Open in app

Sign in

Write

Sign in

Create Own Docker Registry with GUI using Harbor

Vineet Kumar
3 min readNov 29, 2020

--

Harbor fills a gap for applications and organizations that cannot use a public or cloud-based registry. You’ll enjoy a consistent experience across all clouds platforms

Prerequisite:
You need an operating system with support for docker and following system requirements:
Docker engine version -17.06.0-ce+ or higher
Docker Compose version -1.18.0 or higher

Hardware Requirement

Download and Install Harbor:
curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d ‘“‘ -f 4 | grep ‘\.tgz$’ | wget -i -

OR
You can also pull the latest Harbor release from the downloads page

Unzip tar: tar xvzf harbor-offline-installer*.tgz

Harbor Installation without ssl:
In the first setup, we’ll consider installation without TLS/SSL. Go to Harbor directory and Copy configuration template:
cp harbor.yml.tmpl harbor.yml
open harbor .yml file and comment the 443 port and its certificate, snap shot is as below

Comment Line no 13 to 18

Also change admin password (harbor_admin_password) in harbor.yml file

Final Step to install Harbor Docker Image Registry:
Once harbor.yml and storage backend (optional) are configured, install and start Harbor using the install.sh script.
$ sudo ./install.sh
Note that the default installation does not include Notary or Clair service. These services are used for vulnerability scanning.
Enable Clair and Chartmuseum:
$ sudo ./install.sh --with-notary --with-clair --with-chartmuseum
To include Notary service, you must enable and configure https in harbor.yml.So in simple way
$ sudo ./install.sh --with-clair

Harbor log files are stored in the directory /var/log/harbor/:

Access Harbor:
After the installation has succeeded, access Harbor web console on https://registry_domain.

Modify Name and Image:
Find location of container under overlay2 /var/lib/docker/overlay2/f***6f433dcae4c3aa114c482bd9250d63edd/diff/usr/share/nginx/html/setting.json
open setting.json file and replace it with following codes

{
  "headerBgColor": "#004a70",
  "headerLogo": "",
  "loginBgImg": "",
  "appTitle": "BITS REGISTRY",
  "product": {
    "title": "BITS REGISTRY",
    "company": "BITS REGISTRY",
    "name": "BITS REGISTRY",
    "introduction": {
      "zh-cn": "",
      "es-es": "",
      "en-us": ""
    }
  }
}

And for image replace images under images/harbor-logo.svg . Thts it and then run following two commands:
docker-compose down -v
dokcer-compose up -d

Harbor Installation with ssl:
A. Create server SSL and rootCA for client machine with the following script
vi create_selfsigned_ssl.sh

#! /bin/bashif [ "$#" -ne 1 ]
then
  echo "Error: No domain name argument provided"
  echo "Usage: Provide a domain name as an argument"
  exit 1
fiDOMAIN=$1# Create root CA & Private keyopenssl req -x509 \
            -sha256 -days 356 \
            -nodes \
            -newkey rsa:2048 \
            -subj "/CN=${DOMAIN}/C=US/L=San Fransisco" \
            -keyout rootCA.key -out rootCA.crt# Generate Private keyopenssl genrsa -out ${DOMAIN}.key 2048# Create csf confcat > csr.conf <<EOF
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn[ dn ]
C = IN
ST = DELHI
L = ASIA
O = KOLKATA
OU = NICDev
CN = ${DOMAIN}[ req_ext ]
subjectAltName = @alt_names[ alt_names ]
DNS.1 = ${DOMAIN}
DNS.2 = www.${DOMAIN}
IP.1 = 192.168.11.174EOF# create CSR request using private keyopenssl req -new -key ${DOMAIN}.key -out ${DOMAIN}.csr -config csr.conf# Create a external config file for the certificatecat > cert.conf <<EOFauthorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names[alt_names]
DNS.1 = ${DOMAIN}EOF# Create SSl with self signed CAopenssl x509 -req \
    -in ${DOMAIN}.csr \
    -CA rootCA.crt -CAkey rootCA.key \
    -CAcreateserial -out ${DOMAIN}.crt \
    -days 365 \
    -sha256 -extfile cert.conf

Run the Following command to execute the Above script
chmod a+x create_selfsigned_ssl.sh
./create_selfsigned_ssl.sh <domain-name>
For Example: ./create_selfsigned_ssl.sh chub.reg.in

Now , Follow two steps to access harbor in client side
1. Place the server certificate and key (in above example chub.reg.in.cert chub.reg.in.key) in harbor.yaml file and run ./prepare command on docroot location of harbor
2. Go to client machine and add registry server entry in /etc/docker/daemon.json file
{
"insecure-registries" : ["<domain-name>:443"]
}
and copy rootCA.crt file under the following directory
mkdir -p /etc/docker/certs.d/<domain-name>
For Example: /etc/docker/certs.d/chub.reg.in/rootCA.crt
Now login : docker login chub.reg.in

Enjoy !!!

Set Up Harbor
Docker Registry With Gui
Using Harbor
Customization
Harbor

--

--

Vineet Kumar

Written by Vineet Kumar

51 Followers

Devops Engineer https://vineetkumar03.github.io

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams