Tweaking the HTTP/HTTPS story

This commit is contained in:
Stuart Clements 2019-10-22 17:20:22 +02:00
parent 669a519e8e
commit 43533a4a71

View File

@ -91,7 +91,7 @@ After the initial deployment and after you have started Harbor, you perform addi
The table below lists the parameters that must be set when you deploy Harbor. By default, all of the required parameters are uncommented in the `harbor.yml` file. The optional parameters are commented with `#`. You do not necessarily need to change the values of the required parameters from the defaults that are provided, but these parameters must remain uncommented. At the very least, you must update the `hostname` parameter.
**IMPORTANT**: Harbor does not ship with any certificates, and by default uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS.
**IMPORTANT**: Harbor does not ship with any certificates. In versions up to and including 1.9.1, by default Harbor uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS.
You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. For information about how to create a CA, and how to use a CA to sign a server certificate and a client certificate, see **[Configuring Harbor with HTTPS Access](configure_https.md)**.
@ -112,7 +112,7 @@ You can use certificates that are signed by a trusted third-party CA, or you can
<tr>
<td valign="top"><code>https</code></td>
<td valign="top">&nbsp;</td>
<td valign="top"><p>Use HTTPS to access the Harbor Portal and the token/notification service. </p>
<td valign="top"><p>Use HTTPS to access the Harbor Portal and the token/notification service. Always use HTTPS in production environments and environments that are not air-gapped.</p>
</td>
</tr>
<tr>
@ -212,7 +212,7 @@ You can use certificates that are signed by a trusted third-party CA, or you can
<tr>
<td valign="top"><code>proxy</code></td>
<td valign="top">&nbsp;</td>
<td valign="top">Configure proxies to be used by Clair, the replication jobservice, and Harbor.</td>
<td valign="top">Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.</td>
</tr>
<tr>
<td valign="top">&nbsp;</td>