Merge pull request #69 from hainingzhang/master

udpate partners and docs
This commit is contained in:
Haining Henry Zhang 2016-03-31 14:07:30 +08:00
commit cfaec995e8
4 changed files with 39 additions and 35 deletions

View File

@ -1,10 +1,15 @@
# This file lists all individuals having contributed content to the repository.
Amanda Zhang <amzhang@vmware.com>
Ben Niu Ji <benniuji@gmail.com>
Bobby Zhang <junzhang@vmware.com>
Daniel Jiang <jiangd@vmware.com>
Haining Henry Zhang <henryzhang@vmware.com>
Hao Xia <haox@vmware.com>
Jack Liu <ljack@vmware.com>
Kun Wang <kunw@vmware.com>
Shan Zhu <zhus@vmware.com>
Victoria Zheng <vzheng@vmware.com>
Wenkai Yin <yinw@vmware.com>
Yan Wang <wangyan@vmware.com>

View File

@ -63,7 +63,7 @@ We welcome contributions from the community. If you wish to contribute code, we
Harbor is available under the [Apache 2 license](LICENSE).
### Partners
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a>
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a> &nbsp; &nbsp; <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
### Users
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a> <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>

View File

@ -4,7 +4,7 @@ Because Harbor does not ship with any certificates, it uses HTTP by default to s
##Get a certificate
Assuming that your registrys **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
@ -20,9 +20,9 @@ In a test or development environment, you may choose to use a self-signed certif
-newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
-out yourdomain.com.csr
```
3) Generate the certificate of your registry host
3) Generate the certificate of your registry host:
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Lets creates necessary directories and files:
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
```
mkdir demoCA
cd demoCA
@ -32,7 +32,7 @@ You need to configure openssl first. On Ubuntu, the config file locates at /etc/
```
Then run this command to generate the certificate of your registry host:
```
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key outdir .
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir .
```
##Configuration of Nginx
@ -40,7 +40,7 @@ After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, cha
```
cd Deploy/config/nginx
```
Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
Rename the existing configuration file of Nginx:
```
@ -50,28 +50,26 @@ Copy the template **nginx.https.conf** as the new configuration file:
```
cp nginx.https.conf nginx.conf
```
Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com .
Edit the file nginx.conf and replace two occurrences of **harbordomain.com** to your own host name, such as reg.yourdomain.com .
```
server {
listen 443 ssl;
server_name harbordomain.com;
...
server {
listen 80;
server_name harbordomain.com;
rewrite ^/(.*) https://$server_name$1 permanent;
```
Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
```
...
# SSL
ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
```
Save your changes in nginx.conf.
@ -95,29 +93,30 @@ If Harbor is already running, stop and remove the existing instance. Your image
```
Finally, restart Harbor:
```
docker-compose up d
docker-compose up -d
```
After setting up HTTPS for Harbor, you can verify it by the follow steps:
1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g.
2. On a machine with Docker daemon, make sure the option "-insecure-registry" does not present, run any docker command to verify the setup, e.g.
```
docker login reg.yourdomain.com
```
##Troubleshooting
1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
```
1. You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
```
cat intermediate-certificate.pem >> yourdomain.com.crt
```
2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level.
```
2. On some systems where docker daemon runs, you may need to trust the certificate at OS level.
On Ubuntu, this can be done by below commands:
```
```sh
cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
update-ca-certificates
```
```
On Red Hat (CentOS etc), the commands are:
```
```sh
cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
update-ca-trust
```

Binary file not shown.

Before

Width:  |  Height:  |  Size: 3.6 KiB

After

Width:  |  Height:  |  Size: 3.0 KiB