merge with master

2024-09-20 17:45:44 +00:00 · 2016-03-30 17:59:58 +08:00 · 2016-03-30 17:59:58 +08:00 · 366d1bff6a
commit 366d1bff6a
parent 8ca1263a2f 3d4a98221a
23 changed files with 395 additions and 175 deletions
--- a/Deploy/config/nginx/cert/.gitignore
+++ b/Deploy/config/nginx/cert/.gitignore
--- a/Deploy/config/nginx/nginx.https.conf
+++ b/Deploy/config/nginx/nginx.https.conf
@ -0,0 +1,85 @@
+worker_processes auto;
+
+events {
+  worker_connections 1024;
+  use epoll;
+  multi_accept on;
+}
+
+http {
+  tcp_nodelay on;
+
+  # this is necessary for us to be able to disable request buffering in all cases
+  proxy_http_version 1.1;
+
+
+  upstream registry {
+    server registry:5000;
+  }
+
+  upstream ui {
+    server ui:80;
+  }
+
+
+  server {
+    listen 443 ssl;
+    server_name harbordomain.com;
+
+    # SSL
+    ssl_certificate /etc/nginx/cert/harbordomain.crt;
+    ssl_certificate_key /etc/nginx/cert/harbordomain.key;
+  
+    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+  
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+  
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    location / {
+      proxy_pass http://ui/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+
+    location /v1/ {
+      return 404;
+    }
+
+    location /v2/ {
+      proxy_pass http://registry/v2/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+
+    }
+
+    location /service/ {
+      proxy_pass http://ui/service/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+  }
+    server {
+      listen 80;
+      server_name harbordomain.com;
+      rewrite ^/(.*) https://$server_name$1 permanent;
+  } 
+}
--- a/Deploy/docker-compose.yml
+++ b/Deploy/docker-compose.yml
@ -49,7 +49,7 @@ ui:
 proxy:
  image: library/nginx:1.9
  volumes:
-    - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf
+    - ./config/nginx:/etc/nginx
  links:
    - ui
    - registry
--- a/Deploy/templates/ui/env
+++ b/Deploy/templates/ui/env
@ -8,3 +8,4 @@ HARBOR_URL=$ui_url
 AUTH_MODE=$auth_mode
 LDAP_URL=$ldap_url
 LDAP_BASE_DN=$ldap_basedn
+LOG_LEVEL=debug
--- a/README.md
+++ b/README.md
@ -4,7 +4,9 @@

 ![alg tag](https://cloud.githubusercontent.com/assets/2390463/13484557/088a1000-e13a-11e5-87d4-a64366365bef.png)

-Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet. For example, Harbor accelerates the progress of Chinese developers, because they no longer need to pull images from the Internet.
+> Project Harbor is initiated by VMware China R&D as a Cloud Application Accelerator (CAA) project. CAA provides a set of tools to improve the productivity of cloud developers in China and other countries. CAA includes tools like registry server, mirror server, decentralized image distributor, etc.
+
+Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet. 

 ### Features
 * **Role Based Access Control**: Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
@ -41,7 +43,13 @@ The host must be connected to the Internet.
    
    $ docker-compose up
    ```
-If everything works fine, you can open a browser to visit the admin portal at http://yourhostname . The default administrator username and password are admin/Harbor12345 .
+If everything works fine, you can open a browser to visit the admin portal at http://your_registry_host . The default administrator username and password are admin/Harbor12345 .
+
+After creating a project in the admin portal, you can login and use docker commands to push images.  The default port of Harbor registry server is 80:
+```sh
+$ docker login your_registry_host
+$ docker push your_registry_host/myrepo/myapp
+```

 **NOTE:**  
 To simplify the installation process, a pre-built installation package of Harbor is provided so that you don't need to clone the source code. By using this package, you can even install Harbor onto a host that is not connected to the Internet. For details on how to download and use this installation package, please refer to [Installation Guide](docs/installation_guide.md) .
@ -53,3 +61,9 @@ We welcome contributions from the community.  If you wish to contribute code, we

 ### License
 Harbor is available under the [Apache 2 license](LICENSE).
+
+### Partners
+<a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a>
+
+### Users
+<a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>  <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
--- a/api/base.go
+++ b/api/base.go
@ -17,12 +17,12 @@ package api

 import (
 	"encoding/json"
-	"log"
 	"net/http"

 	"github.com/vmware/harbor/auth"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
+	"github.com/vmware/harbor/utils/log"

 	"github.com/astaxie/beego"
 )
@ -46,7 +46,7 @@ func (b *BaseAPI) RenderError(code int, text string) {
 func (b *BaseAPI) DecodeJSONReq(v interface{}) {
 	err := json.Unmarshal(b.Ctx.Input.CopyBody(1<<32), v)
 	if err != nil {
-		beego.Error("Error while decoding the json request:", err)
+		log.Errorf("Error while decoding the json request, error: %v", err)
 		b.CustomAbort(http.StatusBadRequest, "Invalid json request")
 	}
 }
@ -56,10 +56,10 @@ func (b *BaseAPI) ValidateUser() int {

