1. 搭建Harbor仓库
1.1 环境准备
1、克隆一台虚拟机(harbor-20),CPU 至少 2 核,Memory 至少 4G,磁盘 100G。
2、修改主机名
bash
[root@localhost ~]# hostnamectl set-hostname harbor && bash
[root@harbor ~]# 3、修改IP地址
bash
[root@harbor ~]# nmcli connection modify ens160 ipv4.method manual ipv4.addresses 192.168.72.20/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@harbor ~]# nmcli c up ens1603、配置主机映射
bash
[root@harbor ~]# cat >> /etc/hosts <<EOF
192.168.72.11 k8s-master01 m1
192.168.72.12 k8s-master02 m2
192.168.72.13 k8s-master03 m3
192.168.72.15 k8s-node01 n1
192.168.72.16 k8s-node02 n2
192.168.72.20 hb.reg.com harbor
EOF
[root@harbor ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.72.11 k8s-master01 m1
192.168.72.12 k8s-master02 m2
192.168.72.13 k8s-master03 m3
192.168.72.15 k8s-node01 n1
192.168.72.16 k8s-node02 n2
192.168.72.20 hb.reg.com harbor1.2 安装Docker
由于我们在构建虚拟机模板机时已经安装好 Docker 服务了,因此这一步就可以省略。我们只需要修改 /etc/docker/daemon.json 文件即可。
1、修改加速器文件
bash
[root@harbor ~]# vim /etc/docker/daemon.json文件内容如下:
json
{
"default-ipc-mode": "shareable",
"data-root": "/data/docker",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "50"
},
"insecure-registries": ["https://hb.reg.com"],
"registry-mirrors": [
"https://docker.1ms.run",
"https://func.ink",
"https://proxy.1panel.live",
"https://docker-0.unsee.tech",
"https://docker.zhai.cm",
"https://a.ussh.net",
"https://docker.melikeme.cn",
"https://docker.hlmirror.com",
"https://docker.xiaogenban1993.com",
"https://docker.1panel.top",
"https://docker.kejilion.pro",
"https://dockerpull.cn",
"https://docker.xuanyuan.me",
"https://docker.anye.in",
"https://hub.fast360.xyz"
]
}在文件中添加了 insecure-registries 配置来指定我们自己的私有仓库访问地址。
2、重启服务生效
bash
[root@harbor ~]# systemctl daemon-reload
[root@harbor ~]# systemctl restart docker1.3 安装Docker-Compose
1、下载docker-compose
bash
[root@harbor ~]# wget https://github.com/docker/compose/releases/download/v5.0.2/docker-compose-linux-x86_64或者上传离线下载好的 docker-compose-linux-x86_64 文件到服务器中。
bash
[root@harbor ~]# ls
docker-compose-5.0.2-linux-x86_642、安装docker-compose
bash
[root@harbor ~]# mv docker-compose-5.0.2-linux-x86_64 /usr/bin/docker-compose
[root@harbor ~]# chmod +x /usr/bin/docker-compose
[root@harbor ~]# ll /usr/bin/docker-compose
-rwxr-xr-x. 1 root root 31327024 Feb 3 11:34 /usr/bin/docker-compose3、验证安装
bash
[root@harbor ~]# docker-compose -v
Docker Compose version v5.0.21.4 准备harbor
官方文档地址为:https://goharbor.io/docs/2.14.0/install-config/
1.4.1 环境要求
1、硬件要求
| 资源 | 最小配置 | 推荐配置 |
|---|---|---|
| CPU | 2 CPU | 4 CPU |
| Mem | 4 GB | 8 GB |
| Disk | 40 GB | 160 GB |
2、软件要求
| 软件 | 版本 | 说明 |
|---|---|---|
| Docker Engine | Version > 20.10 | 用于运行Harbor环境 |
| Docker Compose | Docker compose > 2.3 | 用于管理Harbor服务 |
| OpenSSL | Latest (optional) | 用于生成Harbor访问的私钥和证书 |
检查本机软件环境:
bash
[root@harbor ~]# docker --version
Docker version 29.1.5, build 0e6fee6
[root@harbor ~]# docker-compose -v
Docker Compose version v5.0.2
[root@harbor ~]# openssl -v
OpenSSL 3.5.1 1 Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025)3、网络要求
需要在防火墙和 Selinux 中放行 80 和 443 端口。
bash
[root@harbor ~]# systemctl is-active firewalld
inactive
[root@harbor ~]# getenforce
Permissive1.4.2 准备harbor
1、下载harbor安装包
bash
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.14.2/harbor-offline-installer-v2.14.2.tgz或者将下载好的安装包上传到服务器中
bash
[root@harbor ~]# ls
harbor-offline-installer-v2.14.2.tgz2、解压harbor安装包
bash
# 解压文件
[root@harbor ~]# tar -zxf harbor-offline-installer-v2.14.2.tgz -C /data/
# 进入解压目录
[root@harbor ~]# cd /data
# 查看目录文件
[root@harbor data]# ls
docker harbor
# 进入harbor目录
[root@harbor data]# cd harbor/
# 查看目录文件
[root@harbor harbor]# ls
common.sh harbor.v2.14.2.tar.gz harbor.yml.tmpl install.sh LICENSE prepare1.5 配置证书
官方文档:https://goharbor.io/docs/2.14.0/install-config/configure-https/
1.5.1 生成CA证书
bash
# 创建证书存放目录
[root@harbor harbor]# mkdir ssl
[root@harbor harbor]# cd ssl
[root@harbor ssl]# pwd
/data/harbor/ssl
# 生成CA证书私钥文件
[root@harbor ssl]# openssl genrsa -out ca.key 4096
[root@harbor ssl]# ls
ca.key
# 根据生成的CA证书私钥文件来生成证书文件
[root@harbor ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=CQ/L=CQ/O=Banan/OU=Chengke/CN=Houdelou" \
-key ca.key \
-out ca.crt
# 查看生成的文件
[root@harbor ssl]# ls
ca.crt ca.key1.5.2 生成服务证书
对于证书来说,通常包含 .crt 和 .key 两个文件。
1、生成服务私钥
bash
[root@harbor ssl]# openssl genrsa -out hb.reg.com.key 4096
[root@harbor ssl]# ls
ca.crt ca.key hb.reg.com.key2、根据私钥生成服务证书请求
bash
[root@harbor ssl]# openssl req -sha512 -new \
-subj "/C=CN/ST=CQ/L=CQ/O=Banan/OU=Chengke/CN=hb.reg.com" \
-key hb.reg.com.key \
-out hb.reg.com.csr
[root@harbor ssl]# ls
ca.crt ca.key hb.reg.com.csr hb.reg.com.key3、生成一个x509 v3扩展文件:
bash
[root@harbor ssl]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=hb.reg.com
DNS.2=hb.reg
DNS.3=harbor
EOF
[root@harbor ssl]# ls
ca.crt ca.key hb.reg.com.csr hb.reg.com.key v3.ext4、使用该v3.ext文件为您的Harbor主机生成证书
bash
[root@harbor ssl]# openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in hb.reg.com.csr \
-out hb.reg.com.crt
Certificate request self-signature ok
subject=C=CN, ST=CQ, L=CQ, O=Banan, OU=Chengke, CN=hb.reg.com
[root@harbor ssl]# ls
ca.crt ca.key ca.srl hb.reg.com.crt hb.reg.com.csr hb.reg.com.key v3.ext1.5.3 仓库配置证书
生成 ca.crt、hb.reg.com.crt 和 hb.reg.com.key 密钥文件后,您必须将它们提供给Harbor和Docker,并重新配置Harbor以使用它们。
1、将服务器证书和密钥复制到 Harbor 主机上的 certficates 文件夹中
bash
[root@harbor ssl]# mkdir /data/cert
[root@harbor ssl]# cp hb.reg.com.crt /data/cert/
