Dokcer Operation and Maintenance-Harbor Private Warehouse Actual Combat

Dokcer Operation and Maintenance-Harbor Private Warehouse Actual Combat

1. Harbor overview

Harbor can provide a visual web management interface, which can facilitate the management of Docker images, and provides mirror rights management and control functions for multiple projects

Advantages of Harbor

  1. Role-based control : There are administrators and ordinary users, and ordinary users can be empowered. For example, they can only upload and download, and can operate and manage according to the project.
  2. Mirror-based replication strategy : also related to permissions, for example, only some users and groups can perform corresponding operations on this project
  3. Support LDAP/AD : domain control, such as Nanjing to download
    the mirror image of Beijing harbor private warehouse, the two ends are marked with the address of the local area network, and they are connected together. The transmission of data information will pass through a tunnel with two layers of encryption. The first layer is tunnel encryption. , The second layer is data encryption, safe and reliable
  4. Image deletion and garbage collection : the recycle bin mechanism
  5. Graphical UI : with statistical functions, such as traffic and mirror download popularity
  6. Auditing : Logs are of little significance here, mainly relying on ELK
  7. RESTful API : Defines the format of the Web language specification, which is convenient to call Harbor's interface, and is also convenient for secondary development

2. The core components of Harbor


A front-end reverse proxy uniformly receives
requests from browsers and Docker clients , and forwards the requests to different back-end services.
This is a reverse proxy component


Responsible for storing Docker images and
processing docker push/pull commands to upload and download

3.Core services

The core functions of Harbor, including UI, webhook, token service

webhook: some service functions of the website

token: token, providing authentication service


Provide database services for core services. Database
record mirroring meta-information and user identity information

5.Log collector

Responsible for collecting logs of other components for analysis,
health checks, etc.

3. Harobor Private Warehouse Actual Combat

HostIP addressSoftware package
server192.168.0.100docker-ce, docker-compose, harbor

① Environmental configuration

Install Docker-CE [ both are required ]
Install Docker-Compose [server]

curl -L`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose 
docker-compose --version

② Deploy harbor

Harbor official download address

tar -zxvf harbor-offline-installer-v2.2.2.tgz -C /usr/local

cd /usr/local/harbor

mv harbor.yml.tmpl harbor.yml
vim harbor.yml
#vim harbor.cfg

hostname =


③ Check Harbor status

docker images
docker ps -a

④ New project for testing

Server test

Visit the Harbor site:

Account : admin
Password : Harbor12345

Operation in Harbor server console

docker login -u admin -p Harbor12345
docker pull cirros
docker tag cirros:latest
docker push

Return to the page site to view the project

Client test

vim /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry --containerd=/run/containerd/containerd.sock

systemctl daemon-reload
systemctl restart docker

docker login -u admin -p Harbor12345

docker pull cirros
docker tag cirros:latest
docker push