install ca-certificates curl gnupg lsb-release software-properties-common
cd ~
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg -o docker-gpg.key
cat docker-gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg > /dev/null
sudo chmod 644 /etc/apt/trusted.gpg.d/docker.gpg
add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://mirrors.aliyun.com/docker-ce/linux/ubuntu jammy stable"安装 Docker Engine
sudo apt-get update -y
sudo apt-get install -y docker-ce=5:25.0.0-1~ubuntu.22.04~jammy docker-ce-cli=5:25.0.0-1~ubuntu.22.04~jammy containerd.io docker-compose-plugin验证 Docker 版本
# 验证 Docker 版本
docker --version
#验证 Docker Compose 版本
docker compose version编辑配置 文件
sudo vi /etc/docker/daemon.json添加如下内容
{
"registry-mirrors": [
"https://docker.registry.cyou",
"https://docker-cf.registry.cyou",
"https://dockercf.jsdelivr.fyi",
"https://docker.jsdelivr.fyi",
"https://dockertest.jsdelivr.fyi",
"https://mirror.aliyuncs.com",
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://docker.mirrors.sjtug.sjtu.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://mirror.iscas.ac.cn",
"https://docker.rainbond.cc"
],
"insecure-registries": ["harborip地址"]
}重新加载配置docker
#重新加载配置
systemctl daemon-reload
#锁定docker
apt-mark hold docker-ce docker-ce-cli containerd.io
#启动docker
systemctl start docker
systemctl enable docker安装horbor
部署安装horbor
sudo mkdir -p /opt/harbor
cd /opt/harbor
# 下载 Harbor v2.10.2 在线安装包
sudo wget https://github.com/goharbor/harbor/releases/download/v2.10.2/harbor-online-installer-v2.10.2.tgz
tar xzf harbor-online-installer-v2.10.2.tgz
cd harbor
sudo cp harbor.yml.tmpl harbor.yml
sudo vim harbor.yml
./install.sh
停止 Harbor 服务
docker compose down
启动 Harbor 服务
docker compose up -d
运行prepare 脚本重新生成配置
./preparedocker重启,harbor停止运行解决办法
原因分析:Harbor 所有服务都依赖 harbor 自定义桥接网络(networks: harbor),且该网络配置为 external: false(默认私有网络)。Docker 重启时,会先销毁所有容器和非持久化的自定义网络,Harbor 的 harbor 网络会被自动删除,容器重启时因找不到依赖网络而启动失败
方法1:快速恢复(Docker 重启后临时修复)
# 1. 进入 Harbor 安装目录
cd /opt/harbor/harbor
# 2. 重新生成 Harbor 配置(可选,若配置未变更可跳过)
./prepare
# 3. 重建 Harbor 网络并启动容器(docker compose 会自动创建缺失的 harbor 网络)
docker compose up -d方法 2:永久解决(配置自动关联与持久化)
# 1. 先停止 Harbor 服务
cd /opt/harbor/harbor
docker compose down
# 2. 删除原有 harbor 私有网络
docker network rm harbor
# 3. 创建持久化的外部桥接网络(命名为 harbor,与原有配置一致)
docker network create --driver bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 harbor
# 4. 修改 docker-compose.yml 中的网络配置
vim /opt/harbor/harbor/docker-compose.ymldocker-compose.yml修改为如下内容:
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.10.2
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
healthcheck:
test: ["CMD", "pgrep", "rsyslogd"]
interval: 5s
timeout: 3s
retries: 3
start_period: 10s
registry:
image: goharbor/registry-photon:v2.10.2
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
log:
condition: service_healthy
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.10.2
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.10.2
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.10.2
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.10.2
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.10.2
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.10.2
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.10.2
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: true # 改为 true,使用已创建的外部网络
# 1. 创建 Harbor systemd 服务文件
vim /etc/systemd/system/harbor.service添加如下内容:
[Unit]
Description=Harbor Docker Registry Service
Documentation=https://goharbor.io/
After=docker.service containerd.service
Requires=docker.service containerd.service
[Service]
Type=oneshot
Environment="PATH=/usr/bin:/usr/local/bin"
WorkingDirectory=/opt/harbor/harbor
ExecStart=/usr/bin/docker compose up -d
ExecStop=/usr/bin/docker compose down
ExecReload=/usr/bin/docker compose restart
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
# 1. 重新加载 systemd 配置
systemctl daemon-reload
# 2. 设置 Harbor 开机自启
systemctl enable harbor.servic
# 3. 启动 Harbor 服务(验证配置)
systemctl start harbor.service
# 4. 查看 Harbor 服务状态
systemctl status harbor.service