From 07f38025e02e2d0b81cd90e1ed7f08a1fe011fbe Mon Sep 17 00:00:00 2001 From: myufei Date: Mon, 17 Apr 2017 19:06:00 +0800 Subject: [PATCH] fix markdown --- docs/configure_https.md | 8 ++++---- docs/customize_token_service.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 0c3641066..f1b9b843d 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -1,8 +1,8 @@ -#Configuring Harbor with HTTPS Access +# Configuring Harbor with HTTPS Access Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can use the prepare script to configure Nginx to enable https. -##Getting a certificate +## Getting a certificate Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**. @@ -40,7 +40,7 @@ If you're using **IP**, say **192.168.1.101** to connect your registry host, you openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out yourdomain.com .crt ``` -##Configuration and Installation +## Configuration and Installation After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, you can put them into directory such as ```/root/cert/```: @@ -95,7 +95,7 @@ If you've mapped nginx 443 port to another, you need to add the port to login, l docker login reg.yourdomain.com:port ``` -##Troubleshooting +## Troubleshooting 1. You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command: ``` diff --git a/docs/customize_token_service.md b/docs/customize_token_service.md index 93694a1f8..e7344b26a 100644 --- a/docs/customize_token_service.md +++ b/docs/customize_token_service.md @@ -1,4 +1,4 @@ -#Customize Harbor token service with your key and certificate +# Customize Harbor token service with your key and certificate Harbor requires Docker client to access the Harbor registry with a token. The procedure to generate a token is like [Docker Registry v2 authentication](https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md). Firstly, you should make a request to the token service for a token. The token is signed by the private key. After that, you make a new request with the token to the Harbor registry, Harbor registry will verify the token with the public key in the rootcert bundle. Then Harbor registry will authorize the Docker client to push/pull images.