 	username, password, ok := b.Ctx.Request.BasicAuth()
 	if ok {
-		log.Printf("Requst with Basic Authentication header, username: %s", username)
+		log.Infof("Requst with Basic Authentication header, username: %s", username)
 		user, err := auth.Login(models.AuthModel{username, password})
 		if err != nil {
-			log.Printf("Error while trying to login, username: %s, error: %v", username, err)
+			log.Errorf("Error while trying to login, username: %s, error: %v", username, err)
 			user = nil
 		}
 		if user != nil {
@ -68,17 +68,17 @@ func (b *BaseAPI) ValidateUser() int {
 	}
 	sessionUserID := b.GetSession("userId")
 	if sessionUserID == nil {
-		beego.Warning("No user id in session, canceling request")
+		log.Warning("No user id in session, canceling request")
 		b.CustomAbort(http.StatusUnauthorized, "")
 	}
 	userID := sessionUserID.(int)
 	u, err := dao.GetUser(models.User{UserID: userID})
 	if err != nil {
-		beego.Error("Error occurred in GetUser:", err)
+		log.Errorf("Error occurred in GetUser, error: %v", err)
 		b.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if u == nil {
-		beego.Warning("User was deleted already, user id: ", userID, " canceling request.")
+		log.Warningf("User was deleted already, user id: %d, canceling request.", userID)
 		b.CustomAbort(http.StatusUnauthorized, "")
 	}
 	return userID
--- a/api/member.go
+++ b/api/member.go
@ -21,8 +21,7 @@ import (

 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
-
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/utils/log"
 )

 // ProjectMemberAPI handles request to /api/projects/{}/members/{}
@ -43,18 +42,18 @@ type memberReq struct {
 func (pma *ProjectMemberAPI) Prepare() {
 	pid, err := strconv.ParseInt(pma.Ctx.Input.Param(":pid"), 10, 64)
 	if err != nil {
-		beego.Error("Error parsing project id:", pid, ", error:", err)
+		log.Errorf("Error parsing project id: %d, error: %v", pid, err)
 		pma.CustomAbort(http.StatusBadRequest, "invalid project Id")
 		return
 	}
 	p, err := dao.GetProjectByID(pid)
 	if err != nil {
-		beego.Error("Error occurred in GetProjectById:", err)
+		log.Errorf("Error occurred in GetProjectById, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}

 	if p == nil {
-		beego.Warning("Project with id:", pid, "does not exist.")
+		log.Warningf("Project with id: %d does not exist.", pid)
 		pma.CustomAbort(http.StatusNotFound, "Project does not exist")
 	}
 	pma.project = p
@ -67,7 +66,7 @@ func (pma *ProjectMemberAPI) Prepare() {
 	} else if len(mid) > 0 {
 		memberID, err := strconv.Atoi(mid)
 		if err != nil {
-			beego.Error("Invalid member Id, error:", err)
+			log.Errorf("Invalid member Id, error: %v", err)
 			pma.CustomAbort(http.StatusBadRequest, "Invalid member id")
 		}
 		pma.memberID = memberID
@ -78,7 +77,7 @@ func (pma *ProjectMemberAPI) Prepare() {
 func (pma *ProjectMemberAPI) Get() {
 	pid := pma.project.ProjectID
 	if !checkProjectPermission(pma.currentUserID, pid) {
-		beego.Warning("Current user, user id :", pma.currentUserID, "does not have permission for project, id:", pid)
+		log.Warningf("Current user, user id: %d does not have permission for project, id: %d", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -87,7 +86,7 @@ func (pma *ProjectMemberAPI) Get() {
 		queryUser := models.User{Username: "%" + username + "%"}
 		userList, err := dao.GetUserByProject(pid, queryUser)
 		if err != nil {
-			beego.Error("Failed to query database for member list, error:", err)
+			log.Errorf("Failed to query database for member list, error: %v", err)
 			pma.RenderError(http.StatusInternalServerError, "Internal Server Error")
 			return
 		}
@ -95,14 +94,14 @@ func (pma *ProjectMemberAPI) Get() {
 	} else { //return detail of a  member
 		roleList, err := dao.GetUserProjectRoles(pma.memberID, pid)
 		if err != nil {
-			beego.Error("Error occurred in GetUserProjectRoles:", err)
+			log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 			pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		//return empty role list to indicate if a user is not a member
 		result := make(map[string]interface{})
 		user, err := dao.GetUser(models.User{UserID: pma.memberID})
 		if err != nil {
-			beego.Error("Error occurred in GetUser:", err)
+			log.Errorf("Error occurred in GetUser, error: %v", err)
 			pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		result["user_name"] = user.Username
@ -120,10 +119,9 @@ func (pma *ProjectMemberAPI) Post() {
 	//userQuery := models.User{UserID: pma.currentUserID, RoleID: models.PROJECTADMIN}
 	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
-
 	hasProjectAdminRole := false
 	for _, role := range rolelist {
 		if role.RoleID == models.PROJECTADMIN {
@ -132,7 +130,7 @@ func (pma *ProjectMemberAPI) Post() {
 		}
 	}
 	if !hasProjectAdminRole {
-		beego.Warning("Current user, id:", pma.currentUserID, "does not have project admin role for project, id:", pid)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id:", pma.currentUserUD, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -142,17 +140,17 @@ func (pma *ProjectMemberAPI) Post() {
 	username := req.Username
 	userID := checkUserExists(username)
 	if userID <= 0 {
-		beego.Warning("User does not exist, user name:", username)
+		log.Warningf("User does not exist, user name: %s", username)
 		pma.RenderError(http.StatusNotFound, "User does not exist")
 		return
 	}
 	rolelist, err = dao.GetUserProjectRoles(userID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if len(rolelist) > 0 {
-		beego.Warning("user is already added to project, user id:", userID, ", project id:", pid)
+		log.Warningf("user is already added to project, user id: %d, project id: %d", userID, pid)
 		pma.RenderError(http.StatusConflict, "user is ready in project")
 		return
 	}
@ -160,7 +158,7 @@ func (pma *ProjectMemberAPI) Post() {
 	for _, rid := range req.Roles {
 		err = dao.AddProjectMember(pid, userID, int(rid))
 		if err != nil {
-			beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", userID, ", role id:", rid)
+			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, userID, rid)
 			pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
 			return
 		}
@ -174,10 +172,9 @@ func (pma *ProjectMemberAPI) Put() {

 	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
-
 	hasProjectAdminRole := false
 	for _, role := range rolelist {
 		if role.RoleID == models.PROJECTADMIN {
@ -187,7 +184,7 @@ func (pma *ProjectMemberAPI) Put() {
 	}

 	if !hasProjectAdminRole {
-		beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -195,7 +192,7 @@ func (pma *ProjectMemberAPI) Put() {
 	pma.DecodeJSONReq(&req)
 	roleList, err := dao.GetUserProjectRoles(mid, pid)
 	if len(roleList) == 0 {
-		beego.Warning("User is not in project, user id:", mid, ", project id:", pid)
+		log.Warningf("User is not in project, user id: %d, project id: %d", mid, pid)
 		pma.RenderError(http.StatusNotFound, "user not exist in project")
 		return
 	}
@ -203,7 +200,7 @@ func (pma *ProjectMemberAPI) Put() {
 	//delete user project role record for the given user
 	err = dao.DeleteProjectMember(pid, mid)
 	if err != nil {
-		beego.Error("Failed to delete project roles for user, user id:", mid, ", project id: ", pid, ", error: ", err)
+		log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err)
 		pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB")
 		return
 	}
@ -211,7 +208,7 @@ func (pma *ProjectMemberAPI) Put() {
 	for _, rid := range req.Roles {
 		err = dao.AddProjectMember(pid, mid, int(rid))
 		if err != nil {
-			beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", mid, ", role id:", rid)
+			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, mid, rid)
 			pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
 			return
 		}
@ -233,13 +230,13 @@ func (pma *ProjectMemberAPI) Delete() {
 	}

 	if !hasProjectAdminRole {
-		beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
 	err = dao.DeleteProjectMember(pid, mid)
 	if err != nil {
-		beego.Error("Failed to delete project roles for user, user id:", mid, ", project id:", pid, ", error:", err)
+		log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err)
 		pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB")
 		return
 	}
--- a/api/project.go
+++ b/api/project.go
@ -17,16 +17,14 @@ package api

 import (
 	"fmt"
-	"log"
 	"net/http"

 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
+	"github.com/vmware/harbor/utils/log"

 	"strconv"
 	"time"
-
-	"github.com/astaxie/beego"
 )

 // ProjectAPI handles request to /api/projects/{} /api/projects/{}/logs
@ -51,12 +49,12 @@ func (p *ProjectAPI) Prepare() {
 		var err error
 		p.projectID, err = strconv.ParseInt(idStr, 10, 64)
 		if err != nil {
-			log.Printf("Error parsing project id: %s, error: %v", idStr, err)
+			log.Errorf("Error parsing project id: %s, error: %v", idStr, err)
 			p.CustomAbort(http.StatusBadRequest, "invalid project id")
 		}
 		exist, err := dao.ProjectExists(p.projectID)
 		if err != nil {
-			log.Printf("Error occurred in ProjectExists: %v", err)
+			log.Errorf("Error occurred in ProjectExists, error: %v", err)
 			p.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		if !exist {
@ -75,14 +73,14 @@ func (p *ProjectAPI) Post() {
 	}
 	err := validateProjectReq(req)
 	if err != nil {
-		beego.Error("Invalid project request, error: ", err)
+		log.Errorf("Invalid project request, error: %v", err)
 		p.RenderError(http.StatusBadRequest, "Invalid request for creating project")
 		return
 	}
 	projectName := req.ProjectName
 	exist, err := dao.ProjectExists(projectName)
 	if err != nil {
-		beego.Error("Error happened checking project existence in db:", err, ", project name:", projectName)
+		log.Errorf("Error happened checking project existence in db, error: %v, project name: %s", err, projectName)
 	}
 	if exist {
 		p.RenderError(http.StatusConflict, "")
@ -91,7 +89,7 @@ func (p *ProjectAPI) Post() {
 	project := models.Project{OwnerID: p.userID, Name: projectName, CreationTime: time.Now(), Public: public}
 	err = dao.AddProject(project)
 	if err != nil {
-		beego.Error("Failed to add project, error: ", err)
+		log.Errorf("Failed to add project, error: %v", err)
 		p.RenderError(http.StatusInternalServerError, "Failed to add project")
 	}
 }
@ -101,7 +99,7 @@ func (p *ProjectAPI) Head() {
 	projectName := p.GetString("project_name")
 	result, err := dao.ProjectExists(projectName)
 	if err != nil {
-		beego.Error("Error while communicating with DB: ", err)
+		log.Errorf("Error while communicating with DB, error: %v", err)
 		p.RenderError(http.StatusInternalServerError, "Error while communicating with DB")
 		return
 	}
@ -123,7 +121,7 @@ func (p *ProjectAPI) Get() {

 	projectList, err := dao.QueryProject(queryProject)
 	if err != nil {
-		beego.Error("Error occurred in QueryProject:", err)
+		log.Errorf("Error occurred in QueryProject, error: %v", err)
 		p.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	for i := 0; i < len(projectList); i++ {
@ -142,7 +140,7 @@ func (p *ProjectAPI) Put() {

 	projectID, err := strconv.ParseInt(p.Ctx.Input.Param(":id"), 10, 64)
 	if err != nil {
-		beego.Error("Error parsing project id:", projectID, ", error: ", err)
+		log.Errorf("Error parsing project id: %d, error: %v", projectID, err)
 		p.RenderError(http.StatusBadRequest, "invalid project id")
 		return
 	}
@ -152,13 +150,13 @@ func (p *ProjectAPI) Put() {
 		public = 1
 	}
 	if !isProjectAdmin(p.userID, projectID) {
-		beego.Warning("Current user, id:", p.userID, ", does not have project admin role for project, id:", projectID)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", p.userID, projectID)
 		p.RenderError(http.StatusForbidden, "")
 		return
 	}
 	err = dao.ToggleProjectPublicity(p.projectID, public)
 	if err != nil {
-		beego.Error("Error while updating project, project id:", projectID, ", error:", err)
+		log.Errorf("Error while updating project, project id: %d, error: %v", projectID, err)
 		p.RenderError(http.StatusInternalServerError, "Failed to update project")
 	}
 }
@ -177,11 +175,11 @@ func (p *ProjectAPI) FilterAccessLog() {

 	query := models.AccessLog{ProjectID: p.projectID, Username: "%" + username + "%", Keywords: keywords, BeginTime: beginTime, BeginTimestamp: filter.BeginTimestamp, EndTime: endTime, EndTimestamp: filter.EndTimestamp}

-	log.Printf("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)
+	log.Infof("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)

 	accessLogList, err := dao.GetAccessLogs(query)
 	if err != nil {
-		log.Printf("Error occurred in GetAccessLogs: %v", err)
+		log.Errorf("Error occurred in GetAccessLogs, error: %v", err)
 		p.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	p.Data["json"] = accessLogList
@ -191,7 +189,7 @@ func (p *ProjectAPI) FilterAccessLog() {
 func isProjectAdmin(userID int, pid int64) bool {
 	rolelist, err := dao.GetUserProjectRoles(userID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err, ", returning false")
+		log.Errorf("Error occurred in GetUserProjectRoles, returning false, error: %v", err)
 		return false
 	}

--- a/api/repository.go
+++ b/api/repository.go
@ -25,8 +25,7 @@ import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
-
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/utils/log"
 )

 // RepositoryAPI handles request to /api/repositories /api/repositories/tags /api/repositories/manifests, the parm has to be put
@ -49,7 +48,7 @@ func (ra *RepositoryAPI) Prepare() {
 	}
 	username, ok := ra.GetSession("username").(string)
 	if !ok {
-		beego.Warning("failed to get username from session")
+		log.Warning("failed to get username from session")
 		ra.username = ""
 	} else {
 		ra.username = username
@ -60,17 +59,17 @@ func (ra *RepositoryAPI) Prepare() {
 func (ra *RepositoryAPI) Get() {
 	projectID, err0 := ra.GetInt64("project_id")
 	if err0 != nil {
-		beego.Error("Failed to get project id, error:", err0)
+		log.Errorf("Failed to get project id, error: %v", err0)
 		ra.RenderError(http.StatusBadRequest, "Invalid project id")
 		return
 	}
 	p, err := dao.GetProjectByID(projectID)
 	if err != nil {
-		beego.Error("Error occurred in GetProjectById:", err)
+		log.Errorf("Error occurred in GetProjectById, error: %v", err)
 		ra.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if p == nil {
-		beego.Warning("Project with Id:", projectID, ", does not exist")
+		log.Warningf("Project with Id: %d does not exist", projectID)
 		ra.RenderError(http.StatusNotFound, "")
 		return
 	}
@ -80,7 +79,7 @@ func (ra *RepositoryAPI) Get() {
 	}
 	repoList, err := svc_utils.GetRepoFromCache()
 	if err != nil {
-		beego.Error("Failed to get repo from cache, error:", err)
+		log.Errorf("Failed to get repo from cache, error: %v", err)
 		ra.RenderError(http.StatusInternalServerError, "internal sever error")
 	}
 	projectName := p.Name
@ -131,7 +130,7 @@ func (ra *RepositoryAPI) GetTags() {
 	repoName := ra.GetString("repo_name")
 	result, err := svc_utils.RegistryAPIGet(svc_utils.BuildRegistryURL(repoName, "tags", "list"), ra.username)
 	if err != nil {
-		beego.Error("Failed to get repo tags, repo name:", repoName, ", error: ", err)
+		log.Errorf("Failed to get repo tags, repo name: %s, error: %v", repoName, err)
 		ra.RenderError(http.StatusInternalServerError, "Failed to get repo tags")
 	} else {
 		t := tag{}
@ -151,14 +150,14 @@ func (ra *RepositoryAPI) GetManifests() {

 	result, err := svc_utils.RegistryAPIGet(svc_utils.BuildRegistryURL(repoName, "manifests", tag), ra.username)
 	if err != nil {
-		beego.Error("Failed to get manifests for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
+		log.Errorf("Failed to get manifests for repo, repo name: %s, tag: %s, error: %v", repoName, tag, err)
 		ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
 		return
 	}
 	mani := manifest{}
 	err = json.Unmarshal(result, &mani)
 	if err != nil {
-		beego.Error("Failed to decode json from response for manifests, repo name:", repoName, ", tag:", tag, ", error:", err)
+		log.Errorf("Failed to decode json from response for manifests, repo name: %s, tag: %s, error: %v", repoName, tag, err)
 		ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
 		return
 	}
@ -166,7 +165,7 @@ func (ra *RepositoryAPI) GetManifests() {

 	err = json.Unmarshal([]byte(v1Compatibility), &item)
 	if err != nil {
-		beego.Error("Failed to decode V1 field for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
+		log.Errorf("Failed to decode V1 field for repo, repo name: %s, tag: %s, error: %v", repoName, tag, err)
 		ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
 		return
 	}
--- a/api/search.go
+++ b/api/search.go
@ -24,8 +24,7 @@ import (
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
 	"github.com/vmware/harbor/utils"
-
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/utils/log"
 )

 // SearchAPI handles requesst to /api/search
@ -47,7 +46,7 @@ func (n *SearchAPI) Get() {
 	keyword := n.GetString("q")
 	projects, err := dao.QueryRelevantProjects(userID)
 	if err != nil {
-		beego.Error("Failed to get projects of user id:", userID, ", error:", err)
+		log.Errorf("Failed to get projects of user id: %d, error: %v", userID, err)
 		n.CustomAbort(http.StatusInternalServerError, "Failed to get project search result")
 	}
 	projectSorter := &utils.ProjectSorter{Projects: projects}
@ -69,7 +68,7 @@ func (n *SearchAPI) Get() {

 	repositories, err2 := svc_utils.GetRepoFromCache()
 	if err2 != nil {
-		beego.Error("Failed to get repos from cache, error :", err2)
+		log.Errorf("Failed to get repos from cache, error: %v", err2)
 		n.CustomAbort(http.StatusInternalServerError, "Failed to get repositories search result")
 	}
 	sort.Strings(repositories)
--- a/api/user.go
+++ b/api/user.go
@ -21,8 +21,7 @@ import (

 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
-
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/utils/log"
 )

 // UserAPI handles request to /api/users/{}
@ -43,17 +42,17 @@ func (ua *UserAPI) Prepare() {
 		var err error
 		ua.userID, err = strconv.Atoi(id)
 		if err != nil {
-			beego.Error("Invalid user id, error:", err)
+			log.Errorf("Invalid user id, error: %v", err)
 			ua.CustomAbort(http.StatusBadRequest, "Invalid user Id")
 		}
 		userQuery := models.User{UserID: ua.userID}
 		u, err := dao.GetUser(userQuery)
 		if err != nil {
-			beego.Error("Error occurred in GetUser:", err)
+			log.Errorf("Error occurred in GetUser, error: %v", err)
 			ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		if u == nil {
-			beego.Error("User with Id:", ua.userID, "does not exist")
+			log.Errorf("User with Id: %d does not exist", ua.userID)
 			ua.CustomAbort(http.StatusNotFound, "")
 		}
 	}
@ -63,13 +62,13 @@ func (ua *UserAPI) Prepare() {
 func (ua *UserAPI) Get() {
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}

 	if ua.userID == 0 { //list users
 		if !exist {
-			beego.Error("Current user, id:", ua.currentUserID, ", does not have admin role, can not list users")
+			log.Errorf("Current user, id: %d does not have admin role, can not list users", ua.currentUserID)
 			ua.RenderError(http.StatusForbidden, "User does not have admin role")
 			return
 		}
@ -80,7 +79,7 @@ func (ua *UserAPI) Get() {
 		}
 		userList, err := dao.ListUsers(userQuery)
 		if err != nil {
-			beego.Error("Failed to get data from database, error:", err)
+			log.Errorf("Failed to get data from database, error: %v", err)
 			ua.RenderError(http.StatusInternalServerError, "Failed to query from database")
 			return
 		}
@ -90,12 +89,12 @@ func (ua *UserAPI) Get() {
 		userQuery := models.User{UserID: ua.userID}
 		u, err := dao.GetUser(userQuery)
 		if err != nil {
-			beego.Error("Error occurred in GetUser:", err)
+			log.Errorf("Error occurred in GetUser, error: %v", err)
 			ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		ua.Data["json"] = u
 	} else {
-		beego.Error("Current user, id:", ua.currentUserID, "does not have admin role, can not view other user's detail")
+		log.Errorf("Current user, id: %d does not have admin role, can not view other user's detail", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
@ -106,11 +105,11 @@ func (ua *UserAPI) Get() {
 func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if !exist {
-		beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not update other user's role")
+		log.Warningf("current user, id: %d does not have admin role, can not update other user's role", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
@ -122,17 +121,17 @@ func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
 func (ua *UserAPI) Delete() {
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if !exist {
-		beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not remove user")
+		log.Warningf("current user, id: %d does not have admin role, can not remove user", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
 	err = dao.DeleteUser(ua.userID)
 	if err != nil {
-		beego.Error("Failed to delete data from database, error:", err)
+		log.Errorf("Failed to delete data from database, error: %v", err)
 		ua.RenderError(http.StatusInternalServerError, "Failed to delete User")
 		return
 	}
--- a/api/utils.go
+++ b/api/utils.go
@ -18,14 +18,13 @@ package api
 import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
-
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/utils/log"
 )

