From ce423cbf626a454307756534b1418ae93086fe62 Mon Sep 17 00:00:00 2001 From: continuist Date: Sun, 29 Jun 2025 12:36:40 -0400 Subject: [PATCH] Update ports to use for running Harbor --- CI_CD_PIPELINE_SETUP_GUIDE.md | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index 4a6bab0..8c7324c 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -638,10 +638,10 @@ cd /opt/APP_NAME/harbor docker compose ps # Test Harbor API (HTTPS) -curl -k https://localhost:8080/api/v2.0/health +curl -k https://localhost/api/v2.0/health # Test Harbor UI (HTTPS) -curl -k -I https://localhost:8080 +curl -k -I https://localhost # Expected output: HTTP/1.1 200 OK ``` @@ -650,7 +650,7 @@ curl -k -I https://localhost:8080 #### 5.9 Access Harbor Web UI -1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP:8080` +1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP` 2. **Login with default credentials**: - Username: `admin` - Password: `Harbor12345` (or your configured password) @@ -682,7 +682,7 @@ curl -k -I https://localhost:8080 ```bash # Test Docker login to Harbor -docker login YOUR_CI_CD_IP:8080 +docker login YOUR_CI_CD_IP # Enter: ci-user and your-secure-password # Create a test image @@ -690,26 +690,26 @@ echo "FROM alpine:latest" > /tmp/test.Dockerfile echo "RUN echo 'Hello from Harbor test image'" >> /tmp/test.Dockerfile # Build and tag test image for public project -docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP:8080/public/test:latest /tmp +docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP/public/test:latest /tmp # Push to Harbor (requires authentication) -docker push YOUR_CI_CD_IP:8080/public/test:latest +docker push YOUR_CI_CD_IP/public/test:latest # Verify image is in Harbor -curl -k https://localhost:8080/v2/_catalog +curl -k https://localhost/v2/_catalog # Test public pull (no authentication required) -docker logout YOUR_CI_CD_IP:8080 -docker pull YOUR_CI_CD_IP:8080/public/test:latest +docker logout YOUR_CI_CD_IP +docker pull YOUR_CI_CD_IP/public/test:latest # Clean up test image -docker rmi YOUR_CI_CD_IP:8080/public/test:latest +docker rmi YOUR_CI_CD_IP/public/test:latest ``` **Expected behavior**: - ✅ **Push requires authentication**: `docker push` only works when logged in - ✅ **Pull works without authentication**: `docker pull` works without login for public projects -- ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP:8080` +- ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP` #### 5.12 Harbor Access Model Summary @@ -742,7 +742,7 @@ sudo update-ca-certificates # Configure Docker to trust Harbor registry sudo tee /etc/docker/daemon.json << EOF { - "insecure-registries": ["YOUR_CI_CD_IP:8080"], + "insecure-registries": ["YOUR_CI_CD_IP"], "registry-mirrors": [] } EOF @@ -764,26 +764,26 @@ Your Harbor registry is now configured with the following access model: Anyone can pull images from public projects without authentication: ```bash # From any machine (public access to public projects) -docker pull YOUR_CI_CD_IP:8080/public/backend:latest -docker pull YOUR_CI_CD_IP:8080/public/frontend:latest +docker pull YOUR_CI_CD_IP/public/backend:latest +docker pull YOUR_CI_CD_IP/public/frontend:latest ``` #### **Authenticated Write Access** Only authenticated users can push images: ```bash # Login to Harbor first -docker login YOUR_CI_CD_IP:8080 +docker login YOUR_CI_CD_IP # Enter: ci-user and your-secure-password # Then push to Harbor -docker push YOUR_CI_CD_IP:8080/public/backend:latest -docker push YOUR_CI_CD_IP:8080/public/frontend:latest +docker push YOUR_CI_CD_IP/public/backend:latest +docker push YOUR_CI_CD_IP/public/frontend:latest ``` #### **Harbor Web UI Access** Modern web interface for managing images: ``` -https://YOUR_CI_CD_IP:8080 +https://YOUR_CI_CD_IP ``` #### **Client Configuration** @@ -791,7 +791,7 @@ For other machines to pull images from public projects, they only need: ```bash # Add to /etc/docker/daemon.json on client machines { - "insecure-registries": ["YOUR_CI_CD_IP:8080"] + "insecure-registries": ["YOUR_CI_CD_IP"] } # No authentication needed for pulls from public projects ``` @@ -800,8 +800,8 @@ For other machines to pull images from public projects, they only need: For automated deployments, use the `ci-user` credentials: ```bash # In CI/CD pipeline -echo "ci-user:your-secure-password" | docker login YOUR_CI_CD_IP:8080 --username ci-user --password-stdin -docker push YOUR_CI_CD_IP:8080/public/backend:latest +echo "ci-user:your-secure-password" | docker login YOUR_CI_CD_IP --username ci-user --password-stdin +docker push YOUR_CI_CD_IP/public/backend:latest ``` ### Step 7: Set Up SSH for Production Communication @@ -1008,11 +1008,11 @@ sudo ufw --force enable sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh -sudo ufw allow 8080/tcp # Harbor registry (public read access) +sudo ufw allow 443/tcp # Harbor registry (public read access) ``` **Security Model**: -- **Port 8080 (Harbor)**: Public read access for public projects, authenticated write access +- **Port 443 (Harbor)**: Public read access for public projects, authenticated write access - **SSH**: Restricted to your IP addresses - **All other ports**: Blocked