mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-05 00:37:32 +02:00
Haining Henry Zhang
GitHub
commit
7e0305e37c
2
AUTHORS
2
AUTHORS
@ -26,6 +26,7 @@ Meng Wei <weim at vmware.com>
|
||||
Nagarjun G <nagarjung.g at gmail.com>
|
||||
Peng Zhao <zhaopeng1988 at gmail.com>
|
||||
Penghao Cen <scorpiocph at gmail.com>
|
||||
Phillip Gomez <gomez.phillip at gmail.com>
|
||||
Robin Naundorf <r.naundorf at fh-muenster.de>
|
||||
Shan Zhu <zhus at vmware.com>
|
||||
Robin Yue <jmyue at hotmail.com>
|
||||
@ -33,6 +34,7 @@ Tobe Chen <tobeg3oogle at gmail.com>
|
||||
Victoria Zheng <vzheng at vmware.com>
|
||||
Wenkai Yin <yinw at vmware.com>
|
||||
Xiaoxiao Zhou <xiaoxiaoz at vmware.com>
|
||||
Xinkun Xu <xuxinkun at gmail.com>
|
||||
Yahao He <bhe at vmware.com>
|
||||
Yan Wang <wangyan at vmware.com>
|
||||
Yong Hua <yhua at vmware.com>
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
<img alt="Harbor" src="docs/img/harbor_logo.png">
|
||||
|
||||
Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. With Harbor, the images are stored within the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.
|
||||
Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.
|
||||
|
||||
### Features
|
||||
* **Role based access control**: Users and repositories are organized via 'projects' and a user can have different permission for images under a project.
|
||||
@ -23,7 +23,7 @@ Project Harbor is an enterprise-class registry server that stores and distribute
|
||||
|
||||
**On a Linux host:** docker 1.10.0+ and docker-compose 1.6.0+ .
|
||||
|
||||
**On vSphere:** vCenter 5.x+ for deployment of Harbor's virtual appliance.
|
||||
**On vSphere:** vCenter 5.5+ for deployment of Harbor's virtual appliance.
|
||||
|
||||
Download binaries of **[Harbor release ](https://github.com/vmware/harbor/releases)** and follow **[Installation & Configuration Guide](docs/installation_guide.md)** to install Harbor.
|
||||
|
||||
|
||||
BIN
docs/img/ova/downloadcert.png
Normal file
BIN
docs/img/ova/downloadcert.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 17 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 44 KiB After Width: | Height: | Size: 72 KiB |
@ -1,6 +1,6 @@
|
||||
# Installing and Configuring Harbor on vSphere as Virtual Appliance
|
||||
|
||||
This guide walks you through the steps about installing and configuring Harbor on vSphere as an virtual appliance (OVA). If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**.
|
||||
This guide walks you through the steps about installing and configuring Harbor on vSphere as an virtual appliance. If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**.
|
||||
|
||||
## Prerequisites
|
||||
* vCenter 5.5+ and at least an ESX host.
|
||||
@ -10,21 +10,21 @@ This guide walks you through the steps about installing and configuring Harbor o
|
||||
## Planning for installation
|
||||
|
||||
### User management
|
||||
By default, Harbor stores user information in an internal database. Harbor can also be configured to authenticate against an external LDAP or AD server. The proper **authentication mode** must be set at the deployment time.
|
||||
By default, Harbor stores user information in an internal database. Harbor can also be configured to authenticate against an external LDAP or AD server. For LDAP/AD authentication, the **Authentication Mode** property must be set to *ldap_auth* at the deployment time.
|
||||
|
||||
**NOTE: This mode cannot be changed after the first boot of Harbor.**
|
||||
**NOTE:** This mode cannot be changed after the first boot of Harbor.
|
||||
|
||||
### Security
|
||||
|
||||
By default, Harbor uses HTTPS for secure communication. A self-signed certificate is generated at first boot. A Docker client or a VCH (Virtual Container Host) needs to trust Harbor's CA certificate in order to interact with Harbor.
|
||||
By default, Harbor uses HTTPS for secure communication. A self-signed certificate is generated at first boot. A Docker client or a VCH (Virtual Container Host) needs to trust the certificate of Harbor's CA in order to interact with Harbor.
|
||||
|
||||
The self-generated certificate can be replaced by supplying a certificate signed by other CAs in OVA's settings.
|
||||
|
||||
Harbor can be configured to use plain HTTP for some environments like testing or continuous integration (CI). However, it is **NOT** recommended to use HTTP for production because the communication is never secure.
|
||||
Harbor can be configured to use plain HTTP for some environments such as testing and continuous integration (CI). However, it is **NOT** recommended to use HTTP for production because the communication is never secure.
|
||||
|
||||
### Networking
|
||||
|
||||
Harbor can obtain IP address by DHCP. This is convenient for testing purpose. For a production system, it is recommended that static IP address be used.
