jodykpw · June 9, 2020 16:18
diff --git a/harbor.yml b/harbor.yml
 # Configuration file of Harbor

 # The IP address or hostname to access admin UI and registry service.
 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
 hostname: reg.mydomain.com

 # http related config
 http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
  relativeurls: true

 # https related config
 https:
  # https port for harbor, default is 443
  # port: 443
  # The path of cert and key files for nginx
  # certificate: /your/certificate/path
  # private_key: /your/private/key/path

 # # Uncomment following will enable tls communication between all harbor components
 # internal_tls:
 #   # set enabled to true means internal tls is enabled
 #   enabled: true
 #   # put your cert and key files on dir
 #   dir: /etc/harbor/tls/internal

 # Uncomment external_url if you want to enable external proxy
 # And when it enabled the hostname will no longer used
 external_url: https://reg.mydomain.com

 # The initial password of Harbor admin
 # It only works in first time to install harbor
 # Remember Change the admin password from UI after launching Harbor.
 harbor_admin_password: Harbor12345

 # Harbor DB configuration
 database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connect$
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limi$
  # Note: the default number of connections is 100 for postgres.
  max_open_conns: 100

 # The default data volume
 data_volume: /var/lib/docker/volumes/harbor_data/_data

 # Harbor Storage settings by default is using /data dir on local filesystem
 # Uncomment storage_service setting If you want to using external storage
 # storage_service:
 #   # ca_bundle is the path to the custom root ca certificate, which will be injected into th$
 #   # of registry's and chart repository's containers.  This is usually needed when the user $
 #   ca_bundle:

 #   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swi$
 #   # for more info about this configuration please refer https://docs.docker.com/registry/co$
 #   filesystem:
 #     maxthreads: 100
 #   # set disable to true when you want to disable registry redirect
 #   redirect:
 #     disabled: false

 # Clair configuration
 clair:
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  updaters_interval: 12

 # Trivy configuration
 trivy:
  # ignoreUnfixed The flag to display only fixed vulnerabilities
  ignore_unfixed: false
  # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
  #
  # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate lim$
  # If the flag is enabled you have to manually download the `trivy.db` file and mount it in $
  # /home/scanner/.cache/trivy/db/trivy.db path.
  skip_update: false
  #
  # insecure The flag to skip verifying registry certificate
  insecure: false
  # github_token The GitHub access token to download Trivy DB
  #
  # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vu$
  # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/tr$
  # in the local file system (/home/scanner/.cache/trivy/db/trivy.db). In addition, the datab$
  # timestamp so Trivy can detect whether it should download a newer version from the Interne$
  # Currently, the database is updated every 12 hours and published as a new release to GitHu$
  #
  # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normall$
  # for production operations. If, for any reason, it's not enough, you could increase the ra$
  # requests per hour by specifying the GitHub access token. For more details on GitHub rate $
  # https://developer.github.com/v3/#rate-limiting
  #
  # You can create a GitHub token by following the instuctions in
  # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-tok$
  #
  # github_token: xxx

 jobservice:
  # Maximum number of job workers in job service
  max_job_workers: 10

 notification:
  # Maximum retry count for webhook job
  webhook_job_max_retry: 10

 chart:
  # Change the value of absolute_url to enabled can enable absolute url in chart
  absolute_url: disabled

 # Log configurations
 log:
  # options are debug, info, warning, error, fatal
  level: info
  # configs for logs in local storage
  local:
    # Log files are rotated log_rotate_count times before being removed. If count is 0, old v$
    rotate_count: 50
    # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is f$
    # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes.$
    # are all valid.
    rotate_size: 200M
    # The directory on your host that store log
    location: /var/log/harbor

  # Uncomment following lines to enable external syslog endpoint.
  # external_endpoint:
  #   # protocol used to transmit log to external endpoint, options is tcp or udp
  #   protocol: tcp
  #   # The host of external endpoint
  #   host: localhost
  #   # Port of external endpoint
  #   port: 5140

 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
 _version: 2.0.0

 # Uncomment external_database if using external database.
 # external_database:
 #   harbor:
 #     host: harbor_db_host
 #     port: harbor_db_port
 #     db_name: harbor_db_name
 #     username: harbor_db_username
 #     password: harbor_db_password
 #     ssl_mode: disable
 #     max_idle_conns: 2
 #     max_open_conns: 0
 #   clair:
 #     host: clair_db_host
 #     port: clair_db_port
 #     db_name: clair_db_name
 #     username: clair_db_username
 #     password: clair_db_password
 #     ssl_mode: disable
 #   notary_signer:
 #     host: notary_signer_db_host
 #     port: notary_signer_db_port
 #     db_name: notary_signer_db_name
 #     username: notary_signer_db_username
 #     password: notary_signer_db_password
 #     ssl_mode: disable
 #   notary_server:
 #     host: notary_server_db_host
 #     port: notary_server_db_port
 #     db_name: notary_server_db_name
 #     username: notary_server_db_username
 #     password: notary_server_db_password
 #     ssl_mode: disable

 # Uncomment external_redis if using external Redis server
 # external_redis:
 #   host: redis
 #   port: 6379
 #   password:
 #   # db_index 0 is for core, it's unchangeable
 #   registry_db_index: 1
 #   jobservice_db_index: 2
 #   chartmuseum_db_index: 3
 #   clair_db_index: 4
 #   trivy_db_index: 5
 #   idle_timeout_seconds: 30

 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed c$
 # uaa:
 #   ca_file: /path/to/ca

 # Global proxy
 # Config http proxy for components, e.g. http://my.proxy.com:3128
 # Components doesn't need to connect to each others via http proxy.
 # Remove component from `components` array if want disable proxy
 # for it. If you want use proxy for replication, MUST enable proxy
 # for core and jobservice, and set `http_proxy` and `https_proxy`.
 # Add domain to the `no_proxy` field, when you want disable proxy
 # for some special registry.
 proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair
    - trivy
	# Configuration file of Harbor

	# The IP address or hostname to access admin UI and registry service.
	# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
	hostname: reg.mydomain.com

	# http related config
	http:
	# port for http, default is 80. If https enabled, this port will redirect to https port
	port: 80
	relativeurls: true

	# https related config
	https:
	# https port for harbor, default is 443
	# port: 443
	# The path of cert and key files for nginx
	# certificate: /your/certificate/path
	# private_key: /your/private/key/path

	# # Uncomment following will enable tls communication between all harbor components
	# internal_tls:
	# # set enabled to true means internal tls is enabled
	# enabled: true
	# # put your cert and key files on dir
	# dir: /etc/harbor/tls/internal

	# Uncomment external_url if you want to enable external proxy
	# And when it enabled the hostname will no longer used
	external_url: https://reg.mydomain.com

	# The initial password of Harbor admin
	# It only works in first time to install harbor
	# Remember Change the admin password from UI after launching Harbor.
	harbor_admin_password: Harbor12345

	# Harbor DB configuration
	database:
	# The password for the root user of Harbor DB. Change this before any production use.
	password: root123
	# The maximum number of connections in the idle connection pool. If it <=0, no idle connect$
	max_idle_conns: 50
	# The maximum number of open connections to the database. If it <= 0, then there is no limi$
	# Note: the default number of connections is 100 for postgres.
	max_open_conns: 100

	# The default data volume
	data_volume: /var/lib/docker/volumes/harbor_data/_data

	# Harbor Storage settings by default is using /data dir on local filesystem
	# Uncomment storage_service setting If you want to using external storage
	# storage_service:
	# # ca_bundle is the path to the custom root ca certificate, which will be injected into th$
	# # of registry's and chart repository's containers. This is usually needed when the user $
	# ca_bundle:

	# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swi$
	# # for more info about this configuration please refer https://docs.docker.com/registry/co$
	# filesystem:
	# maxthreads: 100
	# # set disable to true when you want to disable registry redirect
	# redirect:
	# disabled: false

	# Clair configuration
	clair:
	# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
	updaters_interval: 12

	# Trivy configuration
	trivy:
	# ignoreUnfixed The flag to display only fixed vulnerabilities
	ignore_unfixed: false
	# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
	#
	# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate lim$
	# If the flag is enabled you have to manually download the `trivy.db` file and mount it in $
	# /home/scanner/.cache/trivy/db/trivy.db path.
	skip_update: false
	#
	# insecure The flag to skip verifying registry certificate
	insecure: false
	# github_token The GitHub access token to download Trivy DB
	#
	# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vu$
	# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/tr$
	# in the local file system (/home/scanner/.cache/trivy/db/trivy.db). In addition, the datab$
	# timestamp so Trivy can detect whether it should download a newer version from the Interne$
	# Currently, the database is updated every 12 hours and published as a new release to GitHu$
	#
	# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normall$
	# for production operations. If, for any reason, it's not enough, you could increase the ra$
	# requests per hour by specifying the GitHub access token. For more details on GitHub rate $
	# https://developer.github.com/v3/#rate-limiting
	#
	# You can create a GitHub token by following the instuctions in
	# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-tok$
	#
	# github_token: xxx

	jobservice:
	# Maximum number of job workers in job service
	max_job_workers: 10

	notification:
	# Maximum retry count for webhook job
	webhook_job_max_retry: 10

	chart:
	# Change the value of absolute_url to enabled can enable absolute url in chart
	absolute_url: disabled

	# Log configurations
	log:
	# options are debug, info, warning, error, fatal
	level: info
	# configs for logs in local storage
	local:
	# Log files are rotated log_rotate_count times before being removed. If count is 0, old v$
	rotate_count: 50
	# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is f$
	# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes.$
	# are all valid.
	rotate_size: 200M
	# The directory on your host that store log
	location: /var/log/harbor

	# Uncomment following lines to enable external syslog endpoint.
	# external_endpoint:
	# # protocol used to transmit log to external endpoint, options is tcp or udp
	# protocol: tcp
	# # The host of external endpoint
	# host: localhost
	# # Port of external endpoint
	# port: 5140

	#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
	_version: 2.0.0

	# Uncomment external_database if using external database.
	# external_database:
	# harbor:
	# host: harbor_db_host
	# port: harbor_db_port
	# db_name: harbor_db_name
	# username: harbor_db_username
	# password: harbor_db_password
	# ssl_mode: disable
	# max_idle_conns: 2
	# max_open_conns: 0
	# clair:
	# host: clair_db_host
	# port: clair_db_port
	# db_name: clair_db_name
	# username: clair_db_username
	# password: clair_db_password
	# ssl_mode: disable
	# notary_signer:
	# host: notary_signer_db_host
	# port: notary_signer_db_port
	# db_name: notary_signer_db_name
	# username: notary_signer_db_username
	# password: notary_signer_db_password
	# ssl_mode: disable
	# notary_server:
	# host: notary_server_db_host
	# port: notary_server_db_port
	# db_name: notary_server_db_name
	# username: notary_server_db_username
	# password: notary_server_db_password
	# ssl_mode: disable

	# Uncomment external_redis if using external Redis server
	# external_redis:
	# host: redis
	# port: 6379
	# password:
	# # db_index 0 is for core, it's unchangeable
	# registry_db_index: 1
	# jobservice_db_index: 2
	# chartmuseum_db_index: 3
	# clair_db_index: 4
	# trivy_db_index: 5
	# idle_timeout_seconds: 30

	# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed c$
	# uaa:
	# ca_file: /path/to/ca

	# Global proxy
	# Config http proxy for components, e.g. http://my.proxy.com:3128
	# Components doesn't need to connect to each others via http proxy.
	# Remove component from `components` array if want disable proxy
	# for it. If you want use proxy for replication, MUST enable proxy
	# for core and jobservice, and set `http_proxy` and `https_proxy`.
	# Add domain to the `no_proxy` field, when you want disable proxy
	# for some special registry.
	proxy:
	http_proxy:
	https_proxy:
	no_proxy:
	components:
	- core
	- jobservice
	- clair
	- trivy