## Configuration file of Harbor #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname = reg.mydomain.com #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. ui_url_protocol = http #Email account settings for sending out password resetting emails. email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin email_ssl = false ##The password of Harbor admin, change this before any production use. harbor_admin_password = Harbor12345 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. auth_mode = db_auth #The url for an ldap endpoint. ldap_url = ldaps://ldap.mydomain.com #ldap_searchdn, set the user who has the permission to search the LDAP/AD server. If your ldap/AD server does not support anonymous search, you should configure it and ldap_search_pwd. #ldap_searchdn = cn=admin,ou=people,dc=mydomain,dc=com #the password of the ldap_searchdn #ldap_search_pwd = admin #The basedn template to look up a user in LDAP and verify the user's password. #For AD server, uses this template: #ldap_basedn = CN=%s,OU=Dept1,DC=mydomain,DC=com ldap_basedn = ou=people,dc=mydomain,dc=com #ldap filter, set the attribute to filter a user, you can add as many as you need, be sure the grammar is right. If needed, configure it. #ldap_filter = objectClass=person #the exclusive attribute to distinguish a user, it can be uid or cn or mail or email or sAMAccountName, for example: ldap_uid = uid ldap_uid = uid #ldap_scope, set the scope to search, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE, default is 3 ldap_scope = 3 #The password for the root user of mysql db, change this before any production use. db_password = root123 #Turn on or off the self-registration feature self_registration = on #Determine whether the UI should use compressed js files. #For production, set it to on. For development, set it to off. use_compressed_js = on #Maximum number of job workers in job service max_job_workers = 3 #Secret key for encryption/decryption, its length has to be 16 chars #**NOTE** if this changes, previously encrypted password will not be decrypted! secret_key = secretkey1234567 #The expiration of token used by token service, default is 30 minutes token_expiration = 30 #Determine whether the job service should verify the ssl cert when it connects to a remote registry. #Set this flag to off when the remote registry uses a self-signed or untrusted certificate. verify_remote_cert = on #Determine whether or not to generate certificate for the registry's token. #If the value is on, the prepare script creates new root cert and private key #for generating token to access the registry. If the value is off, a key/certificate must #be supplied for token generation. customize_crt = on #Information of your organization for certificate crt_country = CN crt_state = State crt_location = CN crt_organization = organization crt_organizationalunit = organizational unit crt_commonname = example.com crt_email = example@example.com #The path of cert and key files for nginx, they are applied only the protocol is set to https ssl_cert = /path/to/server.crt ssl_cert_key = /path/to/server.key ############# #####