Install Harbor Container Image Registry on CentOS / Debian / Ubuntu
What is Harbor?
Harbor is an open-source cloud based native docker registry that stores,our custom docker images for vulnerabilities. In common words we can say it is like docker hub where we can create multiple private repositories.
Software
Software | Version |
Docker engine | version 17.06.0-ce+ or higher |
Docker Compose | version 1.18.0 or higher |
Openssl | latest is preferred |
Difference between harbor and docker hub
Harbor | Docker Hub |
It is a self managed service. | It is a fully managed service. |
We have to host it on a server. | It is already hosted on cloud. |
It is an open-source, so private repositories can be created with no cost. | Private repositories are paid, if you want to create. |
Storage issue may arise, so you may need to expand your storage | No storage issue. |
Installation
1. Install docker and docker compose in your system, for knowing how to install docker and docker compose please visit the installation and docker compose section.
2. Install Harbor
curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\.tgz$' | wget -qi -
You can also pull the latest Harbor release from the link mentioned below:- https://github.com/goharbor/harbor/releases
- Unpack downloaded Harbor file.
tar xvzf harbor-offline-installer*.tgz
- Change into harbor created after file unpacking.
cd harbor
- Harbor Installation without SSL
- In the first setup, we’ll consider installation without TLS/SSL. Open and edit configuration file for harbor like below.
$ nano harbor.yml .... # IP address or hostname for accessing admin UI and registry service. hostname: registry.salesforcedrillers.com harbor_admin_password: StrongAdminP@s5W0$d # Harbor DB configuration database: password: StrongdbrootP@s5W0$d
- Harbor Installation with Let’s Encrypt SSL
- If a public IP is associated with your server and then Let’s Encrypt free SSL certificate can be used.
Start by installing a certbot-auto tool.
wget https://dl.eff.org/certbot-auto chmod +x certbot-auto sudo mv certbot-auto /usr/local/bin
- Then obtain an SSL certificate.
export DOMAIN="registry.salesforcedrillers.com" export EMAIL="admin@example.com" certbot-auto certonly --standalone -d $DOMAIN_NAME --preferred-challenges http --agree-tos -n -m $EMAIL_STR --keep-until-expiring
- Configure https related config.
hostname: registry.salesforcedrillers.com harbor_admin_password: StrongAdminP@s5W0$d # Harbor DB configuration database: password: StrongdbrootP@s5W0$d http: port: 80 https: port: 443 certificate: /etc/letsencrypt/live/registry.salesforcedrillers.com/fullchain.pem private_key: /etc/letsencrypt/live/registry.salesforcedrillers.com/privkey.pem
3. Install Harbor Docker image registry.
First backend storage (optional) and harbor.yml are configured, then harbor can be installed and started using install.sh script.
$ sudo ./install.sh --with-notary --with-clair --with-chartmuseum
Enable and configure https in harbor.yml for including Notary service.
4. Access Harbor.
After the installation has succeeded, access the Harbor web console on https://registry_domain.
5. Login with:
Username: admin Password: Set-in-harbor.yml