 func checkProjectPermission(userID int, projectID int64) bool {
 	exist, err := dao.IsAdminRole(userID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		return false
 	}
 	if exist {
@ -33,7 +32,7 @@ func checkProjectPermission(userID int, projectID int64) bool {
 	}
 	roleList, err := dao.GetUserProjectRoles(userID, projectID)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		return false
 	}
 	return len(roleList) > 0
@ -42,7 +41,7 @@ func checkProjectPermission(userID int, projectID int64) bool {
 func checkUserExists(name string) int {
 	u, err := dao.GetUser(models.User{Username: name})
 	if err != nil {
-		beego.Error("Error occurred in GetUser:", err)
+		log.Errorf("Error occurred in GetUser, error: %v", err)
 		return 0
 	}
 	if u != nil {
--- a/auth/authenticator.go
+++ b/auth/authenticator.go
@ -17,12 +17,11 @@ package auth

 import (
 	"fmt"
-	"log"
 	"os"

-	"github.com/vmware/harbor/models"
+	"github.com/vmware/harbor/utils/log"

-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/models"
 )

 // Authenticator provides interface to authenticate user credentials.
@ -37,7 +36,7 @@ var registry = make(map[string]Authenticator)
 // Register add different authenticators to registry map.
 func Register(name string, authenticator Authenticator) {
 	if _, dup := registry[name]; dup {
-		log.Printf("authenticator: %s has been registered", name)
+		log.Infof("authenticator: %s has been registered", name)
 		return
 	}
 	registry[name] = authenticator
@ -50,7 +49,7 @@ func Login(m models.AuthModel) (*models.User, error) {
 	if authMode == "" || m.Principal == "admin" {
 		authMode = "db_auth"
 	}
-	beego.Debug("Current AUTH_MODE is ", authMode)
+	log.Debug("Current AUTH_MODE is ", authMode)

 	authenticator, ok := registry[authMode]
 	if !ok {
--- a/auth/ldap/ldap.go
+++ b/auth/ldap/ldap.go
@ -18,15 +18,15 @@ package ldap
 import (
 	"errors"
 	"fmt"
-	"log"
 	"os"
 	"strings"

+	"github.com/vmware/harbor/utils/log"
+
 	"github.com/vmware/harbor/auth"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"

-	"github.com/astaxie/beego"
 	"github.com/mqu/openldap"
 )

@ -44,7 +44,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 	if ldapURL == "" {
 		return nil, errors.New("Can not get any available LDAP_URL.")
 	}
-	beego.Debug("ldapURL:", ldapURL)
+	log.Debug("ldapURL:", ldapURL)

 	p := m.Principal
 	for _, c := range metaChars {
@ -66,7 +66,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 	}

 	baseDn := fmt.Sprintf(ldapBaseDn, m.Principal)
-	beego.Debug("baseDn:", baseDn)
+	log.Debug("baseDn:", baseDn)

 	err = ldap.Bind(baseDn, m.Password)
 	if err != nil {
@ -83,7 +83,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 		return nil, err
 	}
 	if len(result.Entries()) != 1 {
-		log.Printf("Found more than one entry.")
+		log.Warningf("Found more than one entry.")
 		return nil, nil
 	}
 	en := result.Entries()[0]
@ -100,7 +100,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 		}
 	}

-	beego.Debug("username:", u.Username, ",email:", u.Email, ",realname:", u.Realname)
+	log.Debug("username:", u.Username, ",email:", u.Email, ",realname:", u.Realname)

