harbor/docker-compose.yml aktualisiert

2026-01-02 20:57:27 +00:00
parent f9a35b8f7d
commit 93ed6775a2
1 changed files with 8 additions and 21 deletions
--- a/harbor/docker-compose.yml
+++ b/harbor/docker-compose.yml
@@ -1,6 +1,8 @@
+version: "3.9"
+
 services:
  # ---------------------------------------------------------
-  # 1. Init-Container: erzeugt harbor.yml + Self-Signed TLS
+  # 1. Init-Container: erzeugt harbor.yml (OHNE HTTPS!)
  # ---------------------------------------------------------
  harbor-config:
    image: alpine:${ALPINE_VERSION:-3.19}
@@ -9,30 +11,14 @@ services:
    command: |
      set -e

-      # TLS-Verzeichnis erstellen
-      mkdir -p ${HARBOR_DATA_PATH:-/data/harbor}/tls
+      mkdir -p ${HARBOR_DATA_PATH:-/data/harbor}/config

-      # Self-Signed Zertifikat erzeugen, falls nicht vorhanden
-      if [ ! -f "${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt" ]; then
-        echo "Generating self-signed certificate..."
-        openssl req -x509 -nodes -newkey rsa:2048 \
-          -keyout ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.key \
-          -out ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt \
-          -subj "/CN=${HARBOR_HOSTNAME:-harbor.local}"
-      fi
-
-      # Harbor-Konfiguration erzeugen
      cat <<EOF > /config/harbor.yml
      hostname: ${HARBOR_HOSTNAME:-harbor.local}

      http:
        port: ${HARBOR_HTTP_PORT:-8080}

-      https:
-        port: ${HARBOR_HTTPS_PORT:-8443}
-        certificate: /etc/harbor/tls/harbor.crt
-        private_key: /etc/harbor/tls/harbor.key
-
      harbor_admin_password: ${HARBOR_ADMIN_PASSWORD:-Harbor12345}

      data_volume: ${HARBOR_DATA_PATH:-/data/harbor}
@@ -42,7 +28,6 @@ services:
      EOF
    volumes:
      - "${HARBOR_DATA_PATH:-/data/harbor}/config:/config"
-      - "${HARBOR_DATA_PATH:-/data/harbor}/tls:/etc/harbor/tls:ro"
    restart: "no"
    networks:
      - harbor
@@ -103,8 +88,10 @@ services:
      - "traefik.http.routers.harbor.entrypoints=websecure"
      - "traefik.http.routers.harbor.rule=Host(`${HARBOR_HOSTNAME:-harbor.local}`)"
      - "traefik.http.routers.harbor.tls=true"
-      - "traefik.http.routers.harbor.tls.passthrough=true"
-      - "traefik.http.services.harbor.loadbalancer.server.port=${HARBOR_HTTPS_PORT:-8443}"
+      - "traefik.http.routers.harbor.tls.passthrough=false"
+      # Falls du Let's Encrypt nutzt:
+      # - "traefik.http.routers.harbor.tls.certresolver=myresolver"
+      - "traefik.http.services.harbor.loadbalancer.server.port=${HARBOR_HTTP_PORT:-8080}"

  jobservice:
    image: goharbor/harbor-jobservice:${HARBOR_VERSION:-v2.11.0}