Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-10-02 23:37:38 +02:00
Code Issues Projects Releases Wiki Activity

update installation guide

Browse Source
This commit is contained in:
Henry Zhang 2016-11-23 23:33:33 +08:00
parent 810db2415f
commit ee7ad59143
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/installation_guide_ova.md
View File

@ -17,11 +17,12 @@ By default, Harbor stores user information in an internal database. Harbor can a
### Security
By default, Harbor uses HTTPS for secure communication. A self-signed certificate is generated at first boot based on its FQDN or IP address. A Docker client or a VCH (Virtual Container Host) needs to trust the certificate of Harbor's CA in order to interact with Harbor.
Harbor always tries to generate a self-signed certificate based on its FQDN. Therefore, its IP address must have a FQDN associated with it in the DNS server. If Harbor cannot resolve its IP address to a FQDN, it generates the self-signed certificate using its IP address. In this case, Harbor can only be accessed by IP address.
If Harbor's IP address or FQDN is changed, the self-signed certificate will be re-generated. However, since the certificate of Harbor's own CA does not change, no certificate update is needed at the Docker client or VCH.
If Harbor's IP address or FQDN is changed, the self-signed certificate will be re-generated. However, since the certificate of Harbor's own CA does not change, no certificate update is needed in the Docker client or VCH.
The self-generated certificate can be replaced by supplying a certificate signed by other CAs in OVA's settings.
Harbor's self-generated certificate can be replaced by supplying a certificate signed by other CAs in OVA's settings.
Harbor can be configured to use plain HTTP for some environments such as testing and continuous integration (CI). However, it is **NOT** recommended to use HTTP for production because the communication is never secure.
@ -137,7 +138,7 @@ To download the certificate of Harbor's CA and import into a Docker client, foll
![ova](img/ova/downloadcert.png)
4. Copy the certificate file to a Docker host and put it under the below directory. Replace **FQDN_or_IP_of_Harbor** with the actual FQDN or IP address of Harbor instance. You may need to create the directory if it does not exist:
4. Copy the certificate file to a Docker host and put it under the below directory. Replace **FQDN_or_IP_of_Harbor** with the actual FQDN or IP address of the Harbor instance. You may need to create the directory if it does not exist:
```
/etc/docker/certs.d/FQDN_or_IP_of_Harbor/ca.crt
```