From 6e671e5cc27d4420d42629853eac0b2b35d6007f Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Tue, 28 Mar 2017 16:06:20 +0800 Subject: [PATCH] minor fix to doc for setup env for using notary --- docs/use_notary.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/use_notary.md b/docs/use_notary.md index bd47a0b34..fa585f1eb 100644 --- a/docs/use_notary.md +++ b/docs/use_notary.md @@ -1,22 +1,22 @@ -### Setup -In harbor.cfg, make sure the attribute ```ui_url_protocol``` is set to ```https```, and the attributes ```ssl_cert``` and ```ssl_cert_key``` are pointed to valid certificates. For more information about generating https certificate please refer to: [Configuring HTTPS for Harbor](configure_https.md) - -### Copy Root Certificate -Suppose the Harbor instance is hosted on a machine ```192.168.0.5``` -If you are using a self-signed cetificate, make sure to copy the CA root cert to ```/etc/docker/certs.d/192.168.0.5/``` and ```~/.docker/tls/192.168.0.5/``` - -### Enable Docker Content Trust -It can be done via setting envrironment variables: +### Setup +In harbor.cfg, make sure the attribute ```ui_url_protocol``` is set to ```https```, and the attributes ```ssl_cert``` and ```ssl_cert_key``` are pointed to valid certificates. For more information about generating https certificate please refer to: [Configuring HTTPS for Harbor](configure_https.md) -``` +### Copy Root Certificate +Suppose the Harbor instance is hosted on a machine ```192.168.0.5``` +If you are using a self-signed cetificate, make sure to copy the CA root cert to ```/etc/docker/certs.d/192.168.0.5/``` and ```~/.docker/tls/192.168.0.5:4443/``` + +### Enable Docker Content Trust +It can be done via setting envrironment variables: + +``` export DOCKER_CONTENT_TRUST=1 -export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443/ -``` - -### Set alias for notary (optional) -Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort: +export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443 +``` -``` -alias notary="notary -s https//192.168.0.5:4443 -d ~/.docker/trust --tlscacert /etc/docker/certs.d/192.168.0.5/ca.crt" +### Set alias for notary (optional) +Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort: -``` +``` +alias notary="notary -s https//192.168.0.5:4443 -d ~/.docker/trust --tlscacert /etc/docker/certs.d/192.168.0.5/ca.crt" + +```