Summary:
Harbor Enterprise Registry is a server for storing and distributing Docker mirrored by adding features necessary for some companies, such as security, identity management, and extends the open source Docker Distribution. As a private enterprise server Registry, Harbor provides better performance and security. Registry user build and enhance the efficiency of the runtime environment of the transmission image. Harbor mirror resources to support replication of nodes installed in multiple Registry, mirroring all saved in a private Registry, ensure data and intellectual property in the company's internal network management and control. In addition, Harbor also provides advanced security features, such as user management, access control and auditing activities
official website address: http://vmware.github.io/harbor/index_cn.html
official github Address: https://github.com / vmware / harbor
Harbor Official Features:
Role-based access control - users and Docker mirror warehouse organization and management through the "Project", a user can have multiple mirror warehouse different permissions in the same namespace (project).
Mirroring - mirroring replication (synchronized) at the plurality of instances Registry. Particularly suitable for load balancing, high availability, and hybrid cloud cloudy scene.
Graphical User Interface - Users can browse through the browser, retrieves the current mirror Docker warehouse, manage projects and namespaces.
AD / LDAP support - Harbor can be integrated within the enterprise existing AD / LDAP, for authentication and authorization management.
Audit Management - all operating on the mirror repository can be recorded retroactively for audit management.
Internationalization - already has localized versions in English, Chinese, German, Japanese and Russian. More languages will be added.
RESTful API - RESTful API provided to the administrator Harbor for more control, and other management software integration makes it easier.
Simple deployment - providing both online and offline tools installed, you can install the vSphere platform (OVA way) virtual device.
Distributed cluster deployment Harbor1.75
Preparing the Environment
系统:centos7.6
关闭防火墙:systemctl stop firewalld
关闭selinux:setenforce 0
node1 IP:192.168.8.156
node2 IP:192.168.8.134Installation docker
1 server
[root@node1 ~]#yum install docker -y
[root@node1 ~]#vim /lib/systemd/system/docker.service
#在此行末尾添加本机IP地址
14:ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.8.156
[root@node1 ~]#systemctl start docker
[root@node1 ~]#systemctl enable dockerServer 2
[root@node2 ~]#yum install docker -y
[root@node2 ~]#vim /lib/systemd/system/docker.service
14:ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.8.134
[root@node2 ~]#systemctl start docker
[root@node2 ~]#systemctl enable dockerHarbor offline download the installation package
The official installation documentation: https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
server 1
[root@node1 ~]#cd /usr/local/src/
[root@node1 harbor]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgzServer 2
[root@node2 ~]#cd /usr/local/src/
[root@node2 harbor]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgzConfiguration Harbor
1 server
[root@node1 ~]#cd /usr/local/harbor/
[root@node1 harbor]#tar xvf harbor-offline-installer-v1.7.5.tgz
[root@node1 harbor]#vim harbor.cfg
[root@node1 harbor]# grep "^[a-Z]" harbor.cfg
#本机IP地址
hostname = 192.168.8.156
#通讯传输协议
ui_url_protocol = http
max_job_workers = 10
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
log_rotate_count = 50
#日志滚动大小
log_rotate_size = 200M
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,core,registry
#设置通知邮箱地址,也可在web界面设置
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
email_insecure = false
#设置登录密码
harbor_admin_password = 123456
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 2
ldap_timeout = 5
ldap_verify_cert = true
ldap_group_basedn = ou=group,dc=mydomain,dc=com
ldap_group_filter = objectclass=group
ldap_group_gid = cn
ldap_group_scope = 2
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = postgresql
db_password = root123
db_port = 5432
db_user = postgres
redis_host = redis
redis_port = 6379
redis_password =
redis_db_index = 1,2,3
clair_db_host = postgresql
clair_db_password = root123
clair_db_port = 5432
clair_db_username = postgres
clair_db = postgres
clair_updaters_interval = 12
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
registry_storage_provider_name = filesystem
registry_storage_provider_config =
registry_custom_ca_bundle =
[root@node1 harbor]#./install.sh
#启动后会下载很多镜像,需要等待一些时间
[Step 0]: checking installation environment ...
Note: docker version: 18.09.7
Note: docker-compose version: 1.18.0
[Step 1]: loading Harbor images ...
f60840e24dbf: Loading layer [==================================================>] 33.23MB/33.23MB
ea7b46fcd541: Loading layer [==================================================>] 8.959MB/8.959MB
79b1bab71f92: Loading layer [==================================================>] 15.6MB/15.6MB
e44aff944dd8: Loading layer [==================================================>] 18.94kB/18.94kB
7f6318c65689: Loading layer [==================================================>] 15.6MB/15.6MB
Loaded image: goharbor/harbor-adminserver:v1.7.5
[Step 0]: checking installation environment ...2 Server Configuration
[root@node2 ~]#cd /usr/local/harbor/
[root@node2 harbor]#tar xvf harbor-offline-installer-v1.7.5.tgz
[root@node2 harbor]#vim harbor.cfg
[root@node2 harbor]# grep "^[a-Z]" harbor.cfg
hostname = 192.168.8.134
ui_url_protocol = http
max_job_workers = 10
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
log_rotate_count = 50
log_rotate_size = 200M
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,core,registry
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
email_insecure = false
harbor_admin_password = 123456
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 2
ldap_timeout = 5
ldap_verify_cert = true
ldap_group_basedn = ou=group,dc=mydomain,dc=com
ldap_group_filter = objectclass=group
ldap_group_gid = cn
ldap_group_scope = 2
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = postgresql
db_password = root123
db_port = 5432
db_user = postgres
redis_host = redis
redis_port = 6379
redis_password =
redis_db_index = 1,2,3
clair_db_host = postgresql
clair_db_password = root123
clair_db_port = 5432
clair_db_username = postgres
clair_db = postgres
clair_updaters_interval = 12
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
registry_storage_provider_name = filesystem
registry_storage_provider_config =
registry_custom_ca_bundle =
[root@node2 harbor]#./install.shNote:
If the following message appears
[root@node1 harbor]#./install.sh
Note: docker version: 18.09.7
✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again.You need to install execution
[root@node1 ~]#yum -y install docker-composeLogin web interface to configure
Account is admin, password is the password set in the configuration file in 
the new project 
here to write public or private, the latter can also be changed 
to create a replication target 
fill you want to copy the host IP, and does not start Remote Authentication certificate 
created
Upload mirror node1 node and validate
Login harbor Account
[root@node1 ~]#docker login 192.168.8.156
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login SucceededUpload Mirror Test
[root@node1 ~]#docker tag test/nginx:v1 192.168.8.156/myimage/nginx:v1
[root@node1 ~]#docker push 192.168.8.156/myimage/nginx:v1Harbor common operations
Download harbor Mirror
[root@node1 ~]#docker login 192.168.8.156
[root@node1 ~]#docker pull 192.168.8.156/myimage/nginx:v1Stop and close the harbor
[root@node1 ~]#cd /usr/local/src/harbor/
[root@node1 harbor]#docker-compose stop
[root@node1 harbor]#docker-compose startNote: You must enter the implementation of this directory, or an error occurs
[root@node1 ~]#docker-compose start
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml