​
1.安装docker
//安装常用组件包

yum install -y yum-utils  device-mapper-persistent-data  lvm2

//配置docker的yum源

yum-config-manager  --add-repo  https://download.docker.com/linux/centos/docker-ce.repo
//安装Docker
yum install docker-ce
systemctl enable docker  
//启动Docker
systemctl start docker

2.安装 docker-compose
yum -y install epel-release    安装python pip依赖
vi /etc/yum.repos.d/epel.repo    修改依赖repo，使用base的地址
yum -y install python-pip    安装python pip
pip install docker-compose    安装docker-compose
 docker-compose --version

3.安装Harbor
（1）下载离线版
https://storage.googleapis.com/harbor-releases/release-1.4.0/harbor-offline-installer-v1.4.0.tgz

（2）上传并解压
                tar  -zxvf harbor-offline-installer-v1.4.0.tgz
 

（3）  修改docker-compose.yml

  version: '2'
services:
  log:
    image: vmware/harbor-log:v1.4.0
    container_name: harbor-log 
    restart: always
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - ./common/config/log/:/etc/logrotate.d/:z
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: vmware/registry-photon:v2.6.2-v1.4.0
    container_name: registry
    restart: always
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
    networks:
      - harbor
    ports:
      - 5000:5000  
    environment:
      - GODEBUG=netdns=cgo
    command:
      ["serve", "/etc/registry/config.yml"]
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  mysql:
    image: vmware/harbor-db:v1.4.0
    container_name: harbor-db
    restart: always
    volumes:
      - /data/database:/var/lib/mysql:z
    networks:
      - harbor
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "mysql"
  adminserver:
    image: vmware/harbor-adminserver:v1.4.0
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    volumes:
      - /data/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/:/data/:z
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"
  ui:
    image: vmware/harbor-ui:v1.4.0
    container_name: harbor-ui
    env_file:
      - ./common/config/ui/env
    restart: always
    volumes:
      - ./common/config/ui/app.conf:/etc/ui/app.conf:z
      - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
      - ./common/config/ui/certificates/:/etc/ui/certificates/:z
      - /data/secretkey:/etc/ui/key:z
      - /data/ca_download/:/etc/ui/ca/:z
      - /data/psc/:/etc/ui/token/:z
    networks:
      - harbor
    depends_on:
      - log
      - adminserver
      - registry
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "ui"
  jobservice:
    image: vmware/harbor-jobservice:v1.4.0
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
      - /data/secretkey:/etc/jobservice/key:z
    networks:
      - harbor
    depends_on:
      - ui
      - adminserver
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  proxy:
    image: vmware/nginx-photon:v1.4.0
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:
      - 80:80
      - 443:443
      - 4443:4443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

（4） 修改harbor.cfg
  ## Configuration file of Harbor

The IP address or hostname to access admin UI and registry service.

DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.

hostname = 172.16.0.133

The protocol for accessing the UI and token/notification service, by default it is http.

It can be set to https if ssl is enabled on nginx.

ui_url_protocol = http

Maximum number of job workers in job service  

max_job_workers = 3 

Determine whether or not to generate certificate for the registry's token.

If the value is on, the prepare script creates new root cert and private key 

for generating token to access the registry. If the value is off the default key/cert will be used.

This flag also controls the creation of the notary signer's cert.

customize_crt = on

The path of cert and key files for nginx, they are applied only the protocol is set to https

ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

The path of secretkey storage

secretkey_path = /data

Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone

admiral_url = NA

Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.

log_rotate_count = 50

Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. 

If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G 

are all valid.

log_rotate_size = 200M

NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES

only take effect in the first boot, the subsequent changes of these properties 

should be performed on web ui

BEGIN INITIAL PROPERTIES

Email account settings for sending out password resetting emails.

Email server uses the given username and password to authenticate on TLS connections to host and act as identity.

Identity left blank to act as username.

email_identity = 

email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
email_insecure = false

The initial password of Harbor admin, only works for the first time when Harbor starts. 

It has no effect after the first launch of Harbor.

