Harbor: error installing harbor

i run it for test without https and its installing \ running fine

now i wonder whats wrong with my ssl certificates or the path of the certificates ?

BTW , i got the csr from this machine and i signed it with our domain microsoft CA .

so in /certs/
i have the key and and crt files
where do i need to put the ca certificate ? (it comes from MS as a bundle file p7b)

i tried to deal with the certificate issue with this guides without success :

https://blog.inkubate.io/how-to-use-harbor-private-registry-with-kubernetes/
https://www.greenreedtech.com/getting-started-with-vmware-harbor/
https://thenewstack.io/tutorial-install-the-docker-harbor-registry-server-on-ubuntu-18-04/
https://www.techrepublic.com/article/how-to-install-harbor-on-ubuntu-server-18-04/

Remove spacings for the https portion. Seems like there is an additional space character. I just removed all spaces at the https and http fields.

*Edit no idea why the # is messing with the markup in with the code markup

'#' http related config
http:
'#' port for http, default is 80. If https enabled, this port will redirect to https portport: 80
'#' https related config
https:
'#' ' #' https port for harbor, default is 443
port: 443
'#' '#' The path of cert and key files for nginx
certificate: /certs/harbor.crt
private_key: /certs/harbor.key

there is only one space before https, it should be 2 spaces

You need to remove the extra space in your harbor.yml file
The https part and external_url is not aligned. It should be like the http part.

@corytam thank you

so, the answer is no space at all in the https section
i dont like yaml

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.mydomain.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
#   # https port for harbor, default is 443
port: 443
#   # The path of cert and key files for nginx
certificate: /certs/abc.crt
private_key: /certs/abc.key

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
external_url: https://harbor.mydomain.com:8433

im using a valid wildcard certificate of my domain.
when running ./install.sh the process finish ok and all containers are UP
i can browse http fine , https not working .
also http is not redirecting to https.

also when trying to run the install script with :
./install.sh --with-notary --with-clair --with-chartmuseum
i get :

[Step 0]: checking installation environment ...

Note: docker version: 19.03.4

Note: docker-compose version: 1.18.0


[Step 1]: preparing environment ...
prepare base dir is set to /home/user1/harbor
Traceback (most recent call last):
  File "main.py", line 64, in <module>
    main()
  File "/usr/lib/python3.6/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.6/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "main.py", line 33, in main
    validate(config_dict, notary_mode=with_notary)
  File "/usr/src/app/utils/configs.py", line 12, in validate
    **"Error: the protocol must be https when Harbor is deployed with Notary")
Exception: Error: the protocol must be https when Harbor is deployed with Notary**

my harbor.yml file is :

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.mydomain.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
port: 80

# https related config
https:
#   # https port for harbor, default is 443
port: 443
#   # The path of cert and key files for nginx
certificate: /certs/abc.crt
private_key: /certs/abc.key

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
#external_url: https://harbor.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 100 for postgres.
  max_open_conns: 100

# The default data volume
data_volume: /data

# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
#   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
#   ca_bundle:

#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
#   # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
#   filesystem:
#     maxthreads: 100
#   # set disable to true when you want to disable registry redirect
#   redirect:
#     disabled: false

# Clair configuration
clair:
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  updaters_interval: 12

jobservice:
  # Maximum number of job workers in job service
  max_job_workers: 10

notification:
  # Maximum retry count for webhook job
  webhook_job_max_retry: 10

chart:
  # Change the value of absolute_url to enabled can enable absolute url in chart
  absolute_url: disabled

# Log configurations
log:
  # options are debug, info, warning, error, fatal
  level: info
  # configs for logs in local storage
  local:
    # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
    rotate_count: 50
    # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
    # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
    # are all valid.
    rotate_size: 200M
    # The directory on your host that store log
    location: /var/log/harbor

  # Uncomment following lines to enable external syslog endpoint.
  # external_endpoint:
  #   # protocol used to transmit log to external endpoint, options is tcp or udp
  #   protocol: tcp
  #   # The host of external endpoint
  #   host: localhost
  #   # Port of external endpoint
  #   port: 5140

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.9.0

# Uncomment external_database if using external database.
# external_database:
#   harbor:
#     host: harbor_db_host
#     port: harbor_db_port
#     db_name: harbor_db_name
#     username: harbor_db_username
#     password: harbor_db_password
#     ssl_mode: disable
#     max_idle_conns: 2
#     max_open_conns: 0
#   clair:
#     host: clair_db_host
#     port: clair_db_port
#     db_name: clair_db_name
#     username: clair_db_username
#     password: clair_db_password
#     ssl_mode: disable
#   notary_signer:
#     host: notary_signer_db_host
#     port: notary_signer_db_port
#     db_name: notary_signer_db_name
#     username: notary_signer_db_username
#     password: notary_signer_db_password
#     ssl_mode: disable
#   notary_server:
#     host: notary_server_db_host
#     port: notary_server_db_port
#     db_name: notary_server_db_name
#     username: notary_server_db_username
#     password: notary_server_db_password
#     ssl_mode: disable

# Uncomment external_redis if using external Redis server
# external_redis:
#   host: redis
#   port: 6379
#   password:
#   # db_index 0 is for core, it's unchangeable
#   registry_db_index: 1
#   jobservice_db_index: 2
#   chartmuseum_db_index: 3

# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
#   ca_file: /path/to/ca

# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
  http_proxy:
  https_proxy:
  no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair
  components:
    - core
    - jobservice
    - clair

where do i need to look for the errors about https \ certificates ?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

How was this resolved?

If it's about the first issue, you need to add extra space before port as it's child of http or https.
About the 2nd issue, you need to remove http as notary only use https