Preparation
# mkdir /workspace # cd /workspace # wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz # tar -xvf harbor-offline-installer-v1.10.1.tgz # cd harbor # vi harbor.yml hostname: 192.168.65.141 <- Ubah sesuai dengan IP Harbor. http: port: 80 https: port: 443 certificate: /data/cert/example.com.crt private_key: /data/cert/example.com.key
Crete SSL self-sign certificates
# openssl genrsa -out ca.key 4096 # openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \ -key ca.key \ -out ca.crt # openssl genrsa -out example.com.key 4096 # openssl req -sha512 -new \ -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \ -key example.com.key \ -out example.com.csr # cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=example.com DNS.2=example DNS.3=harbor IP.1=192.168.65.141 EOF # openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in example.com.csr \ -out example.com.crt # mkdir /data/cert/ # cp example.com.crt /data/cert/ # cp example.com.key /data/cert/ # openssl x509 -inform PEM -in example.com.crt -out example.com.cert # mkdir /etc/docker/certs.d/example.com/ # cp example.com.cert /etc/docker/certs.d/example.com/ # cp example.com.key /etc/docker/certs.d/example.com/ # cp ca.crt /etc/docker/certs.d/example.com/ # cp ca.crt /usr/local/share/ca-certificates/ # update-ca-certificates # systemctl restart docker
Deploy Harbor
# ./prepare # docker-compose down -v # docker-compose up -d
Push Docker images
# docker login example.com # docker tag mysql:latest example.com/nama_project/mysql:latest # docker push example.com/nama_project/mysql:latest
Done