From 5b8c29a8f117b6c83718c5eb1a57aaa4175d1180 Mon Sep 17 00:00:00 2001 From: Stuart Clements Date: Tue, 29 Oct 2019 10:10:55 +0100 Subject: [PATCH] Clarified that HTTP is still the default in 1.9.x --- docs/configure_https.md | 2 +- docs/installation_guide.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 13cd459e8..2487d8be2 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -1,6 +1,6 @@ # Configuring Harbor with HTTPS Access -Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. However, using HTTP is acceptable only in air-gapped test or development environments that do not have a connection to the external internet. Using HTTP in environments that are not air-gapped exposes you to man-in-the-middle attacks. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS. +In versions up to and including 1.9.x, by default Harbor uses HTTP to serve registry requests. However, using HTTP is acceptable only in air-gapped test or development environments that do not have a connection to the external internet. Using HTTP in environments that are not air-gapped exposes you to man-in-the-middle attacks. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS. Harbor uses an `nginx` instance as a reverse proxy for all services. You use the `prepare` script to configure `nginx` to enable HTTPS. diff --git a/docs/installation_guide.md b/docs/installation_guide.md index 8364f15ce..2eb14e782 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -91,7 +91,7 @@ After the initial deployment and after you have started Harbor, you perform addi The table below lists the parameters that must be set when you deploy Harbor. By default, all of the required parameters are uncommented in the `harbor.yml` file. The optional parameters are commented with `#`. You do not necessarily need to change the values of the required parameters from the defaults that are provided, but these parameters must remain uncommented. At the very least, you must update the `hostname` parameter. -**IMPORTANT**: Harbor does not ship with any certificates. In versions up to and including 1.9.1, by default Harbor uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS. +**IMPORTANT**: Harbor does not ship with any certificates. In versions up to and including 1.9.x, by default Harbor uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS. You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. For information about how to create a CA, and how to use a CA to sign a server certificate and a client certificate, see **[Configuring Harbor with HTTPS Access](configure_https.md)**.