Install Harbor on Ubuntu 24.04

In this tutorial, we'll learn how to install and configure Harbor on Ubuntu 24.04.

Harbor has slowly become the grown-up in the container registry room. When teams outgrow the limitations of the basic Docker Registry and want RBAC, vulnerability scanning, replication, HA, and proper enterprise controls, Harbor steps in like the responsible adult nobody asked for but everyone ends up relying on.

If you're running a hosting company, data center, or DevOps stack that needs a private, secure, and scalable registry, Harbor is the answer. Below is a full, production-grade guide to install and configure Harbor as a private container registry on Ubuntu 24.04.

Why Harbor?

Harbor is an open-source cloud-native registry maintained by the CNCF. It adds critical features such as:

• Role-based access control (RBAC)
• Image replication between multiple registries
• CVE vulnerability scanning
• Project-based isolation
• OAuth/LDAP authentication
• Policy-based retention
• Notary for image signing
• HTTPS + certificate management
• High availability support

Perfect for enterprises, SRE teams, hosting providers, and DevOps pipelines that need more than “just push your image here and hope for the best.”

Prerequisites

Before we begin, ensure we have the following:

• An Ubuntu 24.04 on dedicated server or KVM VPS.
• Basic Linux Command Line Knowledge.
• A domain name pointing A record to server IP.

How to Install Harbor on Ubuntu 24.04

1. Install Docker

sudo apt update && sudo apt upgrade -y
sudo apt install ca-certificates curl gnupg lsb-release -y

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] \
  https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" |
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Enable Docker

sudo systemctl enable --now docker

Download and Install Harbor (Harbor installation guide)

1. Download Harbor Installer

For latest stable version, visit official Github repository. 

wget https://github.com/goharbor/harbor/releases/download/v2.14.0/harbor-online-installer-v2.14.0.tgz

Extract it:

tar -xvf harbor-online-installer-v2.14.0.tgz
cd harbor

2. Configure Firewall

Harbor use 80 and 443 ports.

ufw allow 80,433/tcp
ufw reload

3. Generate SSL Certificates (Harbor registry HTTPS)

You must run Harbor on HTTPS if you want your Kubernetes clusters or Docker clients to trust it.

Create directories

sudo mkdir -p /data/certs
cd /data/certs

Install Certbot

sudo apt update
sudo apt install certbot -y

Obtain the SSL Certificate (Standalone Mode)

Replace with your real Harbor domain:

sudo certbot certonly --standalone -d registry.example.com

This spins up a temporary ACME server on port 80 → validates → installs cert here:

/etc/letsencrypt/live/registry.example.com/fullchain.pem
/etc/letsencrypt/live/registry.example.com/privkey.pem

Copy certificates:

cp /etc/letsencrypt/live/registry.example.com/fullchain.pem /etc/letsencrypt/live/registry.example.com/privkey.pem /harbor/certs/

4. Configure Harbor (Harbor configuration steps)

Inside the extracted Harbor folder:

cd ~/harbor
cp harbor.yml.tmpl harbor.yml

Edit the main config:

sudo nano harbor.yml

Important fields:

hostname: registry.example.com

http:
  port: 80

https:
  port: 443
  certificate: /data/certs/fullchain.pem
  private_key: /data/certs/privkey.pem

harbor_admin_password: StrongAdminPassword123!

database:
  password: StrongDBPassword123!

external_url: https://registry.example.com

Save and exit.

Install Harbor

Run the installer:

sudo ./install.sh

If everything goes well, Harbor will spin up around 10 containers:

docker ps

5. Access Harbor Web UI

Navigate to:

https://registry.example.com

Default credentials:

username: admin
password: StrongAdminPassword123!

Push and Pull Workflow (Deploy Harbor on Ubuntu)

Login from Docker client:

docker login registry.example.com

Tag image:

docker tag nginx:latest registry.example.com/library/nginx:latest

Push image:

docker push registry.example.com/library/nginx:latest

Pull image:

docker pull registry.example.com/library/nginx:latest

Enable Vulnerability Scanning

Harbor integrates Trivy for CVE scanning.

Steps:

• Go to Administration → Scanners
• Set Trivy as the default
• Enable “Prevent vulnerable images from pulling” (optional)
• Scan image manually or schedule scanning

Conclusion

Harbor takes your private container registry from hobby-level to production-grade. With HTTPS, RBAC, vulnerability scanning, replication, and a polished UI, it's built for real-world DevOps use.

By following this guide, you now have a fully operational Harbor registry running on Ubuntu 24.04, ready for Kubernetes clusters, CI/CD pipelines, and large-scale deployments. If you're running a hosting business or a data center, Harbor should be one of the first tools in your infrastructure toolbox.

FAQs

1. Is Harbor better than Docker Registry?
Yes. Docker Registry is minimal and lacks RBAC, UI, CVE scanning, and replication. Harbor is enterprise-ready.

2. Does Harbor require HTTPS?
Yes. Docker and Kubernetes clients refuse insecure registries unless you manually override settