目录
在生产环境中,通常会有自己的端口号及密码,非默认密码。上一篇介绍了Harbor的概念,docker及harbor的安装和使用。本篇介绍harbor修改端口号及密码。
一、修改端口号
1.1 修改docker配置文件
Harbor修改端口号,修改docker配置文件/etc/docker/daemon.json
修改端口为8080端口,在修改端口前请确保该端口没有被占用。
查看端口发现8080没被占用,修改docker配置文件,指定端口为8080。
[root@localhost harbor]#:vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"],
"graph": "/home/docker-data",
"insecure-registries": ["192.168.114.88:8080"],
"log-driver": "json-file",
"log-opts": {"max-size": "100m", "max-file": "3"}
}重启docker
[root@localhost harbor]#:systemctl restart docker1.2 修改harbor配置
在修改harbor配置文件时,需要修改三个配置文件。
harbor.yml:Harbor的核心配置文件,定义部署参数
docker-compose.yml:是docker-compose的模板文件,定义Harbor服务的容器编排。
common/config/core/env:与宿主机路径映射的配置文件,存放公共资源。
[root@localhost harbor]#:vim harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.114.88
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8080 #修改端口号为8080
......
......
修改docker-compose.yml,指定与宿主机之间的端口映射为8080.
[root@localhost harbor]#:vim docker-compose.yml
......
......
proxy:
image: goharbor/nginx-photon:v2.8.0
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 8080:8080 #修改容器内部与宿主机之间的端口映射
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
......
......
修改common/config/core/env配置文件,主要用于统一多实例环境下的CSRF(跨站请求伪造)防护token私钥值。
[root@localhost harbor]#:vim common/config/core/env
CONFIG_PATH=/etc/core/app.conf
UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
_REDIS_URL_CORE=redis://redis:6379?idle_timeout_seconds=30
SYNC_QUOTA=true
_REDIS_URL_REG=redis://redis:6379/1?idle_timeout_seconds=30
LOG_LEVEL=info
EXT_ENDPOINT=http://192.168.114.88:8080 #添加端口8080
DATABASE_TYPE=postgresql
POSTGRESQL_HOST=postgresql
POSTGRESQL_PORT=5432
......
......重启harbor
重启harbor,使用容器编排重启时,先把容器一并删除,再启容器。
这里使用docker-compose down
docker-compose启停容器介绍stop down
| 命令介绍 | 停止容器 | 删除容器 | 删除卷 | 删除网络 |
| dokcer-compose stop | √ | × | × | × |
| docker-compose down | √ | √ | × | √ |
| docker-compose down -v | √ | √ | √ | √ |
[root@localhost harbor]#:docker-compose down
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-core ... done
Stopping registry ... done
Stopping registryctl ... done
Stopping harbor-db ... done
Stopping harbor-portal ... done
Stopping redis ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-core ... done
Removing registry ... done
Removing registryctl ... done
Removing harbor-db ... done
Removing harbor-portal ... done
Removing redis ... done
Removing harbor-log ... done
Removing network harbor_harbor
[root@localhost harbor]#:
[root@localhost harbor]#:docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost harbor]#:
[root@localhost harbor]#:docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating redis ... done
Creating registry ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
[root@localhost harbor]#:此时发现,再查看端口只有8080端口,而没有80端口。
1.3 验证端口
浏览器访问ip:8080
输入用户名/密码:admin/Harbor12345
二、修改密码
2.1 web平台修改密码
修改密码可以直接在web平台修改密码。
在右上角点击修改密码。
密码长度在8到128之间且需包含至少一个大写字符,一个小写字符和一个数字
点击确定,会提示成功更改用户密码。
验证,
需输入正确的密码:HarBor123.
成功登录。
2.2 修改数据库
harbor有自己的数据库容器。在harbor数据库中,需要更新一条数据,进入数据库将密码置空,修改harbor.yml文件密码配置。重启docker-compose.yml文件。
将密码修改为Harbor@123.
[root@localhost harbor]#:vim harbor.yml
......
harbor_admin_password: Harbor@123.
