From b404cdfe90d59c2f92fd39a980eb2badd5abefad Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Thu, 14 Apr 2016 15:57:42 +0800 Subject: [PATCH] update documents --- AUTHORS | 3 ++- README.md | 3 +++ docs/configure_https.md | 10 +++++++--- docs/img/beegoLogo.png | Bin 0 -> 5306 bytes docs/installation_guide.md | 13 ++++++++----- 5 files changed, 20 insertions(+), 9 deletions(-) create mode 100644 docs/img/beegoLogo.png diff --git a/AUTHORS b/AUTHORS index f6e2e7e0e..d292ef8c7 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,6 @@ # This file lists all individuals having contributed content to the repository. +Alexander Zeitler Amanda Zhang Benniu Ji Bobby Zhang @@ -9,8 +10,8 @@ Haining Henry Zhang Hao Xia Jack Liu Kun Wang +Peng Zhao Shan Zhu Victoria Zheng Wenkai Yin Yan Wang - diff --git a/README.md b/README.md index 88b93ad34..d94dd1b3c 100644 --- a/README.md +++ b/README.md @@ -68,3 +68,6 @@ Harbor is available under the [Apache 2 license](LICENSE). ### Users MaDaiLiCai + +### Supporting Technologies +Harbor is powered by beego, an open source framework to build and develop applications in the Go way. diff --git a/docs/configure_https.md b/docs/configure_https.md index e366cb5d7..ccb667c35 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -1,8 +1,8 @@ -#Configure Harbor with HTTPS Access +#Configuring Harbor with HTTPS Access Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relatively simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https. -##Get a certificate +##Getting a certificate Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**. @@ -22,7 +22,7 @@ In a test or development environment, you may choose to use a self-signed certif ``` 3) Generate the certificate of your registry host: -You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files: +You need to configure openssl first. On Ubuntu, the config file locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files: ``` mkdir demoCA cd demoCA @@ -41,6 +41,10 @@ After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, cha cd Deploy/config/nginx ``` Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/. +``` + cp yourdomain.com.crt cert/ + cp yourdomain.com.key cert/ +``` Rename the existing configuration file of Nginx: ``` diff --git a/docs/img/beegoLogo.png b/docs/img/beegoLogo.png new file mode 100644 index 0000000000000000000000000000000000000000..4cd801385d7c954d8d6881cdd36303177dc4c1e7 GIT binary patch literal 5306 zcmV;r6h-TaP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!~g&e!~vBn z4jTXf02XvbSad^jWnpw_Z*Cw|X>DZyF)}YPGcPeS>Msy-0000SbVXQnQ*UN;cVTj6 z06}DLVr3vkX>w(EZ*psMAVX6&=)AIw000y9NklQIHARCM0wi|G`BPtX?CQVSg z4nG~S_&t?E;-@QCO$Ph1ok@$;wX4aq-L_(FyLCl_iV{IiXp`*ZOC@;gU5@Cm#dYWg z;-X)p?c(m@zGlbpk517cS+-bxdP{1;8RDMwuRItVD|^ZGFwEx7HI_mUU{s3UG-y|G zhksqH0sW!