Deploy and configure HTTPS Harbor on the air-gapped repository.

Procedure

  1. To run Harbor, download and install Docker Compose. Open a command prompt and run the following command:
    #wget https://github.com/docker/compose/releases/download/1.27.4/docker-compose-Linux-x86_64
    #chmod a+x docker-compose-Linux-x86_64 
    #cp docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
  2. Download and extract the Harbor Offline Installer:
    #mkdir /harbor
    #cd /harbor
    #wget https://github.com/goharbor/harbor/releases/download/v2.1.2/harbor-offline-installer-v2.1.2.tgz
    #tar -zxf harbor-offline-installer-v2.1.2.tgz
  3. Configure HTTPS access to Harbor. For configuration steps, see https://goharbor.io/docs/2.1.0/install-config/configure-yml-file/.
    Note:
    • You can use certificates that are signed by a trusted third-party Certificate Authority (CA), or you can use self-signed certificates. For information about creating and using a CA certificate to sign a server and client certificate, see https://goharbor.io/docs/2.1.0/install-config/configure-https/.
    • For this example, we use a self-signed certificate.
  4. Extract Harbor. Run the following command:
    #cd /harbor/harbor
    #cp harbor.yml.tmpl harbor.yml
  5. Using a preferred editor, edit the harbor.yml file:
    # setup hostname, generally set to FQDN name
    hostname: <replace-with-custom-FQDN>
    # http related config
    http:
      # port for http, default is 80. If https enabled, this port will redirect to https port
      port: 8001 <<<< specify http port to listening 
    
    # https related config
    https
       # https port for harbor, default is 443
      port: 8043 <<<< specify https port to listening
       # The path of cert and key files for nginx
      certificate: /etc/docker/certs.d/<replace-with-custom-FQDN>[:8043]*/<replace-with-custom-FQDN>.cert
      private_key: /etc/docker/certs.d/<replace-with-custom-FQDN>[:8043]*/<replace-with-custom-FQDN>.key
    Note: Set Harbor's Nginx listening on 8001 (HTTP) and 8043 (HTTPS). Or, specify the ports that work in your environment. Set aside ports 80 and 443 for the Nginx system. The Nginx system forwards access requests to Harbor automatically.
    Note: For self-signed certificates, you require the port number when creating a folder. You do not require the port number when using commercial certificates.
  6. Switch to the extracted Harbor folder, edit the prepare file, and then install Harbor:
    Note: Docker Hub has a pull rate limitation that may prevent images from downloading. To prevent this, VMware provides a public repository to fetch the required images from Docker Hub.
    Run the following command:
    #cd /harbor/harbor
    #vi prepare
    
    1. In the VI editor, enter /goharbor and search for goharbor/prepare:v2.1.2 prepare $@ .
    2. Press I and modify this line to vmwtec.jfrog.io/registry/goharbor/prepare:v2.1.2 prepare $@. Press Enter and type :wq to save the file.
    3. Run the following command:
      #./prepare
      #./install.sh
  7. Stop and restart Harbor:
    Stop Harbor:
    #docker-compose down -v
    Restart Harbor:
    #docker-compose up -d
    You must be able to log in to Harbor if it restarts successfully.
  8. Log in to Harbor from the Docker client:
    #docker login <harbor_FQDN>:8043   //harbor FQDN is hostname defined in harbor.yml
  9. Create a Harbor registry project:
    1. Open a browser on a client system that can access the air-gapped repository and enter the Harbor FQDN name.
    2. Log in to Harbor.
    3. From the left navigation pane, click Projects and then click New Project.
    4. Provide the name of the project as registry and select the Access Level as Public.
    5. Click OK.
    6. Select library as the default project and click Delete. Click Delete again for confirmation.
  10. Add the Harbor systemd service so that Harbor autostarts on boot.
    #cd /etc/systemd/system
    1. Add the Harbor service file:
      #vi harbor.service
      [Unit]
      Description=Harbor
      After=docker.service systemd-networkd.service systemd-resolved.service
      Requires=docker.service
      Documentation=http://github.com/vmware/harbor
      
      [Service]
      Type=simple
      Restart=on-failure
      RestartSec=5
      ExecStart=/usr/local/bin/docker-compose -f /harbor/harbor/docker-compose.yml up
      ExecStop=/usr/local/bin/docker-compose -f /harbor/harbor/docker-compose.yml down
      
      [Install]
      WantedBy=multi-user.target
      
    2. Save the file and enable Harbor service:
      #chmod 644 harbor.service
      #systemctl daemon-reload
      #systemctl enable harbor
    3. To check the status of Harbor, run:
      #systemctl status harbor