# Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: YOUR_CI_CD_IP # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 8080 # https related config https: # https port for harbor, default is 443 port: 8080 # The path of cert and key files for nginx certificate: /etc/ssl/certs/registry.crt private_key: /etc/ssl/certs/registry.key # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # Change it from default after updating for the first time harbor_admin_password: Harbor12345 # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: your-db-password # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 # The default data volume data_volume: /data # Harbor Storage settings by default is using /data as default volume. # Uncomment storage_service setting If you want to using external storage. # storage_service: # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. # ca_bundle: # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ # filesystem: # maxthreads: 100 # # set disable_cache to true want to disable cache of redis in registry # # set disable_cache to false want to enable cache of redis in registry # disable_cache: true # Trivy configuration trivy: # enabled the flag to enable Trivy scanner enabled: true # ignore update if the CVEs are already in the whitelist. It only works when scanner is V1 ignore_unfixed: false # skip update if the CVEs are already in the whitelist, It only works when scanner is V2 skip_update: false # generate a scan report in the JSON format json_output: false # in online mode, Trivy will download the latest database from GitHub and scan it offline # in offline mode, if the database does not exist locally, Trivy will exit with an error offline_scan: false # insecure Skip tls certificate verification insecure: false # github_token the github access token to download Trivy DB (see https://github.com/settings/tokens) # This is required only when the GitHub rate limiting is exceeded github_token: "" # Jobservice configuration jobservice: # Maximum number of job workers in job service max_job_workers: 10 # Notification configuration notification: # Maximum retry count for webhook job webhook_job_max_retry: 10 # Log configurations log: # options are debug, info, warning, error, fatal level: info # configs for logs in local storage local: # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. # If the M is followed by M, the size is assumed to be in megabytes. If the G is followed by G, the size is assumed to be in gigabytes. So size 100, size 100k, size 100M and size 100G are all valid. rotate_size: 200M # The directory on your host that store log location: /var/log/harbor # Uncomment following lines to enable external syslog endpoint. # external_endpoint: # # protocol used to transmit log to external endpoint, options is tcp or udp # protocol: tcp # # The host of external endpoint # host: localhost # # Port of external endpoint # port: 5140 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version: 2.10.0 # Uncomment external_database if using external database. # external_database: # harbor: # host: harbor_db_host # port: harbor_db_port # db_name: harbor # username: user # password: password # ssl_mode: disable # max_idle_conns: 2 # max_open_conns: 0 # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port # db_name: notary_signer # username: user # password: password # ssl_mode: disable # notary_server: # host: notary_server_db_host # port: notary_server_db_port # db_name: notary_server # username: user # password: password # ssl_mode: disable # Uncomment redis if using external Redis server # redis: # host: redis_host # port: redis_port # password: redis_password # # db_index 0 is for core, it's unchangeable # registry_db_index: 1 # jobservice_db_index: 2 # chartmuseum_db_index: 3 # trivy_db_index: 5 # idle_timeout_seconds: 30 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca # Global proxy settings # http_proxy: # https_proxy: # no_proxy: # - 127.0.0.1 # - localhost # - core # - redis # - postgresql # - notary-db # - notary-signer # - clair # - trivy-adapter # - trivy # - chartmuseum # - jobservice # - registry # - portal # - log # - nginx # metric: # enabled: false # port: 9090 # path: /metrics