Setting Up Harbor Container Registry
Harbor is an open-source container registry that provides image management, vulnerability scanning, and access control. Running your own registry on a Breeze gives you full control over your container images.
Prerequisites
- A Breeze with at least 4 GB RAM and 40 GB storage
- Docker and Docker Compose installed
- A valid SSL certificate or a domain with Let's Encrypt
Download and Configure
wget https://github.com/goharbor/harbor/releases/download/v2.11.0/harbor-online-installer-v2.11.0.tgz
tar xzf harbor-online-installer-v2.11.0.tgz
cd harbor
cp harbor.yml.tmpl harbor.ymlEdit harbor.yml with your settings:
hostname: registry.example.com
https:
certificate: /etc/letsencrypt/live/registry.example.com/fullchain.pem
private_key: /etc/letsencrypt/live/registry.example.com/privkey.pem
harbor_admin_password: YourSecurePassword
database:
password: db_secure_passwordInstall and Start
sudo ./install.sh --with-trivyThe --with-trivy flag enables built-in vulnerability scanning for all pushed images.
Push an Image
docker login registry.example.com
docker tag my-app:latest registry.example.com/myproject/my-app:latest
docker push registry.example.com/myproject/my-app:latestFeatures
- Role-based access control per project
- Automated vulnerability scanning on push
- Image replication across multiple registries
- Audit logging for compliance tracking