Merge pull request #69 from hainingzhang/master

udpate partners and docs
This commit is contained in:
Haining Henry Zhang 2016-03-31 14:07:30 +08:00
commit cfaec995e8
4 changed files with 39 additions and 35 deletions

View File

@ -1,10 +1,15 @@
# This file lists all individuals having contributed content to the repository. # This file lists all individuals having contributed content to the repository.
Amanda Zhang <amzhang@vmware.com>
Ben Niu Ji <benniuji@gmail.com>
Bobby Zhang <junzhang@vmware.com> Bobby Zhang <junzhang@vmware.com>
Daniel Jiang <jiangd@vmware.com> Daniel Jiang <jiangd@vmware.com>
Haining Henry Zhang <henryzhang@vmware.com> Haining Henry Zhang <henryzhang@vmware.com>
Hao Xia <haox@vmware.com> Hao Xia <haox@vmware.com>
Jack Liu <ljack@vmware.com>
Kun Wang <kunw@vmware.com> Kun Wang <kunw@vmware.com>
Shan Zhu <zhus@vmware.com> Shan Zhu <zhus@vmware.com>
Victoria Zheng <vzheng@vmware.com>
Wenkai Yin <yinw@vmware.com> Wenkai Yin <yinw@vmware.com>
Yan Wang <wangyan@vmware.com>

View File

@ -63,7 +63,7 @@ We welcome contributions from the community. If you wish to contribute code, we
Harbor is available under the [Apache 2 license](LICENSE). Harbor is available under the [Apache 2 license](LICENSE).
### Partners ### Partners
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a> <a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a> &nbsp; &nbsp; <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
### Users ### Users
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a> <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a> <a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>

View File

@ -4,7 +4,7 @@ Because Harbor does not ship with any certificates, it uses HTTP by default to s
##Get a certificate ##Get a certificate
Assuming that your registrys **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**. Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate: In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
@ -20,9 +20,9 @@ In a test or development environment, you may choose to use a self-signed certif
-newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \ -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
-out yourdomain.com.csr -out yourdomain.com.csr
``` ```
3) Generate the certificate of your registry host 3) Generate the certificate of your registry host:
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Lets creates necessary directories and files: You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
``` ```
mkdir demoCA mkdir demoCA
cd demoCA cd demoCA
@ -32,7 +32,7 @@ You need to configure openssl first. On Ubuntu, the config file locates at /etc/
``` ```
Then run this command to generate the certificate of your registry host: Then run this command to generate the certificate of your registry host:
``` ```
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key outdir . openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir .
``` ```
##Configuration of Nginx ##Configuration of Nginx
@ -40,7 +40,7 @@ After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, cha
``` ```
cd Deploy/config/nginx cd Deploy/config/nginx
``` ```
Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/. Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
Rename the existing configuration file of Nginx: Rename the existing configuration file of Nginx:
``` ```
@ -50,28 +50,26 @@ Copy the template **nginx.https.conf** as the new configuration file:
``` ```
cp nginx.https.conf nginx.conf cp nginx.https.conf nginx.conf
``` ```
Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com . Edit the file nginx.conf and replace two occurrences of **harbordomain.com** to your own host name, such as reg.yourdomain.com .
``` ```
server { server {
listen 443 ssl; listen 443 ssl;
server_name harbordomain.com; server_name harbordomain.com;
...
server {
listen 80;
server_name harbordomain.com;
rewrite ^/(.*) https://$server_name$1 permanent;
server {
listen 80;
server_name harbordomain.com;
rewrite ^/(.*) https://$server_name$1 permanent;
``` ```
Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files. Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
``` ```
...
# SSL # SSL
ssl_certificate /etc/nginx/cert/yourdomain.com.crt; ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
ssl_certificate_key /etc/nginx/cert/yourdomain.com.key; ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
``` ```
Save your changes in nginx.conf. Save your changes in nginx.conf.
@ -95,29 +93,30 @@ If Harbor is already running, stop and remove the existing instance. Your image
``` ```
Finally, restart Harbor: Finally, restart Harbor:
``` ```
docker-compose up d docker-compose up -d
``` ```
After setting up HTTPS for Harbor, you can verify it by the follow steps: After setting up HTTPS for Harbor, you can verify it by the follow steps:
1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor. 1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g. 2. On a machine with Docker daemon, make sure the option "-insecure-registry" does not present, run any docker command to verify the setup, e.g.
``` ```
docker login reg.yourdomain.com docker login reg.yourdomain.com
``` ```
##Troubleshooting ##Troubleshooting
1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command: 1. You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
``` ```
cat intermediate-certificate.pem >> yourdomain.com.crt cat intermediate-certificate.pem >> yourdomain.com.crt
``` ```
2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level. 2. On some systems where docker daemon runs, you may need to trust the certificate at OS level.
On Ubuntu, this can be done by below commands: On Ubuntu, this can be done by below commands:
``` ```sh
cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
update-ca-certificates update-ca-certificates
``` ```
On Red Hat (CentOS etc), the commands are:
```
cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
update-ca-trust
On Red Hat (CentOS etc), the commands are:
```sh
cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
update-ca-trust
```

Binary file not shown.

Before

Width:  |  Height:  |  Size: 3.6 KiB

After

Width:  |  Height:  |  Size: 3.0 KiB