環境信息
centos7:docker26.1.4
IP:192.168.12.134
部署harbor
wget https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-offline-installer-v2.13.1.tgz
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" \-o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
tar xf harbor-offline-installer-v2.13.1.tgz -C /usr/local/
cd /usr/local/habor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml.tmpl
#將hostname改為本機ip,因沒有配置https,所以需要將https相關配置注釋
hostname: 192.168.12.134
## https related config
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# # enable strong ssl ciphers (default: false)
# # strong_ssl_ciphers: false./install.sh
安裝完成查看端口是否開啟
[root@ansible harbor]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 2103/docker-proxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2627/docker-proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 984/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1095/master
tcp6 0 0 :::80 :::* LISTEN 2642/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 984/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1095/master
瀏覽器訪問查看是否可以使用
http://192.168.12.134
默認賬號:admin
密碼:Harbor12345
docker-compose 使用
cd /usr/local/harbor
docker-compose down #停止服務
docker-compose up -d #放后臺
部署registry(1)
docker pull registry:latest
docker run -d -v /home/dockerdata/registry:/var/lib/registry --name "pri_registry" --restart=always -p 5000:5000 registry
查看容器及端口是否使用
[root@ansible ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
92d641ac0039 registry "/entrypoint.sh /etc…" 4 minutes ago Up 4 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp pri_registry
[root@ansible ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 11814/docker-proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 984/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1095/master
tcp6 0 0 :::5000 :::* LISTEN 11820/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 984/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1095/master
部署registry(2)
此版本部署ssl證書+oss存儲
mkdir -p /data/docker-registry/certs
vi /data/docker-registry/config.yml
version: 0.1
log:level: debug
storage:oss:accesskeyid: xxxaccesskeysecret: xxxregion: oss-cn-beijingbucket: docker-registryrootdirectory: dockerssecure: falseinternal: false
http:addr: 0.0.0.0:5000
proxy:remoteurl: https://registry-1.docker.io
health:storagedriver:enabled: trueinterval: 10sthreshold: 3docker run -itd --restart=always --name registry-interal -v /data/docker-registry/config.yml:/etc/docker/registry/config.yml -v /data/docker-registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain1.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey1.pem -p 443:5000 docker.m.daocloud.io/library/registry#需要將對應的fullchain.cer,harbor.disallow.cn.key重新命名以pem結尾
#--restart=always 開機自啟
#--name 給容器命名
#-v 文件目錄掛在
#-e 文件掛載
#-p 端口映射部署docker web ui應用
docker pull uifd/ui-for-docker
docker run -it -d --name docker-web -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock docker.io/uifd/ui-for-docker
#瀏覽器訪問192.168.12.134:9000
漏洞中網絡安全防火墻(WAF)被繞過進行內容植入與遠程劫持機制分析)
![[密碼學實戰]密評相關題庫解析](http://pic.xiahunao.cn/[密碼學實戰]密評相關題庫解析)
)
)