-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.yml
316 lines (274 loc) · 11.5 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
# This file contains the default values for the configuration of this
# application. In order to change them, write your own config-local.yml file
# (it will be ignored by git). For more info, you can read the dedicated page
# here: http://port.us.org/docs/Configuring-Portus.html.
# Settings for the Portus mailer.
email:
from: "portus@example.com"
name: "Portus"
reply_to: "no-reply@example.com"
# If enabled, then SMTP will be used. Otherwise 'sendmail' will be used
# (defaults to: /usr/sbin/sendmail -i -t).
smtp:
enabled: false
address: "smtp.example.com"
port: 587,
user_name: "username@example.com"
password: "password"
domain: "example.com"
# If enabled, then the profile picture will be picked from the Gravatar
# associated with each user. See: https://en.gravatar.com/
gravatar:
enabled: true
# Allow admins and owners to delete images and tags. This feature should *only*
# be enabled if the version of the running registry is 2.4 or higher since
# it's the first version that supports garbage collection. That being said,
# Portus will only delete the manifests of the tags and administrators are
# supposed to be responsible for garbage collecting unreferenced blobs. This is
# because the registry 2.4 does not garbage collect automatically. For more
# information on garbage collection on the registry, read the documentation:
# https://github.com/docker/distribution/blob/master/docs/garbage-collection.md
# Also, you can read more in our documentation here:
# http://port.us.org/features/removing_images.html
delete:
enabled: false
# LDAP support. If enabled, then only users of the specified LDAP server will
# be able to use Portus. Take a look at the documentation of LDAP support in our
# online docs: http://port.us.org/features/2_LDAP-support.html.
ldap:
enabled: false
hostname: "ldap_hostname"
port: 389
# Available options: "plain", "simple_tls" and "start_tls".
# TODO: deprecated in favor of `encryption.method`.
method: "plain"
# Encryption options
encryption:
# Available methods: "plain", "simple_tls" and "start_tls".
method: ""
options:
# The CA file to be accepted by the LDAP server. If none is provided, then
# the default parameters from the host will be sent.
ca_file: ""
# Protocol version.
ssl_version: "TLSv1_2"
# The base where users are located (e.g. "ou=users,dc=example,dc=com").
base: ""
# User filter (e.g. "mail=george*").
filter: ""
# The LDAP attribute where to search for username. The default is 'uid'.
uid: "uid"
# LDAP credentials used to search for a user.
authentication:
enabled: false
bind_dn: ""
password: ""
# Portus needs an email for each user, but there's no standard way to get
# that from LDAP servers. You can tell Portus how to get the email from users
# registered in the LDAP server with this configurable value. There are three
# possibilities:
#
# - disabled: this is the default value. It means that Portus won't do a
# thing when registering LDAP users (users will be redirected to their
# profile page until they setup an email account).
# - enabled where "attr" is empty: for this you need "ldap.base" to have
# some value. In this case, the hostname will be guessed from the domain
# component of the provided base string. For example, for the dn:
# "ou=users,dc=example,dc=com", and a user name "user", the resulting
# email is "user@example.com".
# - enabled where "attr" is not empty: with this you specify the attribute
# inside a LDIF record where the email is set.
#
# If something goes wrong when trying to guess the email, then it just falls
# back to the default behavior (empty email).
guess_email:
enabled: false
attr: ""
# OAuth support.
oauth:
# If enabled, users can authenticate with their Google Account.
# Callback url: <host>/users/auth/google_oauth2/callback
google_oauth2:
enabled: false
# Credentials. Details on https://developers.google.com/identity/protocols/OpenIDConnect
id: ""
secret: ""
# If a domain (e.g. mycompany.com) is set, then only signups with email from this domain are allowed.
domain: ""
options:
# G Suite domain. If set, then only members of the domain can sign in/up.
# If it's empty then any google users con sign in/up.
hd: ""
# OpenID authentication support. If enabled, then users can authenticate with OpenID/Connect
# Callback url: <host>/users/auth/open_id/callback
open_id:
enabled: false
# Optional. If identifier set then user redirect to the OpenID provider.
# If not, then user is asked for identifier before redirect.
# Example https://openid.stackexchange.com
identifier: ""
# If a domain (e.g. mycompany.com) is set, then only signups with email from this domain are allowed.
domain: ""
# Github authentication support.
# Callback url: <host>/users/auth/github/callback
github:
enabled: false
# Application credentials.
client_id: ""
client_secret: ""
# Only members of organization's team can sign in/up with Github.
organization: ""
team: ""
# If a domain (e.g. mycompany.com) is set, then only signups with email from this domain are allowed.
domain: ""
# Gitlab authentication support.
# Callback url: <host>/users/auth/gitlab/callback
gitlab:
enabled: false
application_id: ""
secret: ""
# Only member of the group can sign in/up with Gitlab.
group: ""
# If a domain (e.g. mycompany.com) is set, then only signups with email from this domain are allowed.
domain: ""
# The Gitlab server to be used. If empty, then https://gitlab.com is assumed.
server: ""