[root@harbor ssl]# cp hb.reg.com.key /data/cert/2、转换 hb.reg.com.crt 为 hb.reg.com.cert,供 Docker 使用
bash
[root@harbor ssl]# cd /data/cert/
[root@harbor cert]# ls
hb.reg.com.crt hb.reg.com.key
# 转换证书供docker使用
[root@harbor cert]# openssl x509 -inform PEM -in hb.reg.com.crt -out hb.reg.com.cert
[root@harbor cert]# ls
hb.reg.com.cert hb.reg.com.crt hb.reg.com.key3、将服务器证书,私钥文件和 CA 文件复制到 Harbor 主机上的 Docker 证书文件夹中。必须首先创建适当的文件夹
bash
# 创建需要的目录结构
[root@harbor cert]# mkdir -p /etc/docker/certs.d/hb.reg.com:443
# 复制文件
[root@harbor cert]# cp hb.reg.com.cert /etc/docker/certs.d/hb.reg.com:443
[root@harbor cert]# cp hb.reg.com.key /etc/docker/certs.d/hb.reg.com:443
[root@harbor cert]# cp /data/harbor/ssl/ca.crt /etc/docker/certs.d/hb.reg.com:443
# 查看最终结构
[root@harbor cert]# tree /etc/docker/certs.d/
/etc/docker/certs.d/
└── hb.reg.com:443
├── ca.crt
├── hb.reg.com.cert
└── hb.reg.com.key
1 directory, 3 files4、启动docker服务
bash
[root@harbor cert]# systemctl restart docker1.6 部署配置Harbor
1.6.1 配置Harbor
如果您尚未部署Harbor,请参阅配置Harbor YML文件,了解如何通过在harbor.yml中指定主机名和https属性来配置Harbor以使用证书。
如果你已经使用HTTP部署了Harbor,并希望将其重新配置为使用HTTPS,请执行以下步骤。
1、从配置文件模板中复制出配置文件
bash
[root@harbor cert]# cd /data/harbor/
[root@harbor harbor]# ls
common.sh harbor.v2.14.2.tar.gz harbor.yml.tmpl install.sh LICENSE prepare ssl
[root@harbor harbor]# cp -p harbor.yml.tmpl harbor.yml
[root@harbor harbor]# ls
common.sh harbor.v2.14.2.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare ssl2、修改配置文件
bash
[root@harbor harbor]# vim harbor.yml修改内容如下:
yaml
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: hb.reg.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/hb.reg.com.crt
private_key: /data/cert/hb.reg.com.key
.....
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
......
# The default data volume
data_volume: /opt/data
.......3、创建数据卷目录
bash
[root@harbor harbor]# mkdir -p /opt/data
[root@harbor harbor]# ls /opt
containerd data1.6.2 加载harbor镜像
1、导入镜像文件
bash
[root@harbor harbor]# docker load -i harbor.v2.14.2.tar.gz
Loaded image: goharbor/prepare:v2.14.2
Loaded image: goharbor/trivy-adapter-photon:v2.14.2
Loaded image: goharbor/harbor-core:v2.14.2
Loaded image: goharbor/harbor-db:v2.14.2
Loaded image: goharbor/harbor-jobservice:v2.14.2
Loaded image: goharbor/harbor-registryctl:v2.14.2
Loaded image: goharbor/nginx-photon:v2.14.2
Loaded image: goharbor/harbor-portal:v2.14.2
Loaded image: goharbor/redis-photon:v2.14.2
Loaded image: goharbor/registry-photon:v2.14.2
Loaded image: goharbor/harbor-log:v2.14.2
Loaded image: goharbor/harbor-exporter:v2.14.22、查看镜像
bash
[root@harbor harbor]# docker images
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
goharbor/harbor-core:v2.14.2 def2f48ebb3a 413MB 205MB
