配置 DHE

配置 DHE

概述

本文将帮助你适当配置你的DHE，以让它可以运行在你的环境中。浏览器加载你的DHE，点击”Settings”页，查看配置参数。你抗看到如下配置参数：

Domains and ports
Security settings
Storage settings
Authentication settings
Your DHE license

Domains and ports

Domain Name: required defaults to an empty string, the fully qualified domain name assigned to the DHE host.

Load Balancer HTTP Port: defaults to 80, used as the entry point for the image storage service. To see load balancer status, you can query http:///load_balancer_status.

Load Balancer HTTPS Port: defaults to 443, used as the secure entry point for the image storage service.

HTTP_PROXY: defaults to an empty string, proxy server for HTTP requests.

HTTPS_PROXY: defaults to an empty string, proxy server for HTTPS requests.
NO_PROXY: defaults to an empty string, proxy bypass for HTTP and HTTPS requests.

说明：如果你需要DHE重新生成自签的证书，你将需要先删除/usr/local/etc/dhe/ssl/server.pem文件，让后重启DHE容器，通过修改并保存 “Domain Name”或者使用bash -c "$(docker run dockerhubenterprise/manager restart)"。

　Security（安全）

SSL Certificate: Used to enter the hash (string) from the SSL Certificate. This cert must be accompanied by its private key, entered below.

Private Key: The hash from the private key associated with the provided SSL Certificate (as a standard x509 key pair).

为了运行，DHE要求使用HTTPS/SSL进行编码在DHE私有库和你的Docker Engine之间通信，以及DHE私有库和你的DHE网页浏览器、DHE管理员服务之间。这里有一些配置参数：

You can use the self-signed certificate DHE generates by default.
You can generate your own certificates using a public service or your enterprise’s infrastructure. See the Generating SSL certificates section for the options available.

如果你生成你自己的证书，你可以安全他们，通过如下的命令添加你自己的私有库证书到DHE。

另一方面，如果选择使用DHE生成的证书，或者你自己生成的证书在你的Docker host上的client不受信任，你将需要作如下的步骤：

Install a registry certificate on all of your client Docker daemons,
Set your client Docker daemons to run with an unconfirmed connection to the registry.