2016-04-04 08:04:02 +02:00
|
|
|
## Configuration file of Harbor
|
|
|
|
|
2018-03-16 07:35:38 +01:00
|
|
|
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
|
|
|
|
_version = 1.5.0
|
2016-04-04 05:29:35 +02:00
|
|
|
#The IP address or hostname to access admin UI and registry service.
|
2016-04-04 05:20:52 +02:00
|
|
|
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
2016-11-16 13:42:29 +01:00
|
|
|
hostname = reg.mydomain.com
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2016-04-04 05:29:35 +02:00
|
|
|
#The protocol for accessing the UI and token/notification service, by default it is http.
|
2016-04-04 08:13:39 +02:00
|
|
|
#It can be set to https if ssl is enabled on nginx.
|
2016-11-16 13:42:29 +01:00
|
|
|
ui_url_protocol = http
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2017-03-01 08:26:16 +01:00
|
|
|
#Maximum number of job workers in job service
|
|
|
|
max_job_workers = 3
|
|
|
|
|
|
|
|
#Determine whether or not to generate certificate for the registry's token.
|
|
|
|
#If the value is on, the prepare script creates new root cert and private key
|
2017-03-23 14:00:53 +01:00
|
|
|
#for generating token to access the registry. If the value is off the default key/cert will be used.
|
|
|
|
#This flag also controls the creation of the notary signer's cert.
|
2017-03-01 08:26:16 +01:00
|
|
|
customize_crt = on
|
|
|
|
|
|
|
|
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
|
|
|
ssl_cert = /data/cert/server.crt
|
|
|
|
ssl_cert_key = /data/cert/server.key
|
|
|
|
|
|
|
|
#The path of secretkey storage
|
|
|
|
secretkey_path = /data
|
|
|
|
|
2017-04-17 07:46:39 +02:00
|
|
|
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
|
2017-03-09 13:12:33 +01:00
|
|
|
admiral_url = NA
|
|
|
|
|
2017-11-08 06:07:27 +01:00
|
|
|
#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
|
|
|
|
log_rotate_count = 50
|
|
|
|
#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
|
|
|
|
#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
|
|
|
|
#are all valid.
|
|
|
|
log_rotate_size = 200M
|
2017-10-13 10:06:25 +02:00
|
|
|
|
2017-03-01 08:26:16 +01:00
|
|
|
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
|
|
|
#only take effect in the first boot, the subsequent changes of these properties
|
|
|
|
#should be performed on web ui
|
2017-04-07 12:24:08 +02:00
|
|
|
|
2017-03-01 08:26:16 +01:00
|
|
|
#************************BEGIN INITIAL PROPERTIES************************
|
|
|
|
|
2016-04-04 08:13:39 +02:00
|
|
|
#Email account settings for sending out password resetting emails.
|
2016-11-24 08:48:36 +01:00
|
|
|
|
|
|
|
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
|
2016-11-24 10:50:41 +01:00
|
|
|
#Identity left blank to act as username.
|
2016-11-24 08:48:36 +01:00
|
|
|
email_identity =
|
|
|
|
|
2016-04-20 13:40:19 +02:00
|
|
|
email_server = smtp.mydomain.com
|
2016-02-22 03:00:42 +01:00
|
|
|
email_server_port = 25
|
|
|
|
email_username = sample_admin@mydomain.com
|
|
|
|
email_password = abc
|
|
|
|
email_from = admin <sample_admin@mydomain.com>
|
2016-04-21 07:03:12 +02:00
|
|
|
email_ssl = false
|
2017-10-31 06:51:49 +01:00
|
|
|
email_insecure = false
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2016-09-22 09:12:37 +02:00
|
|
|
##The initial password of Harbor admin, only works for the first time when Harbor starts.
|
|
|
|
#It has no effect after the first launch of Harbor.
|
|
|
|
#Change the admin password from UI after launching Harbor.
|
2016-04-20 13:40:19 +02:00
|
|
|
harbor_admin_password = Harbor12345
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2016-04-04 05:29:35 +02:00
|
|
|
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
|
|
|
|
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
|
2016-02-22 03:00:42 +01:00
|
|
|
auth_mode = db_auth
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2016-04-04 08:13:39 +02:00
|
|
|
#The url for an ldap endpoint.
|
2016-02-22 03:00:42 +01:00
|
|
|
ldap_url = ldaps://ldap.mydomain.com
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2016-09-22 09:12:37 +02:00
|
|
|
#A user's DN who has the permission to search the LDAP/AD server.