goharbor/harbor-db:v2.14.2 3417b2d261fe 593MB 293MB
goharbor/harbor-exporter:v2.14.2 ae87109e4c79 269MB 133MB
goharbor/harbor-jobservice:v2.14.2 2ad0c5a5810c 362MB 180MB
goharbor/harbor-log:v2.14.2 32448bb26446 379MB 188MB
goharbor/harbor-portal:v2.14.2 32fb3a3f57cd 370MB 183MB
goharbor/harbor-registryctl:v2.14.2 cfa0b205c9fd 334MB 167MB
goharbor/nginx-photon:v2.14.2 09aadc2e99b0 353MB 175MB
goharbor/prepare:v2.14.2 a4380f5d2bab 413MB 203MB
goharbor/redis-photon:v2.14.2 ac49d496e188 383MB 190MB
goharbor/registry-photon:v2.14.2 a4cf93bc522b 177MB 88.4MB
goharbor/trivy-adapter-photon:v2.14.2 4201757303dd 807MB 403MB 1.6.3 检查安装环境
bash
[root@harbor harbor]# pwd
/data/harbor
[root@harbor harbor]# ls
common.sh harbor.v2.14.2.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare ssl
[root@harbor harbor]# ./prepare
prepare base dir is set to /data/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
copy /data/secret/tls/harbor_internal_ca.crt to shared trust ca dir as name harbor_internal_ca.crt ...
ca file /hostfs/data/secret/tls/harbor_internal_ca.crt is not exist
copy to shared trust ca dir as name storage_ca_bundle.crt ...
copy None to shared trust ca dir as name redis_tls_ca.crt ...
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir执行完后,在目录中会生成 docker-compose.yml 文件
bash
[root@harbor harbor]# ls
common docker-compose.yml harbor.yml install.sh prepare
common.sh harbor.v2.14.2.tar.gz harbor.yml.tmpl LICENSE ssl1.6.4 部署Harbor
bash
[root@harbor harbor]# ls
common docker-compose.yml harbor.yml install.sh prepare
common.sh harbor.v2.14.2.tar.gz harbor.yml.tmpl LICENSE ssl
[root@harbor harbor]# pwd
/data/harbor
[root@harbor harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 29.1.5
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v5.0.2
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.14.2
Loaded image: goharbor/trivy-adapter-photon:v2.14.2
Loaded image: goharbor/harbor-core:v2.14.2
Loaded image: goharbor/harbor-db:v2.14.2
Loaded image: goharbor/harbor-jobservice:v2.14.2
Loaded image: goharbor/harbor-registryctl:v2.14.2
Loaded image: goharbor/nginx-photon:v2.14.2
Loaded image: goharbor/harbor-portal:v2.14.2
Loaded image: goharbor/redis-photon:v2.14.2
Loaded image: goharbor/registry-photon:v2.14.2
Loaded image: goharbor/harbor-log:v2.14.2
Loaded image: goharbor/harbor-exporter:v2.14.2
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
copy /data/secret/tls/harbor_internal_ca.crt to shared trust ca dir as name harbor_internal_ca.crt ...
ca file /hostfs/data/secret/tls/harbor_internal_ca.crt is not exist
copy to shared trust ca dir as name storage_ca_bundle.crt ...
copy None to shared trust ca dir as name redis_tls_ca.crt ...
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] up 10/10
✔ Network harbor_harbor Created 0.0s
✔ Container harbor-log Created 0.1s
✔ Container registryctl Created 0.1s
✔ Container harbor-portal Created 0.1s
✔ Container harbor-db Created 0.1s
✔ Container registry Created 0.1s
✔ Container redis Created 0.1s
✔ Container harbor-core Created 0.0s
✔ Container nginx Created 0.0s
✔ Container harbor-jobservice Created 0.0s
✔ ----Harbor has been installed and started successfully.----1.6.5 查看运行容器
bash
[root@harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07fdb44e471b goharbor/harbor-jobservice:v2.14.2 "/harbor/entrypoint...." 3 minutes ago Up 3 minutes (healthy) harbor-jobservice
26751e316e36 goharbor/nginx-photon:v2.14.2 "nginx -g 'daemon of..." 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:80->8080/tcp, [::]:80->8080/tcp, 0.0.0.0:443->8443/tcp, [::]:443->8443/tcp nginx
bf7b117780d3 goharbor/harbor-core:v2.14.2 "/harbor/entrypoint...." 3 minutes ago Up 3 minutes (healthy) harbor-core
30dfc37359b9 goharbor/harbor-registryctl:v2.14.2 "/home/harbor/start...." 3 minutes ago Up 3 minutes (healthy) registryctl
9fc3b72fb471 goharbor/registry-photon:v2.14.2 "/home/harbor/entryp..." 3 minutes ago Up 3 minutes (healthy) registry
0407a54d99ba goharbor/harbor-portal:v2.14.2 "nginx -g 'daemon of..." 3 minutes ago Up 3 minutes (healthy) harbor-portal
5802d7966e71 goharbor/harbor-db:v2.14.2 "/docker-entrypoint...." 3 minutes ago Up 3 minutes (healthy) harbor-db
8e47449a0ab3 goharbor/redis-photon:v2.14.2 "redis-server /etc/r..." 3 minutes ago Up 3 minutes (healthy) redis
2091d7505c94 goharbor/harbor-log:v2.14.2 "/bin/sh -c /usr/loc..." 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log或者使用 docker-compose ps 命令来查看:
bash
[root@harbor harbor]# docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.14.2 "/harbor/entrypoint...." core 4 minutes ago Up 4 minutes (healthy)
harbor-db goharbor/harbor-db:v2.14.2 "/docker-entrypoint...." postgresql 4 minutes ago Up 4 minutes (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.14.2 "/harbor/entrypoint...." jobservice 4 minutes ago Up 4 minutes (healthy)
harbor-log goharbor/harbor-log:v2.14.2 "/bin/sh -c /usr/loc..." log 4 minutes ago Up 4 minutes (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.14.2 "nginx -g 'daemon of..." portal 4 minutes ago Up 4 minutes (healthy)
nginx goharbor/nginx-photon:v2.14.2 "nginx -g 'daemon of..." proxy 4 minutes ago Up 4 minutes (healthy) 0.0.0.0:80->8080/tcp, [::]:80->8080/tcp, 0.0.0.0:443->8443/tcp, [::]:443->8443/tcp
redis goharbor/redis-photon:v2.14.2 "redis-server /etc/r..." redis 4 minutes ago Up 4 minutes (healthy)
registry goharbor/registry-photon:v2.14.2 "/home/harbor/entryp..." registry 4 minutes ago Up 4 minutes (healthy)
registryctl goharbor/harbor-registryctl:v2.14.2 "/home/harbor/start...." registryctl 4 minutes ago Up 4 minutes (healthy) 1.7 配置启动服务
1.7.1 停止Harbor
由于现在启动 Harbor 的操作必须是在 docker-compose.yml 文件所在目录下执行,非常不方便。所以我们先使用 docker-compose 命令来关闭 Harbor 服务。
bash
[root@harbor harbor]# docker-compose down
[+] down 10/10
✔ Container registryctl Removed 0.3ss