Change the admin password from UI after launching Harbor.

harbor_admin_password = Harbor12345

By default the auth mode is db_auth, i.e. the credentials are stored in a local database.

Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.

auth_mode = db_auth

The url for an ldap endpoint.

ldap_url = ldaps://ldap.mydomain.com

A user's DN who has the permission to search the LDAP/AD server. 

If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.

ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com

the password of the ldap_searchdn

ldap_search_pwd = password

The base DN from which to look up a user in LDAP/AD

ldap_basedn = ou=people,dc=mydomain,dc=com

Search filter for LDAP/AD, make sure the syntax of the filter is correct.

ldap_filter = (objectClass=person)

The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  

ldap_uid = uid 

the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE

ldap_scope = 2 

Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.

ldap_timeout = 5

Verify certificate from LDAP server

ldap_verify_cert = true

Turn on or off the self-registration feature

self_registration = on

The expiration time (in minute) of token created by token service, default is 30 minutes

token_expiration = 30

The flag to control what users have permission to create projects

The default value "everyone" allows everyone to creates a project. 

Set to "adminonly" so that only admin user can create project.

project_creation_restriction = everyone

END INITIAL PROPERTIES

Harbor DB configuration section

The address of the Harbor database. Only need to change when using external db.

db_host = mysql

The password for the root user of Harbor DB. Change this before any production use.

db_password = root123

The port of Harbor database host

db_port = 3306

The user name of Harbor database

db_user = root

End of Harbor DB configuration

The redis server address. Only needed in HA installation.

redis_url =

Clair DB configuration

Clair DB host address. Only change it when using an exteral DB.

clair_db_host = postgres

The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.

Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.

clair_db_password = password

Clair DB connect port

clair_db_port = 5432

Clair DB username

clair_db_username = postgres

Clair default database

clair_db = postgres

End of Clair DB configuration

The following attributes only need to be set when auth mode is uaa_auth

uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem

Docker Registry setting

registry_storage_provider can be: filesystem, s3, gcs, azure, etc.

registry_storage_provider_name = filesystem

registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".

Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.

registry_storage_provider_config =

（5）安装

在harbor目录中执行./prepare命令，接着在harbor目录下执行./install.sh命令即可，会自动导入镜像并启动对应的容器，待脚本跑完之后使用docke-compose ps即可查看，常用命令包含以下几个：
docker-compose up -d               ###后台启动，如果容器不存在根据镜像自动创建
docker-compose down   -v         ###停止容器并删除容器
docker-compose start                 ###启动容器，容器不存在就无法启动，不会自动创建镜像
docker-compose stop                 ###停止容器
注：其实上面是停止docker-compose.yml中定义的所有容器，默认情况下docker-compose就是操作同目录下的docker-compose.yml文件，如果使用其他yml文件，可以使用-f自己指定。

（6）验证仓库是否创建成功
docker配置文件/usr/lib/systemd/system/docker.service添加私有仓库和加速器配置

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify

the default is not to use systemd for cgroups because the delegate issues still

exists and systemd currently does not support the cgroup feature set required

for containers run by docker

ExecStart=/usr/bin/dockerd --registry-mirror=https://u1qbyfsc.mirror.aliyuncs.com \
         --insecure-registry 172.16.0.133:5000
ExecReload=/bin/kill -s HUP $MAINPID

Having non-zero Limit*s causes performance problems due to accounting overhead

in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

Uncomment TasksMax if your systemd version supports it.

Only systemd 226 and above support this version.

TasksMax=infinity

TimeoutStartSec=0

set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

kill only the docker process, not all processes in the cgroup

KillMode=process

restart the docker process if it exits prematurely

Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

然后重新启动docker

   //拉取镜像
   docker pull hello-world 
   //上传镜像
   docker tag 172.16.0.133:5000/library/hello-world:v1 hello-world:latest
   docker login 172.16.0.133:5000
   Username (admin): admin
   Password: Harbor123456
   Login Succeeded 
   docker push 172.16.0.133:5000/library/hello-world:v1
在浏览器输入172.16.0.133登录Harbor的web界面

账号admin密码Harbor12345

​