1. #!/bin/bash
    2. HOST_NAME="192.168.1.101"
    3. PORT="8443"
    4. HOST_NAME="${HOST_NAME:-"$(hostname -f)"}"
    5. PORT="${PORT:-"443"}"
    6. CURRENT_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
    7. HARBOR_HOME="${HARBOR_HOME:-"${CURRENT_DIR}"}"
    8. echo "HOST_NAME = ${HOST_NAME}"
    9. echo "PORT = ${PORT}"
    10. echo "HARBOR_HOME = ${HARBOR_HOME}"
    11. if [[ -d ${HARBOR_HOME}/ca ]]; then
    12. rm -rf ${HARBOR_HOME}/ca
    13. fi
    14. mkdir -p ${HARBOR_HOME}/ca
    15. cd ${HARBOR_HOME}/ca
    16. # Generate a CA certificate private key.
    17. openssl genrsa -out ca.key 4096
    18. # Generate the CA certificate.
    19. openssl req -x509 -new -nodes -sha512 -days 3650 \
    20. -subj "/C=CN/ST=Shandong/L=Yantai/O=haiyisoft/OU=Personal/CN=${HOST_NAME}" \
    21. -key ca.key \
    22. -out ca.crt
    23. # Generate a private key.
    24. openssl genrsa -out ${HOST_NAME}:${PORT}.key 4096
    25. # Generate a certificate signing request (CSR).
    26. openssl req -sha512 -new \
    27. -subj "/C=CN/ST=Shandong/L=Yantai/O=haiyisoft/OU=Personal/CN=${HOST_NAME}" \
    28. -key ${HOST_NAME}:${PORT}.key \
    29. -out ${HOST_NAME}:${PORT}.csr
    30. # Generate an x509 v3 extension file.
    31. cat > v3.ext <<-EOF
    32. authorityKeyIdentifier=keyid,issuer
    33. basicConstraints=CA:FALSE
    34. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    35. extendedKeyUsage = serverAuth
    36. subjectAltName = @alt_names
    37. [alt_names]
    38. DNS.1=${HOST_NAME}
    39. DNS.2=localhost
    40. DNS.3=localhost.domain
    41. EOF
    42. # Use the v3.ext file to generate a certificate for your Harbor host.
    43. openssl x509 -req -sha512 -days 3650 \
    44. -extfile v3.ext \
    45. -CA ca.crt -CAkey ca.key -CAcreateserial \
    46. -in ${HOST_NAME}:${PORT}.csr \
    47. -out ${HOST_NAME}:${PORT}.crt
    48. # Copy the server certificate and key into the certficates folder on your Harbor host.
    49. if [[ -d ${HARBOR_HOME}/cert ]]; then
    50. rm -rf ${HARBOR_HOME}/cert
    51. fi
    52. mkdir -p ${HARBOR_HOME}/cert
    53. cp ${HOST_NAME}:${PORT}.crt ${HARBOR_HOME}/cert/
    54. cp ${HOST_NAME}:${PORT}.key ${HARBOR_HOME}/cert/
    55. # Convert ${HOST_NAME}.crt to ${HOST_NAME}.cert, for use by Docker.
    56. openssl x509 -inform PEM -in ${HOST_NAME}:${PORT}.crt -out ${HOST_NAME}:${PORT}.cert
    57. # Copy the server certificate, key and CA files into the Docker certificates folder on the Harbor host.
    58. # You must create the appropriate folders first.
    59. if [[ -d /etc/docker/certs.d/${HOST_NAME} ]]; then
    60. sudo rm -rf /etc/docker/certs.d/${HOST_NAME}:${PORT}
    61. fi
    62. sudo mkdir -p /etc/docker/certs.d/${HOST_NAME}:${PORT}
    63. sudo cp ${HOST_NAME}:${PORT}.cert /etc/docker/certs.d/${HOST_NAME}:${PORT}/
    64. sudo cp ${HOST_NAME}:${PORT}.key /etc/docker/certs.d/${HOST_NAME}:${PORT}/
    65. sudo cp ca.crt /etc/docker/certs.d/${HOST_NAME}:${PORT}/
    66. # restart docker
    67. sudo systemctl restart docker