# curl -L https://github.com/docker/compose/releases/download/1.7.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose

# touch /etc/pki/CA/{index.txt,serial}
# echo 01 > /etc/pki/CA/serial
# (umask 077;openssl genrsa -out  /etc/pki/CA/private/cakey.pem 2048)

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:wts
Organizational Unit Name (eg, section) []:sysops
Common Name (eg, your name or your server's hostname) []:wts.com
Email Address []:admin@wts.com

# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt
# mkdir /app/ssl
# (umask 077;openssl genrsa -out /app/ssl/harbor.key 2048)
# openssl req -new -key /app/ssl/harbor.key -out /app/ssl/harbor.csr

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:wts
Organizational Unit Name (eg, section) []:sysops
Common Name (eg, your name or your server's hostname) []:wts.com
Email Address []:admin@wts.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# openssl ca -in /app/ssl/harbor.csr -out /app/ssl/harbor.crt -days 3650
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: May 19 17:46:32 2017 GMTNot After : May 17 17:46:32 2027 GMTSubject:countryName               = CNstateOrProvinceName       = ChinaorganizationName          = wtsorganizationalUnitName    = sysopscommonName                = wts.comemailAddress              = admin@wts.comX509v3 extensions:X509v3 Basic Constraints:CA:FALSENetscape Comment:OpenSSL Generated CertificateX509v3 Subject Key Identifier:12:71:95:95:F2:6E:FE:88:F0:3E:DF:24:1F:D6:01:E6:24:83:05:B5X509v3 Authority Key Identifier:keyid:B6:44:15:87:F1:3D:14:4E:7A:A0:BA:35:53:69:2D:3C:E9:9E:77:22Certificate is to be certified until May 17 17:46:32 2027 GMT (3650 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

# mkdir -p /etc/docker/certs.d/wts.com
# cp /etc/pki/CA/cacert.pem /etc/docker/certs.d/wts.com/ca.crt

# systemctl daemon-reload
# systemctl restart docker

# wget https://github.com/vmware/harbor/releases/download/v1.1.1-rc1/harbor-online-installer-v1.1.1-rc1.tgz
# tar xf harbor-online-installer-v1.1.1-rc1.tgz
# cd harbor
# vim harbor.cfg
hostname = wtx.com
ui_url_protocol = https
ssl_cert = /app/ssl/harbor.crt
ssl_cert_key = /app/ssl/harbor.key

# ./install.sh[Step 0]: checking installation environment ...Note: docker version: 17.05.0Note: docker-compose version: 1.7.0......Creating harbor-log
Creating registry
Creating harbor-adminserver
Creating harbor-db
Creating harbor-ui
Creating harbor-jobservice
Creating nginx

#启动
docker-compose start
#关闭
docker-compose stop#修改配置文件步骤
docker-compose down -v
vim harbor.cfg
./prepare
docker-compose up -d
docker-compose start

# cat >>/etc/hosts <<EOF
192.168.116.148 wts.com
EOF

测试

# docker login wts.com
Username: admin
Password:   #密码为Harbor12345，harbor.cfg文件中配置
Login Succeeded

# mkdir -p /etc/docker/certs.d/wts.com
# scp /etc/docker/certs.d/wts.com/ca.crt 192.168.116.147:/etc/docker/certs.d/wts.com/ca.crt
# /etc/init.d/docker restart

# docker tag centos wts.com/library/centos
# docker push wts.com/library/centos

查看：