 	exist, err := dao.UserExists(u, "username")
 	if err != nil {
--- a/docs/configure_https.md
+++ b/docs/configure_https.md
@ -0,0 +1,123 @@
+#Configure Harbor with HTTPS Access 
+
+Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relatively simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https.
+
+##Get a certificate
+
+Assuming that your registry’s **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
+
+In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
+
+1) Create your own CA certificate:
+```
+  openssl req \
+    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
+    -x509 -days 365 -out ca.crt
+```
+2) Generate a Certificate Signing Request, be sure to use **reg.yourdomain.com** as the CN (Common Name):
+```
+  openssl req \
+    -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
+    -out yourdomain.com.csr
+```
+3) Generate the certificate of your registry host
+
+You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let’s creates necessary directories and files:
+```
+  mkdir demoCA
+  cd demoCA
+  touch index.txt
+  echo '01' > serial
+  cd ..
+ ```
+Then run this command to generate the certificate of your registry host:
+```
+  openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key –outdir .
+```
+
+##Configuration of Nginx
+After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, change the directory to Deploy/config/nginx in Harbor project.
+```
+  cd Deploy/config/nginx
+```
+Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
+
+Rename the existing configuration file of Nginx:
+```
+  mv nginx.conf nginx.conf.bak
+```
+Copy the template **nginx.https.conf** as the new configuration file:
+```
+  cp nginx.https.conf nginx.conf
+```
+Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com .
+```
+  server {
+    listen 443 ssl;
+    server_name harbordomain.com;
+
+…
+
+    server {
+      listen 80;
+      server_name harbordomain.com;
+      rewrite ^/(.*) https://$server_name$1 permanent;
+
+```
+Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
+```
+…
+
+    # SSL
+    ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
+    ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
+  
+```
+Save your changes in nginx.conf.
+
+##Installation of Harbor
+Next, edit the file Deploy/harbor.cfg , update the hostname and the protocol:
+```
+  #set hostname
+  hostname = reg.yourdomain.com
+  #set ui_url_protocol
+  ui_url_protocol = https
+```
+
+Generate configuration files for Harbor:
+```
+./prepare
+```
+If Harbor is already running, stop and remove the existing instance. Your image data remain in the file system
+```
+  docker-compose stop
+  docker-compose rm
+```
+Finally, restart Harbor:
+```
+  docker-compose up –d
+```
+After setting up HTTPS for Harbor, you can verify it by the follow steps:
+
+1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
+
+2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g. 
+```
+  docker login reg.yourdomain.com
+```
+##Troubleshooting
+1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
+```
+  cat intermediate-certificate.pem >> yourdomain.com.crt 
+```
+2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level.  
+  On Ubuntu, this can be done by below commands:
+```
+  cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
+  update-ca-certificates
+```  
+  On Red Hat (CentOS etc), the commands are:
+```
+  cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
+  update-ca-trust
+
--- a/docs/img/UserMaDai.jpg
+++ b/docs/img/UserMaDai.jpg
--- a/docs/img/dataman.png
+++ b/docs/img/dataman.png
--- a/docs/img/slamteclogo.png
+++ b/docs/img/slamteclogo.png
--- a/service/notification.go
+++ b/service/notification.go
@ -23,6 +23,7 @@ import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
+	"github.com/vmware/harbor/utils/log"

 	"github.com/astaxie/beego"
 )
@ -37,12 +38,12 @@ const manifestPattern = `^application/vnd.docker.distribution.manifest.v\d\+json
 // Post handles POST request, and records audit log or refreshes cache based on event.
 func (n *NotificationHandler) Post() {
 	var notification models.Notification
-	//	log.Printf("Notification Handler triggered!\n")
-	//	log.Printf("request body in string: %s", string(n.Ctx.Input.CopyBody()))
+	//	log.Info("Notification Handler triggered!\n")
+	//	log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody()))
 	err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), &notification)

 	if err != nil {
-		beego.Error("error while decoding json: ", err)
+		log.Errorf("error while decoding json: %v", err)
 		return
 	}
 	var username, action, repo, project string
@ -50,7 +51,7 @@ func (n *NotificationHandler) Post() {
 	for _, e := range notification.Events {
 		matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType)
 		if err != nil {
-			beego.Error("Failed to match the media type against pattern, error: ", err)
+			log.Errorf("Failed to match the media type against pattern, error: %v", err)
 			matched = false
 		}
 		if matched && strings.HasPrefix(e.Request.UserAgent, "docker") {
@ -68,7 +69,7 @@ func (n *NotificationHandler) Post() {
 				go func() {
 					err2 := svc_utils.RefreshCatalogCache()
 					if err2 != nil {
-						beego.Error("Error happens when refreshing cache:", err2)
+						log.Errorf("Error happens when refreshing cache: %v", err2)
 					}
 				}()
 			}
--- a/service/token.go
+++ b/service/token.go
@ -16,12 +16,12 @@
 package service

 import (
-	"log"
 	"net/http"

 	"github.com/vmware/harbor/auth"
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
+	"github.com/vmware/harbor/utils/log"

 	"github.com/astaxie/beego"
 	"github.com/docker/distribution/registry/auth/token"
@ -38,14 +38,14 @@ type TokenHandler struct {
 func (a *TokenHandler) Get() {

 	request := a.Ctx.Request
