mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-03 09:09:47 +01:00
18e76c963d
Signed-off-by: Brett Johnson <brett@sdbrett.com> Date: Mon Oct 8 08:41:37 2018 +1100 On branch docs Changes to be committed: modified: docs/compile_guide.md modified: docs/installation_guide.md modified: docs/kubernetes_deployment.md modified: docs/manage_role_by_ldap_group.md modified: docs/migration_guide.md modified: docs/upgradetest.md modified: docs/use_notary.md modified: docs/user_guide.md
23 lines
1.2 KiB
Markdown
23 lines
1.2 KiB
Markdown
### Setup
|
|
In harbor.cfg, make sure the attribute ```ui_url_protocol``` is set to ```https```, and the attributes ```ssl_cert``` and ```ssl_cert_key``` are pointed to valid certificates. For more information about generating https certificate please refer to: [Configuring HTTPS for Harbor](configure_https.md)
|
|
|
|
### Copy Root Certificate
|
|
Suppose the Harbor instance is hosted on a machine ```192.168.0.5```
|
|
If you are using a self-signed certificate, make sure to copy the CA root cert to ```/etc/docker/certs.d/192.168.0.5/``` and ```~/.docker/tls/192.168.0.5:4443/```
|
|
|
|
### Enable Docker Content Trust
|
|
It can be done via setting environment variables:
|
|
|
|
```
|
|
export DOCKER_CONTENT_TRUST=1
|
|
export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443
|
|
```
|
|
|
|
### Set alias for notary (optional)
|
|
Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort:
|
|
|
|
```
|
|
alias notary="notary -s https://192.168.0.5:4443 -d ~/.docker/trust --tlscacert /etc/docker/certs.d/192.168.0.5/ca.crt"
|
|
|
|
```
|