# Bitbucket authentication support. Need permission to read email.
# Callback url: <host>/users/auth/bitbucket/callback
bitbucket:
enabled: false
# Application credentials.
key: ""
secret: ""
# If a domain (e.g. mycompany.com) is set, then only signups with email from this domain are allowed.
domain: ""
options:
# Only members of team can sign in/up with Bitbucket. Need permission to read team membership.
team: ""
# Set first_user_admin to true if you want that the first user that signs up
# to be an admin.
#
# Set to false otherwise. Then you will need to run
# rake portus:make_admin[USERNAME]
# in order to set the admin user
first_user_admin:
enabled: true
# If enabled, then users can signup with the signup form. Otherwise, the admin
# is responsible of creating new users by either:
# - Using the "portus:create_user" rake task.
# - Using the form available in the admin panel.
# This is ignored if LDAP is enabled. Read more about this here:
# http://port.us.org/features/disabling_signup.html
signup:
enabled: true
# By default require ssl to be enabled when running on production
check_ssl_usage:
enabled: true
# Contains advanced options that tweak how Portus interacts with the
# Registry. Don't touch any of these values unless you *really* know what you
# are doing.
registry:
# Set the expiration time in minutes for the JWT Token that Portus uses to
# authenticate with the registry.
#
# Note that this is just a work-around on the fact that the registry does not
# try to get a new token again after the current one has expired. Once a
# solution is issued upstream, we can deprecate this option.
#
# See: https://github.com/SUSE/Portus/issues/510
jwt_expiration_time:
value: 5
# Set the pagination value for API calls that fetch data from the
# registry. You can read more about pagination in the registry here:
# https://github.com/docker/distribution/blob/master/docs/spec/api.md#pagination
catalog_page:
value: 100
# Set the timeout in seconds for requests to the registry. Only change this
# value if you are *really* sure that you have an exceptionally slow
# connection to your private Docker registry.
timeout:
value: 2
# Set timeout in seconds for read response from registry.
read_timeout:
value: 120
# The FQDN of the machine where Portus is being deployed.
machine_fqdn:
value: "192.168.33.13"
# Allow users to have different display names on the web site. This will
# **not** be the username used by `docker login`. It defaults to false because
# it might confuse users that are not fully aware of it. You can read more about
# it here: http://port.us.org/features/display_name.html
display_name:
enabled: false
user_permission:
# Allow users to change the visibility or their personal namespace. If this is
# disabled, only an admin will be able to change this. It defaults to true.
change_visibility:
enabled: true
# Allow users to create teams. If this is disabled only an admin will be able
# to do this. This defaults to true.
create_team:
enabled: true
# Allow users to create/modify teams if they are an owner of it. If this is
# disabled only an admin will be able to do this. This defaults to true.
manage_team:
enabled: true
# Allow users to create namespaces. If this is disabled, only an admin will
# be able to do this. This defaults to true.
create_namespace:
enabled: true
# Allow users to create/modify namespaces if they are an owner of it. If this
# is disabled, only an admin will be able to do this. This defaults to true.
manage_namespace:
enabled: true
# Security scanner support. Add the server location for each driver in order to
# enable it. If no drivers have been enabled, then this feature is skipped
# altogether. Enabling multiple drivers will simply aggregate the information
# provided by each driver.
security:
# CoreOS Clair support (https://github.com/coreos/clair). This is only
# guaranteed to work for v2.0.x releases of Clair.
clair:
server: ""
# Port being used by Clair to report its status. Taking the default from
# Clair.
health_port: 6061
# Timeout for HTTP requests with Clair. Defaults to 900 seconds, which is
# the default for Clair too.
timeout: 900
# zypper-docker can be run as a server with its `serve` command. This backend
# fetches the information as given by zypper-docker. Note that this feature
# from zypper-docker is experimental and only available through another branch
# than master.
#
# NOTE: support for this is experimental since this functionality has not
# been merged into master yet in zypper-docker.
zypper:
server: ""
# This backend is only used for testing purposes, don't use it.
dummy:
server: ""
# Allow anonymous (non-logged-in) users to explore the images available in your
# Docker Registry. Only images on public namespaces will be shown.
anonymous_browsing:
enabled: true
# Configuration for the background tasks.
background:
# The registry integration: it processes the given registry events (e.g. a new
# tag was pushed). It's therefore highly *discouraged* to disable this task.
registry:
enabled: true
# Registry synchronization: it synchronizes all the contents from the registry
# into the database.
sync:
enabled: true
# There are four accepted values:
# - update-delete: it performs a full synchronization.
# - update: it only adds missing tags, but it does not remove any contents
# from the database.
# - on-start: when starting Portus it runs an `update-delete` and then it
# gets disabled (i.e. it will only run once).
# - initial: like `on-start`, but it only runs if the database is
# empty. This is the default value since it's deemed to be the most
# common use-case.
strategy: initial