mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 00:57:44 +01:00
parent
2333313205
commit
9d87279152
@ -8,7 +8,7 @@ events {
|
|||||||
|
|
||||||
http {
|
http {
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.upstream.conf;
|
||||||
|
|
||||||
# this is necessary for us to be able to disable request buffering in all cases
|
# this is necessary for us to be able to disable request buffering in all cases
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
@ -42,6 +42,8 @@ http {
|
|||||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
||||||
chunked_transfer_encoding on;
|
chunked_transfer_encoding on;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.location.conf;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://ui/;
|
proxy_pass http://ui/;
|
||||||
proxy_set_header Host $$http_host;
|
proxy_set_header Host $$http_host;
|
||||||
@ -62,19 +64,6 @@ http {
|
|||||||
return 404;
|
return 404;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /notary/v2/ {
|
|
||||||
proxy_pass http://notary-server/v2/;
|
|
||||||
proxy_set_header Host $$http_host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v2/ {
|
location /v2/ {
|
||||||
proxy_pass http://registry/v2/;
|
proxy_pass http://registry/v2/;
|
||||||
proxy_set_header Host $$http_host;
|
proxy_set_header Host $$http_host;
|
||||||
|
12
make/common/templates/nginx/notary.location.conf
Normal file
12
make/common/templates/nginx/notary.location.conf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
location /notary/v2/ {
|
||||||
|
proxy_pass http://notary-server/v2/;
|
||||||
|
proxy_set_header Host $$http_host;
|
||||||
|
proxy_set_header X-Real-IP $$remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
||||||
|
proxy_set_header X-Forwarded-Proto $$scheme;
|
||||||
|
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_request_buffering off;
|
||||||
|
}
|
14
make/prepare
14
make/prepare
@ -147,7 +147,10 @@ token_expiration = rcp.get("configuration", "token_expiration")
|
|||||||
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
||||||
proj_cre_restriction = rcp.get("configuration", "project_creation_restriction")
|
proj_cre_restriction = rcp.get("configuration", "project_creation_restriction")
|
||||||
secretkey_path = rcp.get("configuration", "secretkey_path")
|
secretkey_path = rcp.get("configuration", "secretkey_path")
|
||||||
admiral_url = rcp.get("configuration", "admiral_url")
|
if rcp.has_option("configuration", "admiral_url"):
|
||||||
|
admiral_url = rcp.get("configuration", "admiral_url")
|
||||||
|
else:
|
||||||
|
admiral_url = ""
|
||||||
secret_key = get_secret_key(secretkey_path)
|
secret_key = get_secret_key(secretkey_path)
|
||||||
########
|
########
|
||||||
|
|
||||||
@ -313,20 +316,21 @@ if args.notary_mode:
|
|||||||
shutil.rmtree(os.path.join(notary_config_dir, "mysql-initdb.d"))
|
shutil.rmtree(os.path.join(notary_config_dir, "mysql-initdb.d"))
|
||||||
shutil.copytree(os.path.join(notary_temp_dir, "mysql-initdb.d"), os.path.join(notary_config_dir, "mysql-initdb.d"))
|
shutil.copytree(os.path.join(notary_temp_dir, "mysql-initdb.d"), os.path.join(notary_config_dir, "mysql-initdb.d"))
|
||||||
#TODO:generate certs?
|
#TODO:generate certs?
|
||||||
print ("Copying certs for notary signer")
|
print("Copying certs for notary signer")
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "root-ca.crt"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "root-ca.crt"), notary_config_dir)
|
||||||
|
|
||||||
shutil.copy2(os.path.join(registry_config_dir, "root.crt"), notary_config_dir)
|
shutil.copy2(os.path.join(registry_config_dir, "root.crt"), notary_config_dir)
|
||||||
print ("Copying notary signer configuration file")
|
print("Copying notary signer configuration file")
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "signer-config.json"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "signer-config.json"), notary_config_dir)
|
||||||
render(os.path.join(notary_temp_dir, "server-config.json"),
|
render(os.path.join(notary_temp_dir, "server-config.json"),
|
||||||
os.path.join(notary_config_dir, "server-config.json"),
|
os.path.join(notary_config_dir, "server-config.json"),
|
||||||
token_endpoint=ui_url)
|
token_endpoint=ui_url)
|
||||||
|
|
||||||
print ("Copying nginx configuration file for notary")
|
print("Copying nginx configuration file for notary")
|
||||||
shutil.copy2(os.path.join(templates_dir, "nginx", "nginx.notary.conf"), nginx_conf_d)
|
shutil.copy2(os.path.join(templates_dir, "nginx", "notary.upstream.conf"), nginx_conf_d)
|
||||||
|
shutil.copy2(os.path.join(templates_dir, "nginx", "notary.location.conf"), nginx_conf_d)
|
||||||
|
|
||||||
default_alias = ''.join(random.choice(string.ascii_letters) for i in range(8))
|
default_alias = ''.join(random.choice(string.ascii_letters) for i in range(8))
|
||||||
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
||||||
|
Loading…
Reference in New Issue
Block a user