mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 20:26:13 +01:00
88 lines
3.3 KiB
INI
88 lines
3.3 KiB
INI
## Configuration file of Harbor
|
|
|
|
#The IP address or hostname to access admin UI and registry service.
|
|
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
|
hostname = reg.mydomain.com
|
|
|
|
#The protocol for accessing the UI and token/notification service, by default it is http.
|
|
#It can be set to https if ssl is enabled on nginx.
|
|
ui_url_protocol = http
|
|
|
|
#Email account settings for sending out password resetting emails.
|
|
email_server = smtp.mydomain.com
|
|
email_server_port = 25
|
|
email_username = sample_admin@mydomain.com
|
|
email_password = abc
|
|
email_from = admin <sample_admin@mydomain.com>
|
|
email_ssl = false
|
|
|
|
##The password of Harbor admin, change this before any production use.
|
|
harbor_admin_password = Harbor12345
|
|
|
|
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
|
|
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
|
|
auth_mode = db_auth
|
|
|
|
#The url for an ldap endpoint.
|
|
ldap_url = ldaps://ldap.mydomain.com
|
|
|
|
#ldap_searchdn, set the user who has the permission to search the LDAP/AD server. If your ldap/AD server does not support anonymous search, you should configure it and ldap_search_pwd.
|
|
#ldap_searchdn = cn=admin,ou=people,dc=mydomain,dc=com
|
|
|
|
#the password of the ldap_searchdn
|
|
#ldap_search_pwd = admin
|
|
|
|
#The basedn template to look up a user in LDAP and verify the user's password.
|
|
#For AD server, uses this template:
|
|
#ldap_basedn = CN=%s,OU=Dept1,DC=mydomain,DC=com
|
|
ldap_basedn = ou=people,dc=mydomain,dc=com
|
|
|
|
#ldap filter, set the attribute to filter a user, you can add as many as you need, be sure the grammar is right. If needed, configure it.
|
|
#ldap_filter = objectClass=person
|
|
|
|
#the exclusive attribute to distinguish a user, it can be uid or cn or mail or email or sAMAccountName, for example: ldap_uid = uid
|
|
ldap_uid = uid
|
|
|
|
#ldap_scope, set the scope to search, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE, default is 3
|
|
ldap_scope = 3
|
|
|
|
#The password for the root user of mysql db, change this before any production use.
|
|
db_password = root123
|
|
|
|
#Turn on or off the self-registration feature
|
|
self_registration = on
|
|
|
|
#Determine whether the UI should use compressed js files.
|
|
#For production, set it to on. For development, set it to off.
|
|
use_compressed_js = on
|
|
|
|
#Maximum number of job workers in job service
|
|
max_job_workers = 3
|
|
|
|
#Secret key for encryption/decryption, its length has to be 16 chars
|
|
#**NOTE** if this changes, previously encrypted password will not be decrypted!
|
|
secret_key = secretkey1234567
|
|
|
|
#The expiration of token used by token service, default is 30 minutes
|
|
token_expiration = 30
|
|
|
|
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
|
|
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
|
|
verify_remote_cert = on
|
|
|
|
#Determine whether or not to generate certificate for the registry's token.
|
|
#If the value is on, the prepare script creates new root cert and private key
|
|
#for generating token to access the registry. If the value is off, a key/certificate must
|
|
#be supplied for token generation.
|
|
customize_crt = on
|
|
|
|
#Information of your organization for certificate
|
|
crt_country = CN
|
|
crt_state = State
|
|
crt_location = CN
|
|
crt_organization = organization
|
|
crt_organizationalunit = organizational unit
|
|
crt_commonname = example.com
|
|
crt_email = example@example.com
|
|
#####
|