In this tutorial, we'll learn how to install and configure Harbor on AlmaLinux 10.
Harbor has slowly become the grown-up in the container registry room. When teams outgrow the limitations of the basic Docker Registry and want RBAC, vulnerability scanning, replication, HA, and proper enterprise controls, Harbor steps in like the responsible adult nobody asked for but everyone ends up relying on.
If you're running a hosting company, data center, or DevOps stack that needs a private, secure, and scalable registry, Harbor is the answer. Below is a full, production-grade guide to install and configure Harbor as a private container registry on AlmaLinux 10.
Why Harbor?
Harbor is an open-source cloud-native registry maintained by the CNCF. It adds critical features such as:
- Role-based access control (RBAC)
- Image replication between multiple registries
- CVE vulnerability scanning
- Project-based isolation
- OAuth/LDAP authentication
- Policy-based retention
- Notary for image signing
- HTTPS + certificate management
- High availability support
Perfect for enterprises, SRE teams, hosting providers, and DevOps pipelines that need more than “just push your image here and hope for the best.”
Prerequisites
Before we begin, ensure we have the following:
- An AlmaLinux 10 on dedicated server or KVM VPS.
- Basic Linux Command Line Knowledge.
- A domain name pointing A record to server IP.
How to Install Harbor on AlmaLinux 10
1. Install Docker
Set up the repository
sudo dnf -y install dnf-plugins-coresudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
To install the latest version, run:
sudo dnf install docker-ce
Enable Docker
sudo systemctl enable --now docker
Download and Install Harbor (Harbor installation guide)
1. Download Harbor Installer
For latest stable version, visit official Github repository.
wget https://github.com/goharbor/harbor/releases/download/v2.14.0/harbor-online-installer-v2.14.0.tgz
Extract it:
tar -xvf harbor-online-installer-v2.14.0.tgz
cd harbor
2. Configure Firewall
Harbor use 80 and 443 ports.
sudo firewall-cmd --add-port={80,443}/tcp --permanent
sudo firewall-cmd --reload
3. Generate SSL Certificates (Harbor registry HTTPS)
You must run Harbor on HTTPS if you want your Kubernetes clusters or Docker clients to trust it.
Create directories
sudo mkdir -p /data/certs
Install Certbot
sudo dnf install certbot -y
Obtain the SSL Certificate (Standalone Mode)
Replace with your real Harbor domain:
sudo certbot certonly --standalone -d registry.example.com
This spins up a temporary ACME server on port 80 → validates → installs cert here:
/etc/letsencrypt/live/registry.example.com/fullchain.pem
/etc/letsencrypt/live/registry.example.com/privkey.pem
Copy certificates:
cp /etc/letsencrypt/live/registry.example.com/fullchain.pem /etc/letsencrypt/live/registry.example.com/privkey.pem /data/certs/
4. Configure Harbor (Harbor configuration steps)
Inside the extracted Harbor folder:
cd ~/harbor
cp harbor.yml.tmpl harbor.yml
Edit the main config:
sudo nano harbor.yml
Important fields:
hostname: registry.example.com
http:
port: 80
https:
port: 443
certificate: /data/certs/fullchain.pem
private_key: /data/certs/privkey.pem
harbor_admin_password: StrongAdminPassword123!
database:
password: StrongDBPassword123!
external_url: https://registry.example.com
Save and exit.
Install Harbor
Run the installer:
sudo ./install.sh
If everything goes well, Harbor will spin up around 10 containers:
docker ps
5. Access Harbor Web UI
Navigate to:
https://registry.example.com
Default credentials:
username: admin
password: StrongAdminPassword123!
Push and Pull Workflow (Deploy Harbor on AlmaLinux)
Login from Docker client:
docker login registry.example.com
Tag image:
docker tag nginx:latest registry.example.com/library/nginx:latest
Push image:
docker push registry.example.com/library/nginx:latest
Pull image:
docker pull registry.example.com/library/nginx:latest
Enable Vulnerability Scanning
Harbor integrates Trivy for CVE scanning.
Steps:
- Go to Administration → Scanners
- Set Trivy as the default
- Enable “Prevent vulnerable images from pulling” (optional)
- Scan image manually or schedule scanning
Conclusion
Harbor takes your private container registry from hobby-level to production-grade. With HTTPS, RBAC, vulnerability scanning, replication, and a polished UI, it's built for real-world DevOps use.
By following this guide, you now have a fully operational Harbor registry running on AlmaLinux 10, ready for Kubernetes clusters, CI/CD pipelines, and large-scale deployments. If you're running a hosting business or a data center, Harbor should be one of the first tools in your infrastructure toolbox.
FAQs
1. Is Harbor better than Docker Registry?
Yes. Docker Registry is minimal and lacks RBAC, UI, CVE scanning, and replication. Harbor is enterprise-ready.
2. Does Harbor require HTTPS?
Yes. Docker and Kubernetes clients refuse insecure registries unless you manually override settings. Use HTTPS.
3. Does Harbor support Notary image signing?
Yes. You can enable Notary to sign and verify images to prevent tampering.
4. Can Harbor be used in Kubernetes?
Absolutely. Harbor is widely used as a private registry backend for Kubernetes clusters.
5. What ports does Harbor use?
443 (HTTPS)
80 (HTTP)
Additional internal ports for services (Redis, DB)
