TL;dr

cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
uname -a
Linux n21 4.4.189-1.el7.elrepo.x86_64 #1 SMP Sun Aug 11 08:43:49 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux
###
docker version
Client: Docker Engine - Community
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:46:51 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:52:55 2018
  OS/Arch:          linux/amd64
  Experimental:     true
#Install Latest Stable Docker Compose Release
COMPOSEVERSION=$(curl -s https://github.com/docker/compose/releases/latest/download 2>&1 | grep -Po [0-9]+\.[0-9]+\.[0-9]+)
curl -L "https://github.com/docker/compose/releases/download/$COMPOSEVERSION/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose version
docker-compose version 1.24.1, build 4667896b
docker-py version: 3.7.3
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.0j  20 Nov 2018

exp

# Self-signed certificate: harbor-ca.cert、harbor-ca.key、harbor-reg-domain.cert、harbor-reg-domain.key
openssl req -nodes -new -newkey rsa:4096 -x509 -sha512 -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=harborCA" -keyout harbor-ca.key -out harbor-ca.cert -days 3650

openssl genrsa -out harbor-reg-domain.key 2048
openssl req -new -key harbor-reg-domain.key -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=reg.domain.com/emailAddress=yy@vivo.com" -out harbor-reg-domain.csr
openssl x509 -req -days 3650 -in harbor-reg-domain.csr -CA harbor-ca.cert -CAkey harbor-ca.key -CAcreateserial -out harbor-reg-domain.cert

# prepare、harbor.yml

########################################################
curl -skSL -O https://raw.githubusercontent.com/goharbor/harbor/v1.10.1/make/prepare
sed -i "s#prepare:dev#prepare:v1.10.1#g" prepare
chmod +x prepare
curl -skSL -O https://raw.githubusercontent.com/goharbor/harbor/v1.10.1/make/harbor.yml

########################################################
#sed -i "s/reg.mydomain.com/$IPorFQDN/g" harbor.yml
cp harbor.yml harbor_org.yml
sed -i "s|^hostname: .*|hostname: reg.domain.com|g" ./harbor.yml
sed -i "s|^data_volume: .*|data_volume: /data/harbor-data|g" ./harbor.yml
sed -i "s|# https:|https:|g" ./harbor.yml
sed -i "s|  port: 80|  port: 80|g" ./harbor.yml
sed -i "s|#   port: 443|  port: 443|g" ./harbor.yml
sed -i "s|^#   certificate: .*|  certificate: /data/harbor/harbor-reg-domain.cert|g" ./harbor.yml
sed -i "s|^#   private_key: .*|  private_key: /data/harbor/harbor-reg-domain.key|g" ./harbor.yml
sed -i "s|^  certificate: .*|  certificate: /data/harbor/harbor-reg-domain.cert|g" ./harbor.yml
sed -i "s|^  private_key: .*|  private_key: /data/harbor/harbor-reg-domain.key|g" ./harbor.yml

./prepare --with-notary --with-clair --with-chartmuseum

prepare base dir is set to /data/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated certificate, key file: /tmp/cert_tmp/notary-signer-ca.key, cert file: /tmp/cert_tmp/notary-signer-ca.crt
Generated certificate, key file: /tmp/cert_tmp/notary-signer.key, cert file: /tmp/cert_tmp/notary-signer.crt
Copying certs for notary signer
Copying nginx configuration file for notary
Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
Generated configuration file: /config/nginx/conf.d/notary.server.conf
Generated configuration file: /config/notary/server-config.postgres.json
Generated configuration file: /config/notary/server_env
Generated and saved secret to file: /secret/keys/defaultalias
Generated configuration file: /config/notary/signer_env
Generated configuration file: /config/notary/signer-config.postgres.json
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Generated configuration file: /config/clair-adapter/env
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


chmod -R 777 ./common/


cat docker-compose.yml |grep image
    image: goharbor/harbor-log:v1.10.1
    image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1
    image: goharbor/harbor-registryctl:v1.10.1
    image: goharbor/harbor-db:v1.10.1
    image: goharbor/harbor-core:v1.10.1
    image: goharbor/harbor-portal:v1.10.1
    image: goharbor/harbor-jobservice:v1.10.1
    image: goharbor/redis-photon:v1.10.1
    image: goharbor/nginx-photon:v1.10.1
    image: goharbor/notary-server-photon:v0.6.1-v1.10.1
    image: goharbor/notary-signer-photon:v0.6.1-v1.10.1
    image: goharbor/clair-photon:v2.1.1-v1.10.1
    image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1
    image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1

docker-compose up

docker-compose -f docker-compose.yml up -d
docker-compose -f docker-compose.yml logs -f
docker container ps -a |grep goharbor
docker image list|grep goharbor


