From 43533a4a714f20b7b98bc2f3122357f1c29e7e34 Mon Sep 17 00:00:00 2001 From: Stuart Clements Date: Tue, 22 Oct 2019 17:20:22 +0200 Subject: [PATCH] Tweaking the HTTP/HTTPS story --- docs/installation_guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/installation_guide.md b/docs/installation_guide.md index 3554fa81e..8364f15ce 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -91,7 +91,7 @@ After the initial deployment and after you have started Harbor, you perform addi The table below lists the parameters that must be set when you deploy Harbor. By default, all of the required parameters are uncommented in the `harbor.yml` file. The optional parameters are commented with `#`. You do not necessarily need to change the values of the required parameters from the defaults that are provided, but these parameters must remain uncommented. At the very least, you must update the `hostname` parameter. -**IMPORTANT**: Harbor does not ship with any certificates, and by default uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS. +**IMPORTANT**: Harbor does not ship with any certificates. In versions up to and including 1.9.1, by default Harbor uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS. You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. For information about how to create a CA, and how to use a CA to sign a server certificate and a client certificate, see **[Configuring Harbor with HTTPS Access](configure_https.md)**. @@ -112,7 +112,7 @@ You can use certificates that are signed by a trusted third-party CA, or you can https   -

Use HTTPS to access the Harbor Portal and the token/notification service.

+

Use HTTPS to access the Harbor Portal and the token/notification service. Always use HTTPS in production environments and environments that are not air-gapped.

@@ -212,7 +212,7 @@ You can use certificates that are signed by a trusted third-party CA, or you can proxy   - Configure proxies to be used by Clair, the replication jobservice, and Harbor. + Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.