How To Install Harbor Docker Image Registry on CentOS / Debian / Ubuntu


(: August 12, 2019)

Harbor is an open-source cloud native registry that stores, signs, and scans container images for vulnerabilities. If you’re looking for enterprise Docker image registry, then Harbor is the right tool for you. It has some of the best features only available in commercial Registry products like Quay.

Harbor fills a gap for applications and organizations that cannot use a public or cloud-based registry. You’ll enjoy a consistent experience across all clouds platforms. This guide will walk you through the installation of Harbor on any system with Docker support.

Features of Harbor Registry

  • Multi-tenant support
  • Security and vulnerability analysis support
  • Extensible API and web UI
  • Content signing and validation
  • ​Image replication across multiple Harbor instances
  • ​Identity integration and role-based access control

What You’ll Need

You need an operating system with support for docker and following system requirements:{text-align:left} img{margin:0 auto 0 0}


Resource Capacity Description
CPU minimal 2 CPU 4 CPU is preferred
Mem minimal 4GB 8GB is preferred
Disk minimal 40GB 160GB is preferred


Software Version
Docker engine version 17.06.0-ce+ or higher
Docker Compose version 1.18.0 or higher
Openssl latest is preferred

Network ports

Port Protocol
4443 HTTPS

Let’s now start the installation of Harbor on Linux system – CentOS, Ubuntu & Debian Linux distribution.

Step 1: Install Docker Engine

Follow our guides below on installation of Docker Engine.

Install Docker and Docker Compose on Debian 10 Buster

How to install Docker CE on Ubuntu / Debian / CentOS 

How to install Docker on Fedora

Step 2: Install Docker Compose

Our next installation is for docker-compose command. This is not available on system repositories. Follow instructions shared in our previous guide below.

How To Install Latest Docker Compose on Linux

Step 3: Download and Install Harbor

Download harbor

curl -s | grep -o 'https://storage[a-zA-Z.-]*/[a-zA-Z0-9+-]*/[a-zA-Z0-9.+-]*/[a-zA-Z0-9.+-]*' | wget -qi -

You can also pull the latest Harbor release from the downloads page.

Unpack downloaded Harbor file.

tar xvzf harbor-offline-installer*.tgz

Change into harbor created after file unpacking.

cd harbor

Harbor Installation without SSL

In the first setup, we’ll consider installation without TLS/SSL. Edit harbor configuration file, and set like below.

$ nano harbor.yml
# The IP address or hostname to access admin UI and registry service.

harbor_admin_password: [email protected]$d

# Harbor DB configuration
  password: [email protected]$d

Harbor Installation with Let’s Encrypt SSL

if your server has a public IP, you can use Let’s Encrypt free SSL certificate.

Start by installing certbot-auto tool.

chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin

Then obtain SSL certificate.

export DOMAIN=""
export EMAIL="[email protected]"
certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring

Configure https related config.

harbor_admin_password: [email protected]$d

# Harbor DB configuration
  password: [email protected]$d

  port: 80

  port: 443
  certificate: /etc/letsencrypt/live/
  private_key: /etc/letsencrypt/live/

Install Harbor Docker image registry

Once harbor.yml and storage backend (optional) are configured, install and start Harbor using the script. 

$ sudo ./

Note that the default installation does not include Notary or Clair service. These services are used for vulnerability scanning.

To see installer options, run:

$ ./ --help
Note: Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https. 
Please set --with-clair if needs enable Clair in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor

Example, enable Clair and Chartmuseum:

$ sudo ./ -with-notary --with-clair --with-chartmuseum

To include Notary service, you must enable and configure https in harbor.yml.

[Step 0]: checking installation environment ...

Note: docker version: 19.03.1

Note: docker-compose version: 1.24.1

[Step 1]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v1.8.1
Loaded image: goharbor/harbor-registryctl:v1.8.1
Loaded image: goharbor/redis-photon:v1.8.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.1
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.1
Loaded image: goharbor/harbor-db:v1.8.1
Loaded image: goharbor/harbor-jobservice:v1.8.1
Loaded image: goharbor/nginx-photon:v1.8.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1
Loaded image: goharbor/harbor-migrator:v1.8.1
Loaded image: goharbor/prepare:v1.8.1
Loaded image: goharbor/harbor-portal:v1.8.1
Loaded image: goharbor/harbor-log:v1.8.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.1
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1

[Step 2]: preparing environment ...
prepare base dir is set to /root/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Create config folder: /config/chartserver
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[Step 3]: starting Harbor ...

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at 
For more details, please visit .

Harbor log files are stored in the directory /var/log/harbor/:

$ ls -1 /var/log/harbor/

Step 4: Access Harbor

After the installation has succeeded, access Harbor web console on https://registry_domain.

Login with:

Username: admin
Password: Set-in-harbor.yml

You should get to Harbor web dashboard.

With Let’s Encrypt SSL:

Step 5: Managing Harbor’s lifecycle

List running Harbor service containers:

$ sudo docker-compose ps
      Name                     Command                  State                 Ports          
chartmuseum         /            Up (healthy)   9999/tcp                 
clair               /            Up (healthy)   6060/tcp, 6061/tcp       
harbor-core         /harbor/                 Up (healthy)                            
harbor-db           / postgres          Up (healthy)   5432/tcp                 
harbor-jobservice   /harbor/                 Up                                      
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)>10514/tcp
harbor-portal       nginx -g daemon off;             Up (healthy)   80/tcp                   
nginx               nginx -g daemon off;             Up (healthy)>80/tcp       
redis      redis ...   Up             6379/tcp                 
registry            / /etc/regist ...   Up (healthy)   5000/tcp                 
registryctl         /harbor/                 Up (healthy)              

You can use docker-compose to manage the lifecycle of Harbor. See examples below.

Stopping Harbor:

$ sudo docker-compose stop
topping nginx             ...
Stopping harbor-jobservice ... done
Stopping harbor-portal     ... done
Stopping clair             ... done
Stopping chartmuseum       ... done
Stopping harbor-core       ... done
Stopping harbor-db         ... done
Stopping redis             ... done
Stopping registry          ... done
Stopping registryctl       ... done
Stopping harbor-log        ... done

Restarting Harbor after stopping:

$ sudo docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done
Starting clair       ... done
Starting chartmuseum ... done

Updating Harbor’s configuration:

To change Harbor’s configuration, first, stop existing Harbor instance and update harbor.yml. Then run prepare script to populate the configuration. Then re-create and start Harbor’s instance:

$ sudo docker-compose down -v
$ nano harbor.yml
$ sudo prepare
$ sudo docker-compose up -d

When Harbor is installed with Notary, Clair and chart repository service:

$ sudo docker-compose down -v
$ nano harbor.yml
$ sudo ./prepare --with-notary --with-clair --with-chartmuseum
$ sudo docker-compose up -d

For troubleshooting, check the log file of container service in question in directory /var/log/harbor.

$ tail -n 100 /var/log/harbor/clair.log

Visit Harbor user guide page to learn more on usage.

More Harbor guides:

How To Integrate Harbor Registry With LDAP for user Authentication

How To Prevent users from Creating Projects in Harbor registry

Similar articles:

How To Setup Red Hat Quay Registry on CentOS / RHEL / Ubuntu

Install and Use Docker Registry on Fedora

Install and Configure Docker Registry on CentOS 7{text-align:left} img{margin:0 auto 0 0}

Comments are closed, but trackbacks and pingbacks are open.