harbor/make/harbor.cfg

105 lines
3.9 KiB
INI
Raw Normal View History

2016-04-04 08:04:02 +02:00
## Configuration file of Harbor
2016-04-04 05:29:35 +02:00
#The IP address or hostname to access admin UI and registry service.
2016-04-04 05:20:52 +02:00
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
2016-11-16 13:42:29 +01:00
hostname = reg.mydomain.com
2016-04-04 08:04:02 +02:00
2016-04-04 05:29:35 +02:00
#The protocol for accessing the UI and token/notification service, by default it is http.
2016-04-04 08:13:39 +02:00
#It can be set to https if ssl is enabled on nginx.
2016-11-16 13:42:29 +01:00
ui_url_protocol = http
2016-04-04 08:04:02 +02:00
2016-04-04 08:13:39 +02:00
#Email account settings for sending out password resetting emails.
2016-11-24 08:48:36 +01:00
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
2016-11-24 10:50:41 +01:00
#Identity left blank to act as username.
2016-11-24 08:48:36 +01:00
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
2016-04-04 08:04:02 +02:00
2016-09-22 09:12:37 +02:00
##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
#Change the admin password from UI after launching Harbor.
harbor_admin_password = Harbor12345
2016-04-04 08:04:02 +02:00
2016-04-04 05:29:35 +02:00
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
auth_mode = db_auth
2016-04-04 08:04:02 +02:00
2016-04-04 08:13:39 +02:00
#The url for an ldap endpoint.
ldap_url = ldaps://ldap.mydomain.com
2016-04-04 08:04:02 +02:00
2016-09-22 09:12:37 +02:00
#A user's DN who has the permission to search the LDAP/AD server.
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
2016-08-18 12:31:41 +02:00
#the password of the ldap_searchdn
2016-09-22 09:12:37 +02:00
#ldap_search_pwd = password
2016-08-18 12:31:41 +02:00
2016-09-22 09:12:37 +02:00
#The base DN from which to look up a user in LDAP/AD
2016-08-18 12:31:41 +02:00
ldap_basedn = ou=people,dc=mydomain,dc=com
2016-09-22 09:12:37 +02:00
#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
#ldap_filter = (objectClass=person)
2016-08-18 12:31:41 +02:00
2016-09-22 09:12:37 +02:00
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
2016-08-18 12:31:41 +02:00
ldap_uid = uid
2016-09-22 09:12:37 +02:00
#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
2016-08-18 12:31:41 +02:00
ldap_scope = 3
2016-04-04 08:04:02 +02:00
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
2017-01-12 11:29:02 +01:00
ldap_timeout = 5
2016-04-04 08:04:02 +02:00
#The password for the root user of mysql db, change this before any production use.
db_password = root123
2016-04-08 11:04:47 +02:00
#Turn on or off the self-registration feature
self_registration = on
2016-04-19 19:37:07 +02:00
#Determine whether the UI should use compressed js files.
#For production, set it to on. For development, set it to off.
2016-07-14 08:56:56 +02:00
use_compressed_js = on
#Maximum number of job workers in job service
2016-06-20 13:06:51 +02:00
max_job_workers = 3
2016-04-19 19:37:07 +02:00
2016-09-22 09:12:37 +02:00
#The expiration time (in minute) of token created by token service, default is 30 minutes
2016-08-08 05:21:48 +02:00
token_expiration = 30
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
2016-06-22 12:41:56 +02:00
verify_remote_cert = on
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off, a key/certificate must
#be supplied for token generation.
2016-06-20 13:06:51 +02:00
customize_crt = on
2016-07-15 11:22:56 +02:00
#Information of your organization for certificate
2016-04-25 10:08:16 +02:00
crt_country = CN
crt_state = State
2016-04-25 10:08:16 +02:00
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = example@example.com
2016-10-14 11:13:15 +02:00
#The flag to control what users have permission to create projects
#Be default everyone can create a project, set to "adminonly" such that only admin can create project.
2016-11-16 13:42:29 +01:00
project_creation_restriction = everyone
2016-10-14 11:13:15 +02:00
#The path of cert and key files for nginx, they are applied only the protocol is set to https
2016-11-16 11:49:09 +01:00
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
2016-12-12 05:39:11 +01:00
#The path of secretkey storage
secretkey_path = /data
2016-10-14 11:13:15 +02:00
#############
2016-12-12 05:39:11 +01:00