Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 18:25:56 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wemeya/harbor

Browse Source
This commit is contained in:
Meng Wei 2016-04-19 11:55:13 +08:00
commit 7571c4e94f
4 changed files with 60 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
docs/auth.md
View File

@ -1,57 +0,0 @@
#Customize harbor auth with your key and certificate
By default, harbor use default private key and certificate in authentication. The auth procedure is like [Docker Registry v2 authentication](https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md). Also, you can customize your configuration with your own key and certificate with the following steps:
1.If you already have a certificate, go to step 3.
2.If not, you can generate a self-signed certificate using openSSL with following commands
**1)Generate a private key:**
```sh
openssl genrsa -out prvtkey.pem 2048
```
you can call it prvtkey.pem or other names you like.
**2)Generate a certificate:**
```sh
openssl req -new -x509 -key prvtkey.pem -out cacert.pem -days 1095
```
prvtkey.pem is what you generated in the first step, if you change the name, you should change it in the command. Also you can name cacert.pem what you like.
3.Refer to [Installation Guide](https://github.com/vmware/harbor/blob/master/docs/installation_guide.md) to install harbor. After you execute ./prepare, harbor generates several config files. We need to replace the original private key and certificate with your own key and certificate.
4.Following are what you should do:
**1)edit docker-compose.yml, find private_key.pem replace it with your own private key as following:**
![edit docker-compose.yml](img/edit_docker-compose-yml.png)
![edit docker-compose.yml](img/after_edit_docker-compose-yml.png)
**2)cd config/ui, you will see private_key.pem.**
**3)replace private_key.pem with your private key.**
**4)cd ../registry, you will see root.crt. Replace it with your certificate.**
**5)at the same directory, you will see config.yml. We need to modify it, open it and find root.crt, then change it to your certificate.**
5.After these, go back to harbor directory, execute:
```sh
docker-compose build
```
```sh
docker-compose up d
```
6.Then you can push/pull images to see if your own certificate works. Please refer [User Guide](https://github.com/vmware/harbor/blob/master/docs/user_guide.md)

60
docs/customize key for authentication.md Normal file
View File

@ -0,0 +1,60 @@
#Customize Harbor auth with your key and certificate
Harbor requires Docker client to access the Harbor registry with a token. The procedure to generate a token is like [Docker Registry v2 authentication](https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md). Firstly, you should make a request to the token service for a token. The token is signed by the private key. After that, you make a new request with the token to the Harbor registry, Harbor registry will verify the token with the public key in the rootcert bundle. Then Harbor registry will authorize the Docker client to push/pull images.
By default, Harbor uses default private key and certificate in authentication. Also, you can customize your configuration with your own key and certificate with the following steps:
1.If you already have a certificate, go to step 3.
2.If not, you can generate a root certificate using openSSL with following commands:
**1)Generate a private key:**
```sh
openssl genrsa -out private_key.pem 4096
```
**2)Generate a certificate:** You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank. Following are what you're asked to enter.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, server FQDN or YOUR name) []:
Email Address []:
```sh
openssl req -new -x509 -key private_key.pem -out root.crt -days 3650
```
After you execute these two commands, you will see private_key.pem and root.crt in the **current directory**, just type "ls", you'll see them.
3.Refer to [Installation Guide](https://github.com/vmware/harbor/blob/master/docs/installation_guide.md) to install Harbor, After you execute ./prepare, Harbor generates several config files. We need to replace the original private key and certificate with your own key and certificate.
4.Following are what you should do:
**1)cd config/ui, you will see private_key.pem.**
**2)replace private_key.pem with your private_key.pem**
**3)cd ../registry, you will see root.crt. Replace it with your root.crt**
5.After these, go back to the Deploy directory, you can start Harbor using following command:
```
docker-compose up -d
```
6.Then you can push/pull images to see if your own certificate works. Please refer [User Guide](https://github.com/vmware/harbor/blob/master/docs/user_guide.md) for more info.

BIN
docs/img/after_edit_docker-compose-yml.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.2 KiB

BIN
docs/img/edit_docker-compose-yml.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.6 KiB