clion
+
mocha
+
solid
qwik
matplotlib
+
+
?
echo
+
^
+
+
+
astro
elm
cobol
+
+
macos
+
+
+
rollup
ionic
+
+
wasm
ray
django
vim
+
+
perl
+
+
eslint
axum
soap
+
+
oauth
tls
rollup
+
crystal
bash
λ
+
puppet
+
meteor
+
+
xgboost
+
+
macos
zorin
scipy
mocha
+
babel
+
+
pip
+
+
astro
++
+
+
pascal
mvn
yarn
packer
|>
ocaml
d
hugging
+
!==
f#
junit
!!
Back to Blog
⚓ Harbor Container Registry on AlmaLinux: Enterprise-Grade Docker Registry
harbor docker almalinux

⚓ Harbor Container Registry on AlmaLinux: Enterprise-Grade Docker Registry

Published Sep 6, 2025

Master Harbor on AlmaLinux! Learn installation, image management, security scanning, replication, and RBAC. Perfect enterprise container registry solution!

5 min read
0 views
Table of Contents

⚓ Harbor Container Registry on AlmaLinux: Enterprise-Grade Docker Registry

Welcome to enterprise container management! 🎉 Ready to secure and manage your container images like a pro? Harbor is the open-source, trusted cloud-native registry that stores, signs, and scans your containers! It’s the platform that makes Docker registry enterprise-ready! Think of it as your container fortress with built-in security! 🚀✨

🤔 Why is Harbor Important?

Harbor transforms container management! 🚀 Here’s why it’s amazing:

  • 🔒 Security Scanning - Vulnerability detection built-in!
  • ✍️ Image Signing - Ensure image authenticity!
  • 🔄 Replication - Sync across multiple registries!
  • 👥 RBAC - Fine-grained access control!
  • 📦 OCI Support - Store any OCI artifacts!
  • 📊 SBOM Generation - Software bill of materials!

It’s like having DockerHub Enterprise for free! 💰

🎯 What You Need

Before building your container registry, ensure you have:

  • ✅ AlmaLinux 9 server
  • ✅ Root or sudo access
  • ✅ At least 4GB RAM (8GB recommended)
  • ✅ 4 CPU cores minimum
  • ✅ 40GB free disk space
  • ✅ Docker and Docker Compose installed
  • ✅ Love for containers! ⚓

📝 Step 1: System Preparation - Getting Ready!

Let’s prepare AlmaLinux 9 for Harbor! 🏗️

# Update system packages
sudo dnf update -y

# Install Docker
sudo dnf install -y dnf-utils
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install -y docker-ce docker-ce-cli containerd.io

# Start Docker
sudo systemctl start docker
sudo systemctl enable docker

# Verify Docker
docker --version
# Should show: Docker version 24.x.x

# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" \
  -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# Verify Docker Compose
docker-compose --version
# Should show: Docker Compose version v2.x.x

# Add user to docker group
sudo usermod -aG docker $USER
# Log out and back in for group changes

Configure firewall for Harbor:

# Open Harbor ports
sudo firewall-cmd --permanent --add-port=80/tcp    # HTTP
sudo firewall-cmd --permanent --add-port=443/tcp   # HTTPS
sudo firewall-cmd --permanent --add-port=4443/tcp  # Notary
sudo firewall-cmd --reload

# Verify ports
sudo firewall-cmd --list-ports
# Should show: 80/tcp 443/tcp 4443/tcp

Perfect! System is ready! 🎯

🔧 Step 2: Installing Harbor - The Docker Way!

Let’s install Harbor using Docker Compose! 🚀

Download Harbor:

# Create Harbor directory
sudo mkdir -p /opt/harbor
cd /opt/harbor

# Download Harbor installer
HARBOR_VERSION="2.10.0"  # Check latest at https://github.com/goharbor/harbor/releases
wget https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/harbor-offline-installer-v${HARBOR_VERSION}.tgz

# Extract Harbor
tar xzf harbor-offline-installer-v${HARBOR_VERSION}.tgz
cd harbor

# List files
ls -la
# Should show: harbor.yml.tmpl, install.sh, prepare, etc.

Configure Harbor:

# Copy configuration template
cp harbor.yml.tmpl harbor.yml

# Edit configuration
vi harbor.yml

# Key settings to modify:
# hostname: your-server-ip or domain
# http:
#   port: 80
# https:  # Comment out for now if no certificates
#   port: 443
#   certificate: /path/to/cert
#   private_key: /path/to/key
# harbor_admin_password: Harbor12345!
# database:
#   password: root123
# data_volume: /data

Here’s a basic configuration:

# Minimal harbor.yml example
hostname: your-server-ip

http:
  port: 80

harbor_admin_password: Harbor12345!

database:
  password: root123
  max_idle_conns: 100
  max_open_conns: 900

data_volume: /data

trivy:
  ignore_unfixed: false
  skip_update: false
  insecure: false

jobservice:
  max_job_workers: 10

notification:
  webhook_job_max_retry: 10

chart:
  absolute_url: disabled

log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor

🌟 Step 3: Deploy Harbor - Launch Your Registry!

Time to install Harbor! 🎮

Run Installation:

# Prepare Harbor configuration
sudo ./prepare

# Install Harbor with Trivy scanner
sudo ./install.sh --with-trivy

# Installation takes 5-10 minutes
# Watch for completion message:
# ✔ ----Harbor has been installed and started successfully.----

Verify Installation:

# Check running containers
docker-compose ps

# Should see these containers running:
# harbor-core
# harbor-db
# harbor-jobservice
# harbor-log
# harbor-portal
# harbor-redis
# nginx
# registry
# registryctl
# trivy-adapter

# Check logs if needed
docker-compose logs -f

Access Harbor:

# Get your server IP
ip addr show | grep inet

# Access Harbor
# URL: http://your-server-ip
# Username: admin
# Password: Harbor12345!

Dashboard shows:

  • 📊 Projects - Container namespaces
  • 📦 Repositories - Image storage
  • 🔍 Vulnerability - Security scanning
  • 🔄 Replication - Registry sync
  • 👥 Users - Access management

✅ Step 4: Creating Your First Project - Let’s Store Images!

Time to use Harbor! 🎯

Create Project:

  1. Login to Harbor web UI
  2. Click “New Project”
  3. Configure:
    • Project Name: myapp
    • Access Level: Public/Private
    • Storage Quota: -1 (unlimited)
    • Vulnerability Scanning: ✓ Automatically scan
    • Vulnerability Severity: Block images with High severity
  4. Click OK

Configure Docker Client:

# For HTTP (insecure registry)
# Edit Docker daemon config
sudo vi /etc/docker/daemon.json

# Add your Harbor server
{
  "insecure-registries": ["your-server-ip"]
}

# Restart Docker
sudo systemctl restart docker

# Login to Harbor
docker login your-server-ip
# Username: admin
# Password: Harbor12345!

Push Your First Image:

# Pull a test image
docker pull nginx:latest

# Tag for Harbor
docker tag nginx:latest your-server-ip/myapp/nginx:latest

# Push to Harbor
docker push your-server-ip/myapp/nginx:latest

# View in Harbor UI
# Projects → myapp → Repositories → nginx
# Click on tag to see scan results!

🌟 Step 5: Advanced Features - Enterprise Power!

Let’s explore Harbor’s enterprise features! 🎯

Enable Image Signing (Notary):

# Reinstall with Notary
cd /opt/harbor/harbor
sudo ./install.sh --with-trivy --with-notary

# Enable content trust
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://your-server-ip:4443

# Sign and push image
docker push your-server-ip/myapp/nginx:signed
# You'll be prompted to create signing keys

Setup Replication:

  1. Go to AdministrationRegistries

  2. New Endpoint:

    • Provider: Docker Hub / AWS ECR / etc.
    • Name: dockerhub
    • Endpoint URL: https://hub.docker.com
    • Access ID/Secret: Your credentials
  3. Test Connection and OK