......查看容器id
[root@localhost harbor]#:docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
14939b9a73f6 goharbor/nginx-photon:v2.8.0 "nginx -g 'daemon of…" 28 minutes ago Up 7 minutes (healthy) 0.0.0.0:8080->8080/tcp nginx
cb5d85347250 goharbor/harbor-jobservice:v2.8.0 "/harbor/entrypoint.…" 28 minutes ago Up 7 minutes (healthy) harbor-jobservice
34cdfe3ebcc4 goharbor/harbor-core:v2.8.0 "/harbor/entrypoint.…" 28 minutes ago Up 7 minutes (healthy) harbor-core
e246a3c0b085 goharbor/registry-photon:v2.8.0 "/home/harbor/entryp…" 28 minutes ago Up 7 minutes (healthy) registry
2235b9940f0b goharbor/redis-photon:v2.8.0 "redis-server /etc/r…" 28 minutes ago Up 7 minutes (healthy) redis
ea4da2a2efb0 goharbor/harbor-registryctl:v2.8.0 "/home/harbor/start.…" 28 minutes ago Up 7 minutes (healthy) registryctl
04b6e92f320b goharbor/harbor-db:v2.8.0 "/docker-entrypoint.…" 28 minutes ago Up 7 minutes (healthy) harbor-db
2336df7c99bd goharbor/harbor-portal:v2.8.0 "nginx -g 'daemon of…" 28 minutes ago Up 7 minutes (healthy) harbor-portal
67b207de0ddb goharbor/harbor-log:v2.8.0 "/bin/sh -c /usr/loc…" 28 minutes ago Up 7 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log找到harbor-db容器id
进入容器,并登入数据库。
[root@localhost harbor]#:docker exec -it 04b6e92f320b bash
postgres [ / ]$ psql -U postgres
psql (13.10)
Type "help" for help.
postgres=# admin用户密码默认存放在registry.harbor_user表中,进入registry数据库,重置admin密码,修改一条记录。
postgres=# \c registry
You are now connected to database "registry" as user "postgres".
registry=# select * from harbor_user;
user_id | username | email | password | realname | comment | deleted | reset_uuid |
salt | sysadmin_flag | creation_time | update_time | password_version
---------+-----------+-------+----------------------------------+----------------+----------------+---------+------------+---
-------------------------------+---------------+----------------------------+----------------------------+------------------
2 | anonymous | | | anonymous user | anonymous user | t | |
| f | 2025-07-02 11:46:19.516999 | 2025-07-02 11:46:19.853416 | sha1
1 | admin | | 55206534c7b2eab2897f556faedb81ed | system admin | admin user | f | | Oc
Gypc8BTRj2RfdRea8Vihnaf8sSVS1x | t | 2025-07-02 11:46:19.516999 | 2025-07-02 13:49:51.511982 | sha256
(2 rows)
registry=#
registry=# update harbor_user set salt='', password='' where username = 'admin'; #将admin用户的密码置空。
UPDATE 1
registry=#
registry=# select * from harbor_user;
user_id | username | email | password | realname | comment | deleted | reset_uuid | salt | sysadmin_flag |
creation_time | update_time | password_version
---------+-----------+-------+----------+----------------+----------------+---------+------------+------+---------------+----
------------------------+----------------------------+------------------
2 | anonymous | | | anonymous user | anonymous user | t | | | f | 202
5-07-02 11:46:19.516999 | 2025-07-02 11:46:19.853416 | sha1
1 | admin | | | system admin | admin user | f | | | t | 202
5-07-02 11:46:19.516999 | 2025-07-02 14:09:22.981355 | sha256
(2 rows)
registry=# 
退出数据库,退出容器
registry=#
registry=# exit
postgres [ / ]$ exit
exit
[root@localhost harbor]#:重启harbor镜像仓库。
[root@localhost harbor]#:docker-compose down
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping registry ... done
Stopping redis ... done
Stopping registryctl ... done
Stopping harbor-db ... done
Stopping harbor-portal ... done
Stopping harbor-log ... done
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-core ... done
Removing registry ... done
Removing redis ... done
Removing registryctl ... done
Removing harbor-db ... done
Removing harbor-portal ... done
Removing harbor-log ... done
Removing network harbor_harbor
[root@localhost harbor]#:执行prepare,配置生成脚本,将Harbor.yml中的参数注入各组件的配置文件(如Nginx,数据库配置)
[root@localhost harbor]#:./prepare
prepare base dir is set to /opt/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@localhost harbor]#:执行docker-compose后台启动。
[root@localhost harbor]#:docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
[root@localhost harbor]#:
2.3 密码验证
此时输入使用web平台修改的密码,已经失效。
需输入正确的密码:Harbor@123.
成功登录!
完成密码的修改!
本篇介绍生产环境中用于Harbor端口与密码的修改。
如需学习了解docker、Harbor的安装与使用请参考上一篇文章:Harbor的安装与使用
---end---