1
0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-20 15:48:26 +01:00
harbor/docs/use_notary.md
Brett Johnson 18e76c963d Documentation typo correction
Signed-off-by: Brett Johnson <brett@sdbrett.com>

Date:      Mon Oct 8 08:41:37 2018 +1100

On branch docs
Changes to be committed:
	modified:   docs/compile_guide.md
	modified:   docs/installation_guide.md
	modified:   docs/kubernetes_deployment.md
	modified:   docs/manage_role_by_ldap_group.md
	modified:   docs/migration_guide.md
	modified:   docs/upgradetest.md
	modified:   docs/use_notary.md
	modified:   docs/user_guide.md
2018-10-08 08:45:10 +11:00

1.2 KiB

Setup

In harbor.cfg, make sure the attribute ui_url_protocol is set to https, and the attributes ssl_cert and ssl_cert_key are pointed to valid certificates. For more information about generating https certificate please refer to: Configuring HTTPS for Harbor

Copy Root Certificate

Suppose the Harbor instance is hosted on a machine 192.168.0.5 If you are using a self-signed certificate, make sure to copy the CA root cert to /etc/docker/certs.d/192.168.0.5/ and ~/.docker/tls/192.168.0.5:4443/

Enable Docker Content Trust

It can be done via setting environment variables:

export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443

Set alias for notary (optional)

Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort:

alias notary="notary -s https://192.168.0.5:4443 -d ~/.docker/trust --tlscacert  /etc/docker/certs.d/192.168.0.5/ca.crt"