_<&(esS_#%~KyQxe;jn&i4i_V3_d6$;eeF<~b*uO*(LmH36~H-Ue{sj0 zTG5b$VC6gFJ+w%IcmHnYYMY*%Iw+lz)RBAi5;d{mkL|B_oI3o-<)#6(jO~A=+&y%n=E6%VX zlDhCbarW6OI#@c{QR85`zG!qo9Ve9VleJQF+e~o|KRDXgI=RW0i2vfNXry$sCk`kZ zCOC81MdF_EooHXj32SR{eV2;=!Yg8R@22LsxfDmB9i&T*Waiu?&ThLzJLBWOzC!Z< zd4q(THjCx3YzzGc?H)$g(bDDUzE-YN330Ukc$m+Nd(4rNo;oGk(>~!xpGfZN8^vGp zwAg#@CYd{aE_S!BVq56Z>c2#ZJ-od{zsKs)U2OO{!P~1O_rq!8Kk;-_R2k5hf*_Ss zcIye}=+#q#RnT6gKwqwsWurd))oY@YcbxFcb*RrPG^W?yZX5WOUG)4dmx}};4zoFt z&6}e$R0jY4KS{W81AJim!Zy3A3Zd1bE3T==)EmmDPs})El~1}3J}d{dWuX9Vf$QS6 zLE%Xj37vw%t0A6D_`SdEW$~B4X$ozJ!hQ24d;Y&m@Y)KocjzbKr=N>A?@m2t)s8wV z3^r%gbf~+`9`3idyoh{y1IFR!#aZ3EOZt{;#2L7Al&5{Nr=Kms7hh^+n6kOliG;7^ zgCC*7YJNLc>|J(>_O(uK%8$f<`E_j&En6EPM%iev%*|KB8XOYsD<2k}yW%ViF4ct$xJy{^TdI(Ai449t5()~J48fC7Z>uAo_&22LB>sFehy!2$et!=8-yQ!D!ChHOR(%EvAT3I zy~7Hn%eIyzc?d?<$8g;TX( zXnm-K2&CqwE5+`Ffm};as0w%8E8abSFcz1J3!U6XCrQt~PV7FtO~#nyXWu5?!bef} z8Ql)yia3LJlk|;O!8&t1VDRB4W>1}p=@zx{#?9hC^S3BR2Y`$6m4JGo_WP;`G2kuycs3e`^$35InitoTzTkUR z6Jip+vRr~cEyUp4f#5{i65rj?Cs#~}i96;LxIuj(kW_x$kENghLHV0c7{3^ZvrC(ZPgL$=`A-8uA^r4qA_N z(}o`|?#U-cIjTe9*Y`>Q%cvG1gy~1ea^UK@BP(kqEeN4I>Uh1^5F%I{pZO0jGSPDp zR<9nCI)9>$5$HzHa$3lj8b4Yx|1$^f;O;e5GJ@Z;gO&nV{HY*ZaknQcZ#=p2U`Ykkz zYuB0s3GL#){)Xh~QgrWTv=YrGT(p`wH<+o(D#0ng{MjEU{rie@!bp>; zlW-0@Q0zSiVL<7bayhjIiS~Z`K$N2aO*C**;tMh-zl*K~u^R|=LaTUxTqwb^7eyFU z1GuPR4;m<`bH?j-wFuu^E&jqqb;>B@Ix>XGIew(r+xOLdorybo6s%7)mrpp(TKbIm zE8a5OB@$bZIc=nsK-<7L3^?)$?UTRtcC+Y#ded2-Ze1mP^HtH&>QVUFTsMNQPi*j@>&Vl=jbJU@b9phH%K=aG>;>~|B%267z1vy}E<`OTVi5OJ5_5LlD z0KPG2CRBK+i3)Hj#-AZ}ubxqk>fk;3jJ~(6I9sAR(Xn(eRZZNJzg0iTq(X!|1<=YG zEL9@S1-U4c?GV79%gwk+f{#8?jjW~t``m9H73JsvRUF_nMdN6zg#XfOD9}{BYU2U@ z#U6gRZdZ$N?Pucs4!$T|K?*Si2!6YJ(s5!BtgbR*+yqxAxyYd_e%uL}D$Kl9kC%co zZO?tL-+Y+0tQqV8F2izlFoq1-T&)SXyp~=d|VzMxU-~Ag;uH}{_huv|MYXFt*C_H7TP-uP#;~F!>bHCkN@P; zx*(@*jKtXsuIkylwjaOKJZOlq2Al?J4X$s~mx66eImbm^L>g+S4eeq}*G{lDF$hqYh50s7Tb1{NXO*yY39VvhF&vX?_S4DGq z4K&JJ^P}i!=YupcE|wt|K*hQapC65^(4+0+g#lqp>pFcXOXmq$8hDH&y}c5JO| z*eefOl=03LK@~+*cj!cR7c+BFRW@u?tygD?)99>Up%4?sa$AFT)%Xs*F58vht@kAS z@FSC<4H~N#H8Dt>3vMOpQXv!bG7$(t@chf_7Ic{6`C2Gb8=lLPefw6-yf*^n>ix7< zHr=M)z0{5B42soQEmU^-RECd&sX&-KD2h07GL?V|g$hz-f!7u7um932^@7aC*(3T<^?&4{ZophmO;SRKz#+_esaC#AU#L;Ty zOprUo0AmGj{z53D$_D6{178lVGZpj-=)R&^tgW{a>DfKX(K=1SIJ1(OH&a9E+JXY? zKlTI!_t$111ec&F)O^&a)R^FAVVqZ83isrQ=xFECER1u~I7yv(T6DB?;j*;1aIyM= zoWpgG9WLoPW}C+^87N$T|WA0KP%TCfYOhws!56g>CX zqfJyl1_`RkIr>M1`p>-(<>~;NHbq~m3~rkp>Hizy2OpZjC1+Gq;)uNqS$;FMhV0cWa1pKpP4q(4Y&yJe`vlZ#D)W(%ui-W`hrR336_aW zXG;19XX^kot}s(x+|$2}e__V4VYEM#5w$W*eO2&0DezGy$dJXw8D0Z~*gkNWIK%dd zGPO@^LFRN+h-*>pLmxW)krERXwis&qf7Y3&L3{ zchm_wwWtF=-D!*W@L~y8t=2r9M!q2VU)`lsoVt#{!Ac$jyb<3JXUHBVPl?19WRCdj zR|0V%=uHX#SlGk%#dv3DolB-t(piIzo5WxI*Cbu(;e^RDG~!{@d@0 z|5E8spBJD!>SA3W6n2ju6^U4Lj~^NN%Glt!xzP3QDhWQV>~omG3on~c)@YGOeRFg~ z_qcCDB5AG4r}4@jU4wpo^}#@0hHeTnF(N5^|6>R+M$M5wr8!}O+>ysf>hg>AT&2)x zWe**}+Pb&CzfEHt%7Hb{LCevHi(6tiWTTZmmW^^*euv6NBX9{lHD(l~p|usbdib<( zcKmr7l%xw0R06E~ZMV@!;9IME#zyer-f+VvHT~LVu!8nMLnU+F6-K+oB>&61G|W_2 zYbjtjXL|A^vG?6O$`KFVS^mPyBv=P+3{9+eihJOjUE@6F)hLXUjiO7A#5vgB8UAoh&_RoY>IF{*zCM|KOt% ztbSjYlIy_+E0u^}An$$M)g;1e5dxfUQq$FpJi?4f(>6DF0$U-ps|Zo9*5uwBsJeAAD>{S01R z4s8lI5Ov0@>`1$*3kCF->?D)Fr}Nlxv2fzHYcAoRir|&kB|qnv5DaQlcJg}vT_0^T z5^NM&2YRgv8_$>bAi(=b`rp2<`{NQ{9VKj8(8L!d)P}%8LTI(j>t3;+LQJ2YK02Rz zF8J`*@tG@_RGZVmzb0sLvyGHRe*RxI3=zdS>^%la>g=;jITaw$$O(-I{=QlYH~yCj zX`Smp;iZ^x00%+j>aBa+F(Sp6@$i@?-7wz?1s?fBhM_Xvo8b)f@%f)A?K!AoFDEC7 zASW~;T)$EBGj77?hG>Qae*->U4z1j8JAIm^qpNS7Ng~Jzji502e^?;i!;k6I7^55Q zfjfzF;81b+7+M7e$DKhU$O+AX3*o=>9zG$+nY7sb`c-uazkEdg4~7bpSZI|D%K!iX M07*qoM6N<$f&igDQUCw| literal 0 HcmV?d00001 diff --git a/docs/installation_guide.md b/docs/installation_guide.md index 1c4aa4bd4..6b17cc3b5 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -28,7 +28,7 @@ Before installing Harbor, you should configure the parameters in the file **harb At minimum, you need to change the **hostname** attribute in **harbor.cfg**. The description of each attribute is as follows: **hostname**: The hostname for a user to access the user interface and the registry service. It should be the IP address or the fully qualified domain name (FQDN) of your target machine, for example 192.168.1.10 or reg.yourdomain.com . Do NOT use localhost or 127.0.0.1 for the hostname because the registry service needs to be accessed by external clients. -**ui_url_protocol**: The protocol for accessing the user interface and the token/notification service, by default it is http. +**ui_url_protocol**: The protocol for accessing the user interface and the token/notification service, by default it is http. To set up https protocol, refer to [Configuring Harbor with HTTPS](configure_https.md). **Email settings**: the following 5 attributes are used to send an email to reset a user's password, they are not mandatory unless the password reset function is needed in Harbor. * email_server = smtp.mydomain.com * email_server_port = 25 @@ -40,8 +40,9 @@ At minimum, you need to change the **hostname** attribute in **harbor.cfg**. The **auth_mode**: The authentication mode of Harbor. By default it is *db_auth*, i.e. the credentials are stored in a database. Please set it to *ldap_auth* if you want to verify user's credentials against an LDAP server. **ldap_url**: The URL for LDAP endpoint, for example ldaps://ldap.mydomain.com. It is only used when **auth_mode** is set to *ldap_auth*. **ldap_basedn**: The basedn template for verifying the user's credentials against LDAP, for example uid=%s,ou=people,dc=mydomain,dc=com. It is only used when **auth_mode** is set to *ldap_auth*. -**db_password**: The password of root user of mySQL database. +**db_password**: The password of root user of mySQL database. Change this password for any production use. **self_registration**: The flag to turn on or off the user self-registration function. If this flag is turned off, only an admin user can create new users in Harbor. The default value is on. +NOTE: When **auth_mode** is *ldap_auth*, the self-registration feature is always disabled, therefore, this flag is ignored. #### Building and starting Harbor After configuring harbor.cfg, build and start Harbor by the following commands. Because it requires downloading necessary files from the Internet, it may take a while for the docker-compose process to finish. @@ -61,7 +62,7 @@ After configuring harbor.cfg, build and start Harbor by the following commands. If everything works fine, you can open a browser to visit the admin portal at http://reg.yourdomain.com . The default administrator username and password are admin/Harbor12345 . -Create a new project, e.g. myproject, in the admin portal. You can then use docker commands to login and push images. The default port of Harbor registry server is 80: +Log in to the admin portal and create a new project, e.g. myproject. You can then use docker commands to login and push images. The default port of Harbor registry server is 80: ```sh $ docker login reg.yourdomain.com $ docker push reg.yourdomain.com/myproject/myrepo @@ -121,8 +122,10 @@ $ cd ../ $ tar -cvzf harbor_offline-0.1.1.tgz harbor ``` -The file **harbor_offline-0.1.1.tgz** contains the images saved by previously steps and the files required to start Harbor. -You can use tools such as scp to transfer the file **harbor_offline-0.1.1.tgz** to the target machine that does not have Internet connection. On the target machine, you can execute the following commands to start Harbor. Again, before running the **prepare** script, be sure to update **harbor.cfg** to reflect the right configuration of the target machine. (Refer to Section [Configure Harbor](#configuring-harbor) .) +The file **harbor_offline-0.1.1.tgz** contains the images saved by previous steps and the other files required to start Harbor. +You can use tools such as scp to transfer the file **harbor_offline-0.1.1.tgz** to the target machine that does not have Internet connection. +On the target machine, you can execute the following commands to start Harbor. Again, before running the **prepare** script, +be sure to update **harbor.cfg** to reflect the right configuration of the target machine. (Refer to Section [Configuring Harbor](#configuring-harbor) .) ``` $ tar -xzvf harbor_offline-0.1.1.tgz $ cd harbor