✔ Container harbor-jobservice Removed 0.3ss
✔ Container nginx Removed 0.2ss
✔ Container harbor-portal Removed 0.1ss
✔ Container harbor-core Removed 0.1ss
✔ Container harbor-db Removed 0.1ss
✔ Container redis Removed 0.2ss
✔ Container registry Removed 0.1ss
✔ Container harbor-log Removed 10.2s
✔ Network harbor_harbor Removed 0.1s如果要启动的话使用 docker-compose up -d 命令:
bash[root@harbor harbor]# docker-compose up -d [+] up 10/10 ✔ Network harbor_harbor Created 0.0s ✔ Container harbor-log Created 0.1s ✔ Container harbor-portal Created 0.1s ✔ Container registryctl Created 0.1s ✔ Container harbor-db Created 0.1s ✔ Container registry Created 0.1s ✔ Container redis Created 0.1s ✔ Container harbor-core Created 0.0s ✔ Container nginx Created 0.0s ✔ Container harbor-jobservice Created 0.0s
1.7.2 编写服务文件
1、编写文件
为了方便在任意地方都可以启动服务而不是在 harbor 安装目录下,我们需要在 /usr/lib/systemd/system/ 目录下新建 harbor.service 服务启动文件。
bash
[root@harbor harbor]# vim /usr/lib/systemd/system/harbor.service文件的内容如下:
bash
[Unit]
Documentation=https://goharbor.io/docs/
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
[Service]
Type=simple
ExecStart=/usr/bin/docker-compose --file /data/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose --file /data/harbor/docker-compose.yml down
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target2、加载配置
bash
[root@harbor harbor]# systemctl daemon-reload1.8 验证启动服务
1.8.1 停止服务
bash
[root@harbor harbor]# systemctl stop harbor1.8.2 启动服务
bash
[root@harbor harbor]# systemctl start harbor1.8.3 查看状态
bash
[root@harbor ssl]# systemctl status harbor
● harbor.service - Harbor
Loaded: loaded (/usr/lib/systemd/system/harbor.service; disabled; preset: disabled)
Active: active (running) since Tue 2026-02-03 16:45:10 CST; 44s ago
Docs: https://goharbor.io/docs/
Main PID: 20910 (docker-compose)
Tasks: 9 (limit: 24531)
Memory: 13.1M (peak: 13.8M)
CPU: 105ms
CGroup: /system.slice/harbor.service
└─20910 /usr/bin/docker-compose --file /data/harbor/docker-compose.yml up
Feb 03 16:45:41 harbor docker-compose[20910]: registry | ::1 - - [03/Feb/2026:08:45:41 +0000] "G>
Feb 03 16:45:42 harbor docker-compose[20910]: registryctl | ::1 - - [03/Feb/2026:08:45:42 +0000] "G>
Feb 03 16:45:42 harbor docker-compose[20910]: harbor-portal | 127.0.0.1 - - [03/Feb/2026:08:45:42 +00>
Feb 03 16:45:42 harbor docker-compose[20910]: registry | 172.18.0.8 - - [03/Feb/2026:08:45:42 +0>
Feb 03 16:45:42 harbor docker-compose[20910]: harbor-portal | 172.18.0.8 - - [03/Feb/2026:08:45:42 +0>
Feb 03 16:45:42 harbor docker-compose[20910]: registryctl | 172.18.0.8 - - [03/Feb/2026:08:45:42 +0>
Feb 03 16:45:42 harbor docker-compose[20910]: nginx | 127.0.0.1 - "GET / HTTP/1.1" 308 171 "->1.8.4 加入开机启动
bash
[root@harbor ssl]# systemctl enable --now harbor
Created symlink /etc/systemd/system/multi-user.target.wants/harbor.service → /usr/lib/systemd/system/harbor.service.1.9 定制本地仓库
1.9.1 配置映射
为了使用域名来访问,我们需要在 windows 中C:\Windows\System32\drivers\etc\hosts文件配置 IP 和域名的映射。
bash
192.168.72.20 hb.reg.com1.9.2 访问仓库
在浏览器中输入 https://hb.reg.com 来访问。会提示证书不安全,我们点击高级,然后再点击 "继续前往hb.reg.com(不安全)",就会进入到仓库的登录页面。
在这个页面中的用户名输入 admin,密码输入 Harbor12345,然后点击登录就可以进入到管理界面。