Harbor is modern docker register, and help packages repositore. In this guide we will setup it on the bare metal with nginx reverse proxy, Docker, and docker-compose (your should have installed them on the your host machine).
Let's setup host nginx:
$ cd /etc/nginx/sites-available/
$ cat << EOF >> <REGISTRY_HOST>
server {
server_name registry.devinlab.com;
location / {
try_files $uri $uri/ =404;
}
listen 95.216.18.183:443 ssl;
}
EOF
$ cd ../sites-enabled/
$ ln -s ../sites-available/<REGISTRY_HOST>
$ systemctl reload nginx
Exec certbot to obtain certificate fot <REGISTRY_HOST>
. After that you can find certificates in the folder which certbot set in the ssl_certificate
otption /etc/nginx/sites-available/<REGISTRY_HOST>
file.
Download Harbor latest online installer release as tgz
archive to the host machine here and untar it. Example:
wget https://github.com/goharbor/harbor/releases/download/v1.10.6/harbor-online-installer-v1.10.6.tgz
tar xvf harbor-online-installer-v1.10.6.tgz
We use /opt/
as base path for Harbor setup files. So let's copy untared directory there:
$ sudo mv harbor /opt/
Please open for edit harbor.yaml
in the /opt/harbor/harbor.yaml
and set this values:
Hostname for registry:
hostname: localhost
And external host for reverse proxy:
external_url: <REGISTRY_DOMAIN>
Internal nginx, bind porst:
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port port: 15080
port: 15080
# https related config
https:
# https port for harbor, default is 443
port: 15443
# The path of cert and key files for nginx
certificate: <CERT_FROM_HOST_NGINX_FILE>
private_key: <CERT_KE_FROM_HOST_NGINX_FILE>
We use here 15443 port to reverse proxy host nginx on it.
Harbor generated database password, any your value:
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: <YOUR_PASSWORD>
On the host machine we can setup nginx reverse proxy now. Open /etc/nginx/sites-available/<REGISTRY_HOST>
, and modify location
section to something like this:
location / {
proxy_pass https://localhost:15443;
proxy_ssl_certificate /etc/letsencrypt/live/<REGISTRY_DOMAIN>/fullchain.pem;
proxy_ssl_certificate_key /etc/letsencrypt/live/<REGISTRY_DOMAIN>/privkey.pem;
proxy_ssl_session_reuse on;
}
And reload configuration:
$ sudo systemctl reload nginx
It's simple bash script which uses harbor.yaml
as config:
$ sudo -i
# cd /opt/harbor
# ./install.sh