  4. Go to ReplicationNew Rule:

    • Name: sync-from-dockerhub
    • Replication Mode: Pull-based
    • Source Registry: dockerhub
    • Source Filter: library/alpine
    • Destination: myapp project
    • Trigger Mode: Manual/Scheduled
  5. Save and Replicate

Configure Webhooks:

# In project settings → Webhooks
# Add webhook for image push events

# Example webhook handler
cat << 'EOF' > /usr/local/bin/harbor-webhook.py
#!/usr/bin/env python3
import json
from flask import Flask, request

app = Flask(__name__)

@app.route('/webhook', methods=['POST'])
def handle_webhook():
    data = json.loads(request.data)
    event_type = data['type']
    
    if event_type == 'PUSH_ARTIFACT':
        repository = data['event_data']['repository']['name']
        tag = data['event_data']['resources'][0]['tag']
        print(f"New image pushed: {repository}:{tag}")
        # Trigger deployment pipeline
    
    return 'OK', 200

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000)
EOF

chmod +x /usr/local/bin/harbor-webhook.py

🎮 Quick Examples

Example 1: Helm Chart Repository

# Enable ChartMuseum in Harbor
cd /opt/harbor/harbor
sudo ./install.sh --with-trivy --with-chartmuseum

# Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

# Add Harbor as Helm repository
helm repo add harbor http://your-server-ip/chartrepo/myapp \
  --username admin --password Harbor12345!

# Push Helm chart
helm package mychart/
helm plugin install https://github.com/chartmuseum/helm-push
helm cm-push mychart-0.1.0.tgz harbor

# Install from Harbor
helm install myrelease harbor/mychart

Example 2: Robot Accounts for CI/CD

# Create robot account in Harbor UI
# Projects → myapp → Robot Accounts → New Robot Account
# Name: jenkins-ci
# Permissions: Push/Pull
# Copy token

# Use in CI/CD pipeline
docker login your-server-ip -u 'robot$jenkins-ci' -p 'robot-token'
docker build -t your-server-ip/myapp/app:${BUILD_NUMBER} .
docker push your-server-ip/myapp/app:${BUILD_NUMBER}

Example 3: Vulnerability Policies

# Create admission webhook for Kubernetes
cat << 'EOF' > harbor-admission.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: harbor-vulnerability-check
webhooks:
  - name: vulnerability.harbor.io
    clientConfig:
      url: "https://your-server-ip/admission/webhook"
    rules:
      - apiGroups: ["apps", ""]
        apiVersions: ["v1"]
        resources: ["deployments", "pods"]
        operations: ["CREATE", "UPDATE"]
    admissionReviewVersions: ["v1", "v1beta1"]
    failurePolicy: Fail
EOF

kubectl apply -f harbor-admission.yaml

# Now Kubernetes will block vulnerable images!

🚨 Fix Common Problems

Problem 1: Cannot Access Web UI

Symptom: Connection refused or timeout 😰

Fix:

# Check if containers are running
cd /opt/harbor/harbor
docker-compose ps

# Restart all services
docker-compose down
docker-compose up -d

# Check nginx logs
docker logs harbor-nginx

# Verify ports
sudo netstat -tlnp | grep -E "80|443"

# Check firewall
sudo firewall-cmd --list-all

Problem 2: Push/Pull Fails

Symptom: Authentication or connection errors 🔐

Fix:

# For "unauthorized" errors
docker logout your-server-ip
docker login your-server-ip

# For certificate errors (HTTPS)
# Copy Harbor CA certificate
sudo mkdir -p /etc/docker/certs.d/your-server-ip
sudo cp /opt/harbor/harbor/ca.crt /etc/docker/certs.d/your-server-ip/

# Restart Docker
sudo systemctl restart docker

# For "insecure registry" errors
echo '{"insecure-registries":["your-server-ip"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker

Problem 3: Storage Full

Symptom: Cannot push images, disk space errors 💾

Fix:

# Check disk usage
df -h /data

# Run garbage collection
# In Harbor UI: Administration → Garbage Collection → Run Now

# Or via API
curl -X POST "http://your-server-ip/api/v2.0/system/gc/schedule" \
  -H "Content-Type: application/json" \
  -u admin:Harbor12345! \
  -d '{"type":"Manual"}'

# Clean up old images
# Set retention policy in project settings

# Expand storage if needed
# Move data volume to larger disk

📋 Simple Commands Summary

TaskCommand/LocationPurpose
Start Harbordocker-compose up -dStart all services
Stop Harbordocker-compose downStop all services
View logsdocker-compose logs -fMonitor logs
Logindocker login your-server-ipAuthenticate
Push imagedocker push your-server-ip/project/image:tagUpload image
Pull imagedocker pull your-server-ip/project/image:tagDownload image
Garbage collectionAdministration → GCClean storage
User managementAdministration → UsersManage users
View vulnerabilitiesProjects → Repositories → ImageSecurity scan

💡 Tips for Success

🚀 Performance Optimization

Make Harbor super fast:

# Increase workers
vi /opt/harbor/harbor/harbor.yml
# jobservice:
#   max_job_workers: 20

# Redis optimization
# redis:
#   registry_db_index: 1
#   jobservice_db_index: 2
#   chartmuseum_db_index: 3
#   trivy_db_index: 5

# PostgreSQL tuning
docker exec -it harbor-db psql -U postgres
ALTER SYSTEM SET shared_buffers = '2GB';
ALTER SYSTEM SET effective_cache_size = '6GB';

# Restart Harbor
cd /opt/harbor/harbor
docker-compose down
docker-compose up -d

🔒 Security Best Practices

Keep Harbor secure:

  1. Enable HTTPS - Use proper certificates! 🔐
  2. LDAP/OIDC - Integrate authentication! 👥
  3. Scan everything - Block vulnerable images! 🔍
  4. Sign images - Use Notary! ✍️
  5. Audit logs - Track all activities! 📝
# Setup HTTPS with Let's Encrypt
sudo dnf install -y certbot
sudo certbot certonly --standalone -d harbor.example.com

# Update harbor.yml
# https:
#   port: 443
#   certificate: /etc/letsencrypt/live/harbor.example.com/fullchain.pem
#   private_key: /etc/letsencrypt/live/harbor.example.com/privkey.pem

# Reconfigure Harbor
./prepare
docker-compose down
docker-compose up -d

📊 Monitoring and Backup

Keep Harbor healthy:

# Backup script
cat << 'EOF' > /usr/local/bin/backup-harbor.sh
#!/bin/bash
BACKUP_DIR="/backup/harbor"
DATE=$(date +%Y%m%d)

mkdir -p $BACKUP_DIR

# Stop Harbor
cd /opt/harbor/harbor
docker-compose down

# Backup data
tar -czf $BACKUP_DIR/harbor-data-$DATE.tar.gz /data
tar -czf $BACKUP_DIR/harbor-config-$DATE.tar.gz /opt/harbor

# Start Harbor
docker-compose up -d

# Keep only last 7 backups
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete

echo "Backup completed!"
EOF

chmod +x /usr/local/bin/backup-harbor.sh
# Add to cron: 0 2 * * * /usr/local/bin/backup-harbor.sh

🏆 What You Learned

You’re now a Harbor expert! 🎓 You’ve successfully:

  • ✅ Installed Harbor on AlmaLinux 9
  • ✅ Configured projects and repositories
  • ✅ Pushed and scanned images
  • ✅ Enabled vulnerability scanning
  • ✅ Set up replication
  • ✅ Implemented image signing
  • ✅ Mastered enterprise registry

Your container registry is enterprise-ready! ⚓

🎯 Why This Matters

Harbor transforms container security! With your registry, you can:

  • 🔒 Secure images - Scan and sign everything!
  • 🔄 Replicate globally - Multi-region support!
  • 👥 Control access - Enterprise RBAC!
  • 📊 Track everything - Complete audit trail!
  • 💰 Save money - Enterprise features free!

You’re not just storing containers - you’re securing your entire container supply chain! Every image is scanned, every push is tracked! 🎭

Keep deploying, keep securing, and remember - with Harbor, container management is enterprise-grade! ⭐

May your images be secure and your deployments smooth! 🚀⚓🙌