-	log.Println("request url: " + request.URL.String())
+	log.Infof("request url: %v", request.URL.String())
 	username, password, _ := request.BasicAuth()
 	authenticated := authenticate(username, password)
 	service := a.GetString("service")
 	scope := a.GetString("scope")

 	if len(scope) == 0 && !authenticated {
-		log.Printf("login request with invalid credentials")
+		log.Info("login request with invalid credentials")
 		a.CustomAbort(http.StatusUnauthorized, "")
 	}
 	access := svc_utils.GetResourceActions(scope)
@ -60,7 +60,7 @@ func (a *TokenHandler) serveToken(username, service string, access []*token.Reso
 	//create token
 	rawToken, err := svc_utils.MakeToken(username, service, access)
 	if err != nil {
-		log.Printf("Failed to make token, error: %v", err)
+		log.Errorf("Failed to make token, error: %v", err)
 		writer.WriteHeader(http.StatusInternalServerError)
 		return
 	}
@ -73,7 +73,7 @@ func (a *TokenHandler) serveToken(username, service string, access []*token.Reso
 func authenticate(principal, password string) bool {
 	user, err := auth.Login(models.AuthModel{principal, password})
 	if err != nil {
-		log.Printf("Error occurred in UserLogin: %v", err)
+		log.Errorf("Error occurred in UserLogin: %v", err)
 		return false
 	}
 	if user == nil {
--- a/service/utils/authutils.go
+++ b/service/utils/authutils.go
@ -21,11 +21,11 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"log"
 	"strings"
 	"time"

 	"github.com/vmware/harbor/dao"
+	"github.com/vmware/harbor/utils/log"

 	"github.com/docker/distribution/registry/auth/token"
 	"github.com/docker/libtrust"
@ -71,19 +71,19 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions)
 				if username == "admin" {
 					exist, err := dao.ProjectExists(projectName)
 					if err != nil {
-						log.Printf("Error occurred in CheckExistProject: %v", err)
+						log.Errorf("Error occurred in CheckExistProject: %v", err)
 						return
 					}
 					if exist {
 						permission = "RW"
 					} else {
 						permission = ""
-						log.Printf("project %s does not exist, set empty permission for admin", projectName)
+						log.Infof("project %s does not exist, set empty permission for admin\n", projectName)
 					}
 				} else {
 					permission, err = dao.GetPermission(username, projectName)
 					if err != nil {
-						log.Printf("Error occurred in GetPermission: %v", err)
+						log.Errorf("Error occurred in GetPermission: %v", err)
 						return
 					}
 				}
@ -96,7 +96,7 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions)
 			}
 		}
 	}
-	log.Printf("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions)
+	log.Infof("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions)
 }

 // GenTokenForUI is for the UI process to call, so it won't establish a https connection from UI to proxy.
--- a/service/utils/cache.go
+++ b/service/utils/cache.go
@ -20,8 +20,7 @@ import (
 	"time"

 	"github.com/vmware/harbor/models"
-
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/utils/log"

 	"github.com/astaxie/beego/cache"
 )
@ -35,7 +34,7 @@ func init() {
 	var err error
 	Cache, err = cache.NewCache("memory", `{"interval":720}`)
 	if err != nil {
-		beego.Error("Failed to initialize cache, error:", err)
+		log.Errorf("Failed to initialize cache, error:%v", err)
 	}
 }

--- a/service/utils/registryutils.go
+++ b/service/utils/registryutils.go
@ -19,10 +19,11 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"net/http"
 	"os"
 	"strings"
+
+	"github.com/vmware/harbor/utils/log"
 )

 // BuildRegistryURL ...
@ -34,7 +35,7 @@ func BuildRegistryURL(segments ...string) string {
 	url := registryURL + "/v2"
 	for _, s := range segments {
 		if s == "v2" {
-			log.Printf("unnecessary v2 in %v", segments)
+			log.Debugf("unnecessary v2 in %v", segments)
 			continue
 		}
 		url += "/" + s
@ -45,6 +46,8 @@ func BuildRegistryURL(segments ...string) string {
 // RegistryAPIGet triggers GET request to the URL which is the endpoint of registry and returns the response body.
 // It will attach a valid jwt token to the request if registry requires.
 func RegistryAPIGet(url, username string) ([]byte, error) {
+
+	log.Debugf("Registry API url: %s", url)
 	response, err := http.Get(url)
 	if err != nil {
 		return nil, err
@ -58,8 +61,8 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 		return result, nil
 	} else if response.StatusCode == http.StatusUnauthorized {
 		authenticate := response.Header.Get("WWW-Authenticate")
+		log.Debugf("authenticate header: %s", authenticate)
 		str := strings.Split(authenticate, " ")[1]
-		log.Println("url: " + url)
 		var service string
 		var scope string
 		strs := strings.Split(str, ",")
@ -70,8 +73,12 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 				scope = s
 			}
 		}
-		service = strings.Split(service, "\"")[1]
-		scope = strings.Split(scope, "\"")[1]
+		if arr := strings.Split(service, "\""); len(arr) > 1 {
+			service = arr[1]
+		}
+		if arr := strings.Split(scope, "\""); len(arr) > 1 {
+			scope = arr[1]
+		}
 		token, err := GenTokenForUI(username, service, scope)
 		if err != nil {
 			return nil, err
@ -83,7 +90,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 		request.Header.Add("Authorization", "Bearer "+token)
 		client := &http.Client{}
 		client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
-			//	log.Printf("via length: %d\n", len(via))
+			//	log.Infof("via length: %d\n", len(via))
 			if len(via) >= 10 {
 				return fmt.Errorf("too many redirects")
 			}
@ -100,7 +107,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 		}
 		if response.StatusCode != http.StatusOK {
 			errMsg := fmt.Sprintf("Unexpected return code from registry: %d", response.StatusCode)
-			log.Printf(errMsg)
+			log.Error(errMsg)
 			return nil, fmt.Errorf(errMsg)
 		}
 		result, err = ioutil.ReadAll(response.Body)