|
|
|
|
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
|
|
|
|
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
|
2016-08-18 12:31:41 +02:00
|
|
|
|
|
|
|
#the password of the ldap_searchdn
|
2016-09-22 09:12:37 +02:00
|
|
|
#ldap_search_pwd = password
|
2016-08-18 12:31:41 +02:00
|
|
|
|
2016-09-22 09:12:37 +02:00
|
|
|
#The base DN from which to look up a user in LDAP/AD
|
2016-08-18 12:31:41 +02:00
|
|
|
ldap_basedn = ou=people,dc=mydomain,dc=com
|
|
|
|
|
2016-09-22 09:12:37 +02:00
|
|
|
#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
|
|
|
|
#ldap_filter = (objectClass=person)
|
2016-08-18 12:31:41 +02:00
|
|
|
|
2016-09-22 09:12:37 +02:00
|
|
|
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
|
2016-08-18 12:31:41 +02:00
|
|
|
ldap_uid = uid
|
|
|
|
|
2018-01-08 09:59:15 +01:00
|
|
|
#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
|
|
|
|
ldap_scope = 2
|
2016-04-04 08:04:02 +02:00
|
|
|
|
2016-12-30 09:03:30 +01:00
|
|
|
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
|
2017-01-12 11:29:02 +01:00
|
|
|
ldap_timeout = 5
|
2016-12-30 09:03:30 +01:00
|
|
|
|
2017-12-27 02:37:00 +01:00
|
|
|
#Verify certificate from LDAP server
|
|
|
|
ldap_verify_cert = true
|
|
|
|
|
2018-03-14 12:07:06 +01:00
|
|
|
#The base dn from which to lookup a group in LDAP/AD
|
|
|
|
ldap_group_basedn = ou=group,dc=mydomain,dc=com
|
|
|
|
|
|
|
|
#filter to search LDAP/AD group
|
|
|
|
ldap_group_filter = objectclass=group
|
|
|
|
|
|
|
|
#The attribute used to name a LDAP/AD group, it could be cn, name
|
|
|
|
ldap_group_gid = cn
|
|
|
|
|
|
|
|
#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
|
|
|
|
ldap_group_scope = 2
|
|
|
|
|
2016-04-08 11:04:47 +02:00
|
|
|
#Turn on or off the self-registration feature
|
2016-03-31 12:45:26 +02:00
|
|
|
self_registration = on
|
2016-04-19 19:37:07 +02:00
|
|
|
|
2016-09-22 09:12:37 +02:00
|
|
|
#The expiration time (in minute) of token created by token service, default is 30 minutes
|
2016-08-08 05:21:48 +02:00
|
|
|
token_expiration = 30
|
|
|
|
|
2016-11-16 13:31:04 +01:00
|
|
|
#The flag to control what users have permission to create projects
|
2017-04-17 07:46:39 +02:00
|
|
|
#The default value "everyone" allows everyone to creates a project.
|
|
|
|
#Set to "adminonly" so that only admin user can create project.
|
2016-11-16 13:42:29 +01:00
|
|
|
project_creation_restriction = everyone
|
2016-10-14 11:13:15 +02:00
|
|
|
|
2018-02-01 10:57:14 +01:00
|
|
|
#************************END INITIAL PROPERTIES************************
|
|
|
|
|
|
|
|
#######Harbor DB configuration section#######
|
|
|
|
|
|
|
|
#The address of the Harbor database. Only need to change when using external db.
|
2017-09-22 04:46:02 +02:00
|
|
|
db_host = mysql
|
|
|
|
|
2018-02-01 10:57:14 +01:00
|
|
|
#The password for the root user of Harbor DB. Change this before any production use.
|
|
|
|
db_password = root123
|
|
|
|
|
|
|
|
#The port of Harbor database host
|
2017-09-22 04:46:02 +02:00
|
|
|
db_port = 3306
|
|
|
|
|
2018-02-01 10:57:14 +01:00
|
|
|
#The user name of Harbor database
|
2017-09-22 04:46:02 +02:00
|
|
|
db_user = root
|
2018-02-01 10:57:14 +01:00
|
|
|
|
|
|
|
##### End of Harbor DB configuration#######
|
|
|
|
|
|
|
|
#The redis server address. Only needed in HA installation.
|
2017-09-27 06:56:57 +02:00
|
|
|
redis_url =
|
2017-12-19 08:25:12 +01:00
|
|
|
|
2018-02-01 10:57:14 +01:00
|
|
|
##########Clair DB configuration############
|
|
|
|
|
|
|
|
#Clair DB host address. Only change it when using an exteral DB.
|
2017-12-19 08:25:12 +01:00
|
|
|
clair_db_host = postgres
|
|
|
|
|
2018-02-01 10:57:14 +01:00
|
|
|
#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.
|
|
|
|
#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
|
|
|
|
clair_db_password = password
|
|
|
|
|
2017-12-19 08:25:12 +01:00
|
|
|
#Clair DB connect port
|
|
|
|
clair_db_port = 5432
|
|
|
|
|
|
|
|
#Clair DB username
|
|
|
|
clair_db_username = postgres
|
|
|
|
|
|
|
|
#Clair default database
|
|
|
|
clair_db = postgres
|
2018-01-07 10:23:18 +01:00
|
|
|
|
2018-02-01 10:57:14 +01:00
|
|
|
##########End of Clair DB configuration############
|
2018-01-07 10:23:18 +01:00
|
|
|
|
2017-10-01 23:03:53 +02:00
|
|
|
#The following attributes only need to be set when auth mode is uaa_auth
|
|
|
|
uaa_endpoint = uaa.mydomain.org
|
2017-12-19 07:42:07 +01:00
|
|
|
uaa_clientid = id
|
|
|
|
uaa_clientsecret = secret
|
|
|
|
uaa_verify_cert = true
|
2018-01-03 09:21:29 +01:00
|
|
|
uaa_ca_cert = /path/to/ca.pem
|
2018-01-07 10:23:18 +01:00
|
|
|
|
|
|
|
|
|
|
|
### Docker Registry setting ###
|
|
|
|
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
|
|
|
|
registry_storage_provider_name = filesystem
|
|
|
|
#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
|
|
|
|
#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
|
|
|
|
registry_storage_provider_config =
|