Harbor Container Registry

advanced

Enterprise container registry with security scanning.

Overview

Harbor is an open-source, cloud-native container registry that provides enterprise-grade features for storing, signing, and scanning container images. Originally developed by VMware and now a CNCF graduated project, Harbor extends the standard Docker Registry with security scanning, role-based access control, image replication, and comprehensive audit logging. It has become the go-to solution for organizations requiring a self-hosted container registry with advanced security and governance capabilities. This deployment creates a complete Harbor registry environment using three core services: harbor-core as the main registry application, harbor-db (PostgreSQL) for metadata and configuration storage, and redis for caching and job queuing. The harbor-core service handles image storage, API requests, and web UI functionality, while PostgreSQL maintains user accounts, project configurations, and vulnerability scan results. Redis accelerates performance by caching frequently accessed data and managing background job queues for image scanning and garbage collection tasks. This configuration is ideal for development teams, DevOps engineers, and organizations seeking a private container registry with built-in security features. Unlike hosted solutions, this self-managed Harbor instance provides complete control over your container images, enables compliance with data residency requirements, and offers advanced features like vulnerability scanning with Trivy integration, content signing, and multi-registry replication without per-image costs or bandwidth limitations.

Key Features

Trivy-powered vulnerability scanning with CVE database updates and security policy enforcement
Role-based access control (RBAC) with project-level permissions and LDAP/OIDC integration
Content signing and trust verification using Docker Content Trust and Notary
Image replication across multiple Harbor registries for disaster recovery and geo-distribution
Automated garbage collection with configurable retention policies and storage quota management
Comprehensive audit logging with detailed tracking of user actions and image operations
Project quotas and resource limits with storage usage monitoring and alerts
Webhook notifications for image push/pull events and vulnerability scan results

Common Use Cases

1Enterprise container registry for organizations requiring security scanning and compliance reporting
2Multi-team development environments with project isolation and granular access controls
3CI/CD pipelines needing vulnerability scanning gates before production deployments
4Air-gapped or regulated environments requiring on-premises container image storage
5Multi-site deployments using Harbor replication for image synchronization across regions
6Container image lifecycle management with automated cleanup and retention policies
7Security-focused development workflows requiring signed images and trust verification

Prerequisites

Minimum 4GB RAM recommended (2GB absolute minimum for basic functionality)
Docker Engine 20.10+ and Docker Compose v2 for proper container orchestration
Port 8080 available for Harbor web UI and Docker Registry API access
Sufficient disk space for container images and PostgreSQL database (10GB+ recommended)
Basic understanding of Docker Registry concepts and container image management
Network connectivity for Trivy vulnerability database updates and CVE feeds

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

1services: 
2  harbor-db: 
3    image: goharbor/harbor-db:latest
4    container_name: harbor-db
5    restart: unless-stopped
6    environment: 
7      POSTGRES_PASSWORD: ${DB_PASSWORD}
8    volumes: 
9      - harbor_db:/var/lib/postgresql/data
10
11  harbor-core: 
12    image: goharbor/harbor-core:latest
13    container_name: harbor-core
14    restart: unless-stopped
15    depends_on: 
16      - harbor-db
17      - redis
18    environment: 
19      CONFIG_PATH: /etc/harbor/app.conf
20    ports: 
21      - "8080:8080"
22    volumes: 
23      - harbor_data:/data
24
25  redis: 
26    image: redis:7-alpine
27    container_name: harbor-redis
28    restart: unless-stopped
29    volumes: 
30      - harbor_redis:/data
31
32volumes: 
33  harbor_db: 
34  harbor_data: 
35  harbor_redis:

.env Template

.env

1DB_PASSWORD=changeme
2# Use Harbor installer for full deployment

Usage Notes

1Docs: https://goharbor.io/docs/
2For production use official installer: https://github.com/goharbor/harbor/releases
3Access at http://localhost:8080 - default: admin/Harbor12345
4Image vulnerability scanning with Trivy integration
5Push images: docker tag myimage localhost/library/myimage && docker push localhost/library/myimage
6Replication policies for multi-site registry sync

Individual Services(3 services)

Copy individual services to mix and match with your existing compose files.

harbor-db

harbor-db:
  image: goharbor/harbor-db:latest
  container_name: harbor-db
  restart: unless-stopped
  environment:
    POSTGRES_PASSWORD: ${DB_PASSWORD}
  volumes:
    - harbor_db:/var/lib/postgresql/data

harbor-core

harbor-core:
  image: goharbor/harbor-core:latest
  container_name: harbor-core
  restart: unless-stopped
  depends_on:
    - harbor-db
    - redis
  environment:
    CONFIG_PATH: /etc/harbor/app.conf
  ports:
    - "8080:8080"
  volumes:
    - harbor_data:/data

redis

redis:
  image: redis:7-alpine
  container_name: harbor-redis
  restart: unless-stopped
  volumes:
    - harbor_redis:/data

Quick Start

terminal

1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  harbor-db:
5    image: goharbor/harbor-db:latest
6    container_name: harbor-db
7    restart: unless-stopped
8    environment:
9      POSTGRES_PASSWORD: ${DB_PASSWORD}
10    volumes:
11      - harbor_db:/var/lib/postgresql/data
12
13  harbor-core:
14    image: goharbor/harbor-core:latest
15    container_name: harbor-core
16    restart: unless-stopped
17    depends_on:
18      - harbor-db
19      - redis
20    environment:
21      CONFIG_PATH: /etc/harbor/app.conf
22    ports:
23      - "8080:8080"
24    volumes:
25      - harbor_data:/data
26
27  redis:
28    image: redis:7-alpine
29    container_name: harbor-redis
30    restart: unless-stopped
31    volumes:
32      - harbor_redis:/data
33
34volumes:
35  harbor_db:
36  harbor_data:
37  harbor_redis:
38EOF
39
40# 2. Create the .env file
41cat > .env << 'EOF'
42DB_PASSWORD=changeme
43# Use Harbor installer for full deployment
44EOF
45
46# 3. Start the services
47docker compose up -d
48
49# 4. View logs
50docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal

1curl -fsSL https://docker.recipes/api/recipes/harbor/run | bash

Troubleshooting

Harbor core fails to start with database connection errors: Ensure harbor-db container is fully initialized before harbor-core starts, check DB_PASSWORD environment variable
Image push fails with 'unauthorized' errors: Verify authentication using docker login localhost:8080 with admin/Harbor12345 credentials
Vulnerability scanning not working: Check harbor-core container logs for Trivy database download issues, ensure internet connectivity for CVE updates
Web UI shows 500 internal server errors: Verify redis container is running and accessible, check harbor-core logs for Redis connection failures
Docker daemon cannot connect to registry: Ensure Docker daemon is configured to allow insecure registries for localhost:8080 or configure TLS certificates
Storage space issues with accumulated images: Configure garbage collection policies in Harbor UI under Administration > Garbage Collection

Community Notes

Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

harbor-coreharbor-dbredis

Related Recipes

Ad Space

Shortcuts: C CopyF FavoriteD Download