harbor用的是域名,且证书是泛域名证书一年续费一次,每年要更新一次证书

1.更新这个目录下证书文件

cat harbor.yml
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /etc/cert/myki.com.pem
  private_key: /etc/cert/myki.com.key
  # 重新上传证书

2.找到harbor的nginx映射的cert目录,更新其中的证书

cat docker-compose.yml
  proxy:
    ...
    volumes:
      - ./common/config/nginx:/etc/nginx:z
      - /data/harbor-data/secret/cert:/etc/cert:z
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
#        
cp /etc/cert/myki.com.pem /data/harbor-data/secret/cert/server.crt
cp /etc/cert/myki.com.key /data/harbor-data/secret/cert/server.key
chmod 600 /data/harbor-data/secret/cert/server*
chown 10000:10000 /data/harbor-data/secret/cert/server*

3.重启nginx

docker-compose restart proxy