1. #!/bin/bash
    3. HOST_NAME="192.168.1.101"
    4. PORT="8443"
    6. HOST_NAME="${HOST_NAME:-"$(hostname -f)"}"
    7. PORT="${PORT:-"443"}"
    8. CURRENT_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
    9. HARBOR_HOME="${HARBOR_HOME:-"${CURRENT_DIR}"}"
    11. echo "HOST_NAME = ${HOST_NAME}"
    12. echo "PORT = ${PORT}"
    13. echo "HARBOR_HOME = ${HARBOR_HOME}"
    15. if [[ -d ${HARBOR_HOME}/ca ]]; then
    16.     rm -rf ${HARBOR_HOME}/ca
    17. fi
    18. mkdir -p ${HARBOR_HOME}/ca
    20. cd ${HARBOR_HOME}/ca
    22. # Generate a CA certificate private key.
    23. openssl genrsa -out ca.key 4096
    25. # Generate the CA certificate.
    26. openssl req -x509 -new -nodes -sha512 -days 3650 \
    27.  -subj "/C=CN/ST=Shandong/L=Yantai/O=haiyisoft/OU=Personal/CN=${HOST_NAME}" \
    28.  -key ca.key \
    29.  -out ca.crt
    31. # Generate a private key.
    32. openssl genrsa -out ${HOST_NAME}:${PORT}.key 4096
    34. # Generate a certificate signing request (CSR).
    35. openssl req -sha512 -new \
    36.     -subj "/C=CN/ST=Shandong/L=Yantai/O=haiyisoft/OU=Personal/CN=${HOST_NAME}" \
    37.     -key ${HOST_NAME}:${PORT}.key \
    38.     -out ${HOST_NAME}:${PORT}.csr
    40. # Generate an x509 v3 extension file.
    41. cat > v3.ext <<-EOF
    42. authorityKeyIdentifier=keyid,issuer
    43. basicConstraints=CA:FALSE
    44. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    45. extendedKeyUsage = serverAuth
    46. subjectAltName = @alt_names
    48. [alt_names]
    49. DNS.1=${HOST_NAME}
    50. DNS.2=localhost
    51. DNS.3=localhost.domain
    52. EOF
    54. # Use the v3.ext file to generate a certificate for your Harbor host.
    55. openssl x509 -req -sha512 -days 3650 \
    56.     -extfile v3.ext \
    57.     -CA ca.crt -CAkey ca.key -CAcreateserial \
    58.     -in ${HOST_NAME}:${PORT}.csr \
    59.     -out ${HOST_NAME}:${PORT}.crt
    61. # Copy the server certificate and key into the certficates folder on your Harbor host.
    62. if [[ -d ${HARBOR_HOME}/cert ]]; then
    63.     rm -rf ${HARBOR_HOME}/cert
    64. fi
    65. mkdir -p ${HARBOR_HOME}/cert
    67. cp ${HOST_NAME}:${PORT}.crt ${HARBOR_HOME}/cert/
    68. cp ${HOST_NAME}:${PORT}.key ${HARBOR_HOME}/cert/
    70. # Convert ${HOST_NAME}.crt to ${HOST_NAME}.cert, for use by Docker.
    71. openssl x509 -inform PEM -in ${HOST_NAME}:${PORT}.crt -out ${HOST_NAME}:${PORT}.cert
    73. # Copy the server certificate, key and CA files into the Docker certificates folder on the Harbor host.
    74. # You must create the appropriate folders first.
    75. if [[ -d /etc/docker/certs.d/${HOST_NAME} ]]; then
    76.     sudo rm -rf /etc/docker/certs.d/${HOST_NAME}:${PORT}
    77. fi
    78. sudo mkdir -p /etc/docker/certs.d/${HOST_NAME}:${PORT}
    80. sudo cp ${HOST_NAME}:${PORT}.cert /etc/docker/certs.d/${HOST_NAME}:${PORT}/
    81. sudo cp ${HOST_NAME}:${PORT}.key /etc/docker/certs.d/${HOST_NAME}:${PORT}/
    82. sudo cp ca.crt /etc/docker/certs.d/${HOST_NAME}:${PORT}/
    84. # restart docker
    85. sudo systemctl restart docker