|
||||
Harbor can obtain IP address by DHCP. This is convenient for testing purpose. For a production system, it is recommended that static IP address and host name be used.
|
||||
|
||||
|
||||
## Installation
|
||||
@ -72,8 +72,7 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
|
||||
|
||||
* Authentication
|
||||
|
||||
The **Authentication Mode** must be set before the first boot of Harbor. Subsequent changes to **Authentication Mode** does not have any effect. When **ldap_auth** mode is
|
||||
enabled, properties related to LDAP/AD must be set.
|
||||
The **Authentication Mode** must be set before the first boot of Harbor. Subsequent changes to **Authentication Mode** does not have any effect. When **ldap_auth** mode is enabled, properties related to LDAP/AD must be set.
|
||||
|
||||
* **Authentication Mode**: The default authentication mode is **db_auth**. Set it to **ldap_auth** when users' credentials are stored in an LDAP or AD server. Note: this option can only be set once.
|
||||
* **LDAP URL**: The URL of an LDAP/AD server.
|
||||
@ -84,7 +83,7 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
|
||||
|
||||
* Security
|
||||
|
||||
If HTTPS is enabled, a self-signed certificate is generated by default. To supply your own certificate, please fill in **SSL Cert** and **SSL Cert Key**. Do not use HTTP in any production system.
|
||||
If HTTPS is enabled, a self-signed certificate is generated by default. To supply your own certificate, fill in two properties: **SSL Cert** and **SSL Cert Key**. Do not use HTTP in any production system. **Notes:** If you want to enable HTTPS with your own self-signed certificate, refer to the "Getting a certificate" section of this **[guide](https://github.com/vmware/harbor/blob/master/docs/configure_https.md#getting-a-certificate)** for more details.
|
||||
|
||||
* **Protocol**: The protocol for accessing Harbor. Warning: setting it to http makes the communication insecure.
|
||||
* **SSL Cert**: Paste in the content of a certificate file. Leave blank for a generated self-signed certificate.
|
||||
@ -93,11 +92,11 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
|
||||
|
||||
* Email Settings
|
||||
|
||||
To allow a user to reset his/her own password through email, configure the below email settings:
|
||||
To allow a user to reset his/her own password through email, configure the below email settings:
|
||||
|
||||
* **Email Server**: The mail server to send out emails to reset password.
|
||||
* **Email Server Port**: The port of mail server.
|
||||
* **Email Username**: The user from whom the password reset email is sent.
|
||||
* **Email Username**: The user from whom the password reset email is sent. Usually this is a system email address.
|
||||
* **Email Password**: The password of the user from whom the password reset email is sent.
|
||||
* **Email From**: The name of the email sender.
|
||||
* **Email SSL**: Whether to enabled secure mail transmission.
|
||||
@ -110,8 +109,6 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
|
||||
* **Network 1 IP Address**: The IP address of this interface. Leave blank if DHCP is desired.
|
||||
* **Network 1 Netmask**: The netmask or prefix for this interface. Leave blank if DHCP is desired.
|
||||
|
||||
**Notes:** If you want to enable HTTPS with a self-signed certificate created manually, refer to the "Getting a certificate" part of this [guide](https://github.com/vmware/harbor/blob/master/docs/configure_https.md#getting-a-certificate) for generating a certificate.
|
||||
|
||||
After you complete the properties, click "Next".
|
||||
|
||||
10. Review your settings and click "Finish" to complete the deployment.
|
||||
@ -127,15 +124,18 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
|
||||
## Getting Certificate of Harbor's CA
|
||||
|
||||
By default, Harbor uses a self-signed certificate in HTTPS. A Docker client or a VCH needs to trust Harbor's CA certificate in order to interact with Harbor.
|
||||
To download Harbor's CA certificate and import into a Docker client, follow the below steps:
|
||||
To download the certificate of Harbor's CA and import into a Docker client, follow the below steps:
|
||||
|
||||
1. Log in Harbor's UI as an admin user.
|
||||
2. Click on the admin's name and select **About** from drop-down menu.
|
||||
2. Click on the admin's name at the upper left corner and select **"About"** from the drop-down menu.
|
||||
3. Click on the **Download** link to save the certificate file as `ca.crt`.
|
||||
4. Transmit the certificate file to a Docker host, put it under the below directory, you may need to create the directory if it does not exist:
|
||||
```
|
||||
/etc/docker/certs.d/<host_name_or_IP_of_Harbor>/ca.crt
|
||||
```
|
||||
|
||||
|
||||
|
||||
4. Copy the certificate file to a Docker host, put it under the below directory. Replace **host_name_or_IP_of_Harbor** with the actual host name or IP address of Harbor instance. You may need to create the directory if it does not exist:
|
||||
```
|
||||
/etc/docker/certs.d/host_name_or_IP_of_Harbor/ca.crt
|
||||
```
|
||||
5. Restart Docker service.
|
||||
6. Run `docker login` to verify that HTTPS is working.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user