mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 13:45:20 +01:00
Merge pull request #69 from hainingzhang/master
udpate partners and docs
This commit is contained in:
commit
cfaec995e8
5
AUTHORS
5
AUTHORS
@ -1,10 +1,15 @@
|
|||||||
# This file lists all individuals having contributed content to the repository.
|
# This file lists all individuals having contributed content to the repository.
|
||||||
|
|
||||||
|
Amanda Zhang <amzhang@vmware.com>
|
||||||
|
Ben Niu Ji <benniuji@gmail.com>
|
||||||
Bobby Zhang <junzhang@vmware.com>
|
Bobby Zhang <junzhang@vmware.com>
|
||||||
Daniel Jiang <jiangd@vmware.com>
|
Daniel Jiang <jiangd@vmware.com>
|
||||||
Haining Henry Zhang <henryzhang@vmware.com>
|
Haining Henry Zhang <henryzhang@vmware.com>
|
||||||
Hao Xia <haox@vmware.com>
|
Hao Xia <haox@vmware.com>
|
||||||
|
Jack Liu <ljack@vmware.com>
|
||||||
Kun Wang <kunw@vmware.com>
|
Kun Wang <kunw@vmware.com>
|
||||||
Shan Zhu <zhus@vmware.com>
|
Shan Zhu <zhus@vmware.com>
|
||||||
|
Victoria Zheng <vzheng@vmware.com>
|
||||||
Wenkai Yin <yinw@vmware.com>
|
Wenkai Yin <yinw@vmware.com>
|
||||||
|
Yan Wang <wangyan@vmware.com>
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ We welcome contributions from the community. If you wish to contribute code, we
|
|||||||
Harbor is available under the [Apache 2 license](LICENSE).
|
Harbor is available under the [Apache 2 license](LICENSE).
|
||||||
|
|
||||||
### Partners
|
### Partners
|
||||||
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a>
|
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a> <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
|
||||||
|
|
||||||
### Users
|
### Users
|
||||||
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a> <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
|
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>
|
||||||
|
@ -4,7 +4,7 @@ Because Harbor does not ship with any certificates, it uses HTTP by default to s
|
|||||||
|
|
||||||
##Get a certificate
|
##Get a certificate
|
||||||
|
|
||||||
Assuming that your registry’s **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
|
Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
|
||||||
|
|
||||||
In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
|
In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
|
||||||
|
|
||||||
@ -20,9 +20,9 @@ In a test or development environment, you may choose to use a self-signed certif
|
|||||||
-newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
|
-newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
|
||||||
-out yourdomain.com.csr
|
-out yourdomain.com.csr
|
||||||
```
|
```
|
||||||
3) Generate the certificate of your registry host
|
3) Generate the certificate of your registry host:
|
||||||
|
|
||||||
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let’s creates necessary directories and files:
|
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
|
||||||
```
|
```
|
||||||
mkdir demoCA
|
mkdir demoCA
|
||||||
cd demoCA
|
cd demoCA
|
||||||
@ -32,7 +32,7 @@ You need to configure openssl first. On Ubuntu, the config file locates at /etc/
|
|||||||
```
|
```
|
||||||
Then run this command to generate the certificate of your registry host:
|
Then run this command to generate the certificate of your registry host:
|
||||||
```
|
```
|
||||||
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key –outdir .
|
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir .
|
||||||
```
|
```
|
||||||
|
|
||||||
##Configuration of Nginx
|
##Configuration of Nginx
|
||||||
@ -40,7 +40,7 @@ After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, cha
|
|||||||
```
|
```
|
||||||
cd Deploy/config/nginx
|
cd Deploy/config/nginx
|
||||||
```
|
```
|
||||||
Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
|
Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
|
||||||
|
|
||||||
Rename the existing configuration file of Nginx:
|
Rename the existing configuration file of Nginx:
|
||||||
```
|
```
|
||||||
@ -50,28 +50,26 @@ Copy the template **nginx.https.conf** as the new configuration file:
|
|||||||
```
|
```
|
||||||
cp nginx.https.conf nginx.conf
|
cp nginx.https.conf nginx.conf
|
||||||
```
|
```
|
||||||
Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com .
|
Edit the file nginx.conf and replace two occurrences of **harbordomain.com** to your own host name, such as reg.yourdomain.com .
|
||||||
```
|
```
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
server_name harbordomain.com;
|
server_name harbordomain.com;
|
||||||
|
|
||||||
…
|
...
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name harbordomain.com;
|
|
||||||
rewrite ^/(.*) https://$server_name$1 permanent;
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name harbordomain.com;
|
||||||
|
rewrite ^/(.*) https://$server_name$1 permanent;
|
||||||
```
|
```
|
||||||
Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
|
Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
|
||||||
```
|
```
|
||||||
…
|
...
|
||||||
|
|
||||||
# SSL
|
# SSL
|
||||||
ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
|
ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
|
||||||
ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
|
ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
|
||||||
|
|
||||||
```
|
```
|
||||||
Save your changes in nginx.conf.
|
Save your changes in nginx.conf.
|
||||||
|
|
||||||
@ -95,29 +93,30 @@ If Harbor is already running, stop and remove the existing instance. Your image
|
|||||||
```
|
```
|
||||||
Finally, restart Harbor:
|
Finally, restart Harbor:
|
||||||
```
|
```
|
||||||
docker-compose up –d
|
docker-compose up -d
|
||||||
```
|
```
|
||||||
After setting up HTTPS for Harbor, you can verify it by the follow steps:
|
After setting up HTTPS for Harbor, you can verify it by the follow steps:
|
||||||
|
|
||||||
1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
|
1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
|
||||||
|
|
||||||
2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g.
|
2. On a machine with Docker daemon, make sure the option "-insecure-registry" does not present, run any docker command to verify the setup, e.g.
|
||||||
```
|
```
|
||||||
docker login reg.yourdomain.com
|
docker login reg.yourdomain.com
|
||||||
```
|
```
|
||||||
##Troubleshooting
|
##Troubleshooting
|
||||||
1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
|
1. You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
|
||||||
```
|
```
|
||||||
cat intermediate-certificate.pem >> yourdomain.com.crt
|
cat intermediate-certificate.pem >> yourdomain.com.crt
|
||||||
```
|
```
|
||||||
2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level.
|
2. On some systems where docker daemon runs, you may need to trust the certificate at OS level.
|
||||||
On Ubuntu, this can be done by below commands:
|
On Ubuntu, this can be done by below commands:
|
||||||
```
|
```sh
|
||||||
cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
|
cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
|
||||||
update-ca-certificates
|
update-ca-certificates
|
||||||
```
|
```
|
||||||
On Red Hat (CentOS etc), the commands are:
|
|
||||||
```
|
|
||||||
cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
|
|
||||||
update-ca-trust
|
|
||||||
|
|
||||||
|
On Red Hat (CentOS etc), the commands are:
|
||||||
|
```sh
|
||||||
|
cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
|
||||||
|
update-ca-trust
|
||||||
|
```
|
||||||
|
Binary file not shown.
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 3.0 KiB |
Loading…
Reference in New Issue
Block a user