# use
sudo cp harbor-ca.cert /etc/pki/ca-trust/source/anchors/
sudo yum install -y ca-certificates
sudo update-ca-trust force-enable
sudo update-ca-trust
sudo systemctl restart docker

#openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=reg.domain.com/emailAddress=yy@vivo.com"


# 查找project、repository
curl -u "admin:Harbor12345" -H "Content-Type: application/json" -X GET --url https://reg.domain.com:11443/api/search?q=nginx
# 查看project列表
curl -u "admin:Harbor12345" --header "Content-Type: application/json" --request GET --url https://reg.domain.com:11443/api/projects
# 获取project_id
curl -sSL -u "admin:Harbor12345" -X GET \
--header "Content-Type: application/json" \
--url https://reg.domain.com:11443/api/projects?name=testrpo |jq -r '.[0].project_id'
# 新增project
curl -u "admin:Harbor12345" \
--request POST \
--url https://reg.domain.com:11443/api/projects \
--header "Content-Type: application/json" \
--data '{"project_name":"testrpo","metadata":{"public":"false"},"count_limit":-1,"storage_limit":-1}'
# 根据project_id获取project
curl -u "admin:Harbor12345" -H "Content-Type: application/json" -X GET --url https://reg.domain.com:11443/api/projects/{project_id}
# 根据project_id删除project
curl -u "admin:Harbor12345" -H "Content-Type: application/json" -X DELETE --url https://reg.domain.com:11443/api/projects/{project_id}

docker login -u admin --password Harbor12345 reg.domain.com:11443
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://reg.domain.com:11443/v2/: x509: certificate signed by unknown authority

docker login -u admin --password Harbor12345 reg.domain.com:11443
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/vagrant/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


#### push example
docker pull ubuntu:14.04
docker tag ubuntu:14.04 reg.domain.com:11443/testrpo/ubuntu:14.04
docker push reg.domain.com:11443/testrpo/ubuntu:14.04
docker pull reg.domain.com:11443/testrpo/ubuntu:14.04
docker run -it --rm reg.domain.com:11443/testrpo/ubuntu:14.04 /bin/bash -c "env"
# denied: requested access to the resource is denied


for i in "alpine:3.10.3" "nginx:1.17.6" "debian:buster" "busybox:1.31.1-glibc" "busybox:1.31.1" "centos:8" "centos:7.7.1908" "python:3.7.5-buster" "node:13.2.0-buster" "node:8.16.2-buster"; do
    docker pull $i
    docker tag $i reg.domain.com:11443/testrpo/$i
    docker push reg.domain.com:11443/testrpo/$i
done

troubleshooting

ERROR:root:Please specify hostname
ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
ERROR:root:Error: the protocol must be https when Harbor is deployed with Notary
ERROR: for chartmuseum  Cannot start service chartmuseum: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for portal  Cannot start service portal: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused

ERROR: for chartmuseum  Cannot start service chartmuseum: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused

ERROR: for registryctl  Cannot start service registryctl: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused

ERROR: for registry  Cannot start service registry: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused

ERROR: for postgresql  Cannot start service postgresql: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: Encountered errors while bringing up the project.
ERROR: for nginx  Cannot start service proxy: driver failed programming external connectivity on endpoint nginx (110e6e270623c3b2e721a56b285a7a625c4a06109085a58c3de88feb3b43ecf8): Error staCreating harbor-jobservice ... done

ERROR: for proxy  Cannot start service proxy: driver failed programming external connectivity on endpoint nginx (110e6e270623c3b2e721a56b285a7a625c4a06109085a58c3de88feb3b43ecf8): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
ERROR: Encountered errors while bringing up the project.

upgrade

sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
###
curl -sSfLk https://get.daocloud.io/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

# 2019/12/17
v1.9.3 ---> v1.10.0

docker-componse -f docker-compose.yml down

curl -sSL -o prepare1.10.0 https://raw.githubusercontent.com/goharbor/harbor/v1.10.0/make/prepare
sed -i "s#prepare:dev#prepare:v1.10.0#g" prepare1.10.0
chmod +x prepare1.10.0
./prepare1.10.0 --with-notary --with-clair --with-chartmuseum
cp docker-compose.yml docker-compose-v1.10.0.yml
# modify logging settings
chmod -R 777 ./common/

docker-compose -f docker-compose-v1.10.0.yml up -d

helm

# TODO
helm repo add harbor https://helm.goharbor.io
helm repo update
helm fetch harbor/harbor --version 1.3.0 --untar
## 
https://hub.helm.sh/charts/harbor/harbor
https://hub.helm.sh/charts/bitnami/harbor

sudo kill -SIGHUP $(pidof dockerd)

certs.d

# https://docs.docker.com/registry/insecure/#use-self-signed-certificates
# Copy the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt on every Docker host. You do not need to restart Docker.

ref