Skip to content

Instantly share code, notes, and snippets.

@gigovich

gigovich/README.md

Last active October 27, 2021 02:18
Show Gist options
  • Save gigovich/e3d631162f1641bbb3dce9a7add77ded to your computer and use it in GitHub Desktop.
Save gigovich/e3d631162f1641bbb3dce9a7add77ded to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Install Harbor with external components

Agenda

Harbor is modern docker register, and help packages repositore. In this guide we will setup it on the bare metal with nginx reverse proxy, Docker, and docker-compose (your should have installed them on the your host machine).

Obtain Let's encrypt certificates

Let's setup host nginx:

$ cd /etc/nginx/sites-available/
$ cat << EOF >> <REGISTRY_HOST>
server {
        server_name registry.devinlab.com;

        location / {
                try_files $uri $uri/ =404;
        }

        listen 95.216.18.183:443 ssl;
}
EOF
$ cd ../sites-enabled/
$ ln -s ../sites-available/<REGISTRY_HOST>
$ systemctl reload nginx

Exec certbot to obtain certificate fot <REGISTRY_HOST>. After that you can find certificates in the folder which certbot set in the ssl_certificate otption /etc/nginx/sites-available/<REGISTRY_HOST> file.

Download Harbor

Download Harbor latest online installer release as tgz archive to the host machine here and untar it. Example:

wget https://github.com/goharbor/harbor/releases/download/v1.10.6/harbor-online-installer-v1.10.6.tgz
tar xvf harbor-online-installer-v1.10.6.tgz

We use /opt/ as base path for Harbor setup files. So let's copy untared directory there:

$ sudo mv harbor /opt/

Modify setup config

Please open for edit harbor.yaml in the /opt/harbor/harbor.yaml and set this values:

Hostname for registry: hostname: localhost And external host for reverse proxy: external_url: <REGISTRY_DOMAIN>

Internal nginx, bind porst:

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port  port: 15080
  port: 15080
  
# https related config
https:
  # https port for harbor, default is 443
  port: 15443
  # The path of cert and key files for nginx
  certificate: <CERT_FROM_HOST_NGINX_FILE>
  private_key: <CERT_KE_FROM_HOST_NGINX_FILE>

We use here 15443 port to reverse proxy host nginx on it.

Harbor generated database password, any your value:

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: <YOUR_PASSWORD>

Setup reverse proxy

On the host machine we can setup nginx reverse proxy now. Open /etc/nginx/sites-available/<REGISTRY_HOST>, and modify location section to something like this:

        location / {
            proxy_pass                https://localhost:15443;
            proxy_ssl_certificate     /etc/letsencrypt/live/<REGISTRY_DOMAIN>/fullchain.pem;
            proxy_ssl_certificate_key /etc/letsencrypt/live/<REGISTRY_DOMAIN>/privkey.pem; 
            proxy_ssl_session_reuse   on;
        }

And reload configuration:

$ sudo systemctl reload nginx

Run install

It's simple bash script which uses harbor.yaml as config:

$ sudo -i
# cd /opt/harbor
# ./install.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment