mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-22 18:25:56 +01:00
Enable https by default
1. Umcomment https related configs 2. Remove the https prepare related thing in ci Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
parent
5d6cbe9aa1
commit
873d9f5b82
@ -10,12 +10,12 @@ http:
|
||||
port: 80
|
||||
|
||||
# https related config
|
||||
# https:
|
||||
# # https port for harbor, default is 443
|
||||
# port: 443
|
||||
# # The path of cert and key files for nginx
|
||||
# certificate: /your/certificate/path
|
||||
# private_key: /your/private/key/path
|
||||
https:
|
||||
# https port for harbor, default is 443
|
||||
port: 443
|
||||
# The path of cert and key files for nginx
|
||||
certificate: /your/certificate/path
|
||||
private_key: /your/private/key/path
|
||||
|
||||
# Uncomment external_url if you want to enable external proxy
|
||||
# And when it enabled the hostname will no longer used
|
||||
|
@ -29,8 +29,8 @@ while [ $# -gt 0 ]; do
|
||||
with_notary=true;;
|
||||
--with-clair)
|
||||
with_clair=true;;
|
||||
--with-chartmuseum)
|
||||
with_chartmuseum=true;;
|
||||
--with-chartmuseum)
|
||||
with_chartmuseum=true;;
|
||||
*)
|
||||
note "$usage"
|
||||
exit 1;;
|
||||
@ -41,37 +41,27 @@ done
|
||||
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
cd $workdir
|
||||
|
||||
# The hostname in harbor.yml has not been modified
|
||||
if grep '^[[:blank:]]*hostname: reg.mydomain.com' &> /dev/null harbor.yml
|
||||
then
|
||||
warn "$usage"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
h2 "[Step $item]: checking installation environment ..."; let item+=1
|
||||
h2 "[Step $item]: checking if docker is installed ..."; let item+=1
|
||||
check_docker
|
||||
check_dockercompose
|
||||
|
||||
if [ -f harbor*.tar.gz ]
|
||||
then
|
||||
h2 "[Step $item]: loading Harbor images ..."; let item+=1
|
||||
docker load -i ./harbor*.tar.gz
|
||||
fi
|
||||
echo ""
|
||||
h2 "[Step $item]: checking docker-compose is installed ..."; let item+=1
|
||||
check_dockercompose
|
||||
|
||||
h2 "[Step $item]: preparing environment ..."; let item+=1
|
||||
if [ -n "$host" ]
|
||||
then
|
||||
sed "s/^hostname: .*/hostname: $host/g" -i ./harbor.yml
|
||||
sed "s/^hostname: .*/hostname: $host/g" -i ./harbor.yml
|
||||
fi
|
||||
|
||||
h2 "[Step $item]: preparing harbor configs ..."; let item+=1
|
||||
prepare_para=
|
||||
if [ $with_notary ]
|
||||
then
|
||||
prepare_para="${prepare_para} --with-notary"
|
||||
prepare_para="${prepare_para} --with-notary"
|
||||
fi
|
||||
if [ $with_clair ]
|
||||
then
|
||||
prepare_para="${prepare_para} --with-clair"
|
||||
prepare_para="${prepare_para} --with-clair"
|
||||
fi
|
||||
if [ $with_chartmuseum ]
|
||||
then
|
||||
@ -81,32 +71,21 @@ fi
|
||||
./prepare $prepare_para
|
||||
echo ""
|
||||
|
||||
if [ -f harbor*.tar.gz ]
|
||||
then
|
||||
h2 "[Step $item]: loading Harbor images ..."; let item+=1
|
||||
docker load -i ./harbor*.tar.gz
|
||||
fi
|
||||
echo ""
|
||||
|
||||
if [ -n "$(docker-compose ps -q)" ]
|
||||
then
|
||||
note "stopping existing Harbor instance ..."
|
||||
docker-compose down -v
|
||||
note "stopping existing Harbor instance ..."
|
||||
docker-compose down -v
|
||||
fi
|
||||
echo ""
|
||||
|
||||
h2 "[Step $item]: starting Harbor ..."
|
||||
docker-compose up -d
|
||||
|
||||
protocol=http
|
||||
hostname=reg.mydomain.com
|
||||
|
||||
if [ -n "$(grep '^[^#]*https:' ./harbor.yml)" ]
|
||||
then
|
||||
protocol=https
|
||||
fi
|
||||
|
||||
if [[ $(grep '^[[:blank:]]*hostname:' ./harbor.yml) =~ hostname:[[:blank:]]*(.*) ]]
|
||||
then
|
||||
hostname=${BASH_REMATCH[1]}
|
||||
fi
|
||||
echo ""
|
||||
|
||||
success $"----Harbor has been installed and started successfully.----
|
||||
|
||||
Now you should be able to visit the admin portal at ${protocol}://${hostname}.
|
||||
For more details, please visit https://github.com/goharbor/harbor .
|
||||
"
|
||||
success $"----Harbor has been installed and started successfully.----"
|
||||
|
@ -31,7 +31,10 @@ def main(conf, with_notary, with_clair, with_chartmuseum):
|
||||
|
||||
delfile(config_dir)
|
||||
config_dict = parse_yaml_config(conf, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
|
||||
validate(config_dict, notary_mode=with_notary)
|
||||
try:
|
||||
validate(config_dict, notary_mode=with_notary)
|
||||
except Exception as e:
|
||||
print("Config validation Error: ", e)
|
||||
|
||||
prepare_log_configs(config_dict)
|
||||
prepare_nginx(config_dict)
|
||||
|
@ -1,20 +1,31 @@
|
||||
import yaml
|
||||
import logging
|
||||
from g import versions_file_path
|
||||
from .misc import generate_random_string
|
||||
|
||||
default_db_max_idle_conns = 2 # NOTE: https://golang.org/pkg/database/sql/#DB.SetMaxIdleConns
|
||||
default_db_max_open_conns = 0 # NOTE: https://golang.org/pkg/database/sql/#DB.SetMaxOpenConns
|
||||
default_https_cert_path = '/your/certificate/path'
|
||||
default_https_key_path = '/your/certificate/path'
|
||||
def validate(conf: dict, **kwargs):
|
||||
# hostname validate
|
||||
if conf.get('hostname') == '127.0.0.1':
|
||||
raise Exception("127.0.0.1 can not be the hostname")
|
||||
if conf.get('hostname') == 'reg.mydomain.com':
|
||||
raise Exception("Please specify hostname")
|
||||
|
||||
def validate(conf, **kwargs):
|
||||
# protocol validate
|
||||
protocol = conf.get("protocol")
|
||||
if protocol != "https" and kwargs.get('notary_mode'):
|
||||
raise Exception(
|
||||
"Error: the protocol must be https when Harbor is deployed with Notary")
|
||||
if protocol == "https":
|
||||
if not conf.get("cert_path"):
|
||||
if not conf.get("cert_path") or conf["cert_path"] == default_https_cert_path:
|
||||
raise Exception("Error: The protocol is https but attribute ssl_cert is not set")
|
||||
if not conf.get("cert_key_path"):
|
||||
if not conf.get("cert_key_path") or conf['cert_key_path'] == default_https_key_path:
|
||||
raise Exception("Error: The protocol is https but attribute ssl_cert_key is not set")
|
||||
if protocol == "http":
|
||||
logging.warning("WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https")
|
||||
|
||||
# log endpoint validate
|
||||
if ('log_ep_host' in conf) and not conf['log_ep_host']:
|
||||
|
@ -4,6 +4,9 @@ IP=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
|
||||
#echo $IP
|
||||
sudo sed "s/reg.mydomain.com/$IP/" -i make/harbor.yml
|
||||
|
||||
echo "https:" >> make/harbor.yml
|
||||
echo " certificate: /data/cert/server.crt" >> make/harbor.yml
|
||||
echo " private_key: /data/cert/server.key" >> make/harbor.yml
|
||||
# TODO: remove it when scanner adapter support internal access of harbor
|
||||
echo "storage_service:" >> make/harbor.yml
|
||||
echo " ca_bundle: /data/cert/server.crt" >> make/harbor.yml
|
||||
|
||||
sed "s|/your/certificate/path|/data/cert/server.crt|g" -i make/harbor.yml
|
||||
sed "s|/your/private/key/path|/data/cert/server.key|g" -i make/harbor.yml
|
||||
|
Loading…
Reference in New Issue
Block a user