mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 05:35:43 +01:00
Merge pull request #69 from hainingzhang/master
udpate partners and docs
This commit is contained in:
commit
cfaec995e8
5
AUTHORS
5
AUTHORS
@ -1,10 +1,15 @@
|
||||
# This file lists all individuals having contributed content to the repository.
|
||||
|
||||
Amanda Zhang <amzhang@vmware.com>
|
||||
Ben Niu Ji <benniuji@gmail.com>
|
||||
Bobby Zhang <junzhang@vmware.com>
|
||||
Daniel Jiang <jiangd@vmware.com>
|
||||
Haining Henry Zhang <henryzhang@vmware.com>
|
||||
Hao Xia <haox@vmware.com>
|
||||
Jack Liu <ljack@vmware.com>
|
||||
Kun Wang <kunw@vmware.com>
|
||||
Shan Zhu <zhus@vmware.com>
|
||||
Victoria Zheng <vzheng@vmware.com>
|
||||
Wenkai Yin <yinw@vmware.com>
|
||||
Yan Wang <wangyan@vmware.com>
|
||||
|
||||
|
@ -63,7 +63,7 @@ We welcome contributions from the community. If you wish to contribute code, we
|
||||
Harbor is available under the [Apache 2 license](LICENSE).
|
||||
|
||||
### Partners
|
||||
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a>
|
||||
<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a> <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
|
||||
|
||||
### Users
|
||||
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a> <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
|
||||
<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>
|
||||
|
@ -4,7 +4,7 @@ Because Harbor does not ship with any certificates, it uses HTTP by default to s
|
||||
|
||||
##Get a certificate
|
||||
|
||||
Assuming that your registry’s **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
|
||||
Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
|
||||
|
||||
In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
|
||||
|
||||
@ -20,9 +20,9 @@ In a test or development environment, you may choose to use a self-signed certif
|
||||
-newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
|
||||
-out yourdomain.com.csr
|
||||
```
|
||||
3) Generate the certificate of your registry host
|
||||
3) Generate the certificate of your registry host:
|
||||
|
||||
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let’s creates necessary directories and files:
|
||||
You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
|
||||
```
|
||||
mkdir demoCA
|
||||
cd demoCA
|
||||
@ -32,7 +32,7 @@ You need to configure openssl first. On Ubuntu, the config file locates at /etc/
|
||||
```
|
||||
Then run this command to generate the certificate of your registry host:
|
||||
```
|
||||
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key –outdir .
|
||||
openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key -outdir .
|
||||
```
|
||||
|
||||
##Configuration of Nginx
|
||||
@ -40,7 +40,7 @@ After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, cha
|
||||
```
|
||||
cd Deploy/config/nginx
|
||||
```
|
||||
Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
|
||||
Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
|
||||
|
||||
Rename the existing configuration file of Nginx:
|
||||
```
|
||||
@ -50,28 +50,26 @@ Copy the template **nginx.https.conf** as the new configuration file:
|
||||
```
|
||||
cp nginx.https.conf nginx.conf
|
||||
```
|
||||
Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com .
|
||||
Edit the file nginx.conf and replace two occurrences of **harbordomain.com** to your own host name, such as reg.yourdomain.com .
|
||||
```
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name harbordomain.com;
|
||||
|
||||
…
|
||||
...
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name harbordomain.com;
|
||||
rewrite ^/(.*) https://$server_name$1 permanent;
|
||||
|
||||
```
|
||||
Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
|
||||
```
|
||||
…
|
||||
...
|
||||
|
||||
# SSL
|
||||
ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
|
||||
ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
|
||||
|
||||
```
|
||||
Save your changes in nginx.conf.
|
||||
|
||||
@ -95,29 +93,30 @@ If Harbor is already running, stop and remove the existing instance. Your image
|
||||
```
|
||||
Finally, restart Harbor:
|
||||
```
|
||||
docker-compose up –d
|
||||
docker-compose up -d
|
||||
```
|
||||
After setting up HTTPS for Harbor, you can verify it by the follow steps:
|
||||
|
||||
1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
|
||||
|
||||
2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g.
|
||||
2. On a machine with Docker daemon, make sure the option "-insecure-registry" does not present, run any docker command to verify the setup, e.g.
|
||||
```
|
||||
docker login reg.yourdomain.com
|
||||
```
|
||||
##Troubleshooting
|
||||
1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
|
||||
```
|
||||
1. You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
|
||||
```
|
||||
cat intermediate-certificate.pem >> yourdomain.com.crt
|
||||
```
|
||||
2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level.
|
||||
```
|
||||
2. On some systems where docker daemon runs, you may need to trust the certificate at OS level.
|
||||
On Ubuntu, this can be done by below commands:
|
||||
```
|
||||
```sh
|
||||
cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
|
||||
update-ca-certificates
|
||||
```
|
||||
```
|
||||
|
||||
On Red Hat (CentOS etc), the commands are:
|
||||
```
|
||||
```sh
|
||||
cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
|
||||
update-ca-trust
|
||||
|
||||
```
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 3.0 KiB |
Loading…
Reference in New Issue
Block a user