mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-09 17:37:44 +01:00
377739204b
Signed-off-by: DQ <dengq@vmware.com>
27 lines
1.1 KiB
Markdown
27 lines
1.1 KiB
Markdown
### Setup
|
|
|
|
In harbor.yml, make sure https is enabled, and the attributes `ssl_cert` and `ssl_cert_key` are pointed to valid certificates. For more information about generating https certificate please refer to: [Configuring HTTPS for Harbor](configure_https.md)
|
|
|
|
### Copy Root Certificate
|
|
|
|
Suppose the Harbor instance is hosted on a machine `192.168.0.5`
|
|
If you are using a self-signed certificate, make sure to copy the CA root cert to `/etc/docker/certs.d/192.168.0.5/` and `~/.docker/tls/192.168.0.5:4443/`
|
|
|
|
### Enable Docker Content Trust
|
|
|
|
It can be done via setting environment variables:
|
|
|
|
```
|
|
export DOCKER_CONTENT_TRUST=1
|
|
export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443
|
|
```
|
|
|
|
### Set alias for notary (optional)
|
|
|
|
Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort:
|
|
|
|
```
|
|
alias notary="notary -s https://192.168.0.5:4443 -d ~/.docker/trust --tlscacert /etc/docker/certs.d/192.168.0.5/ca.crt"
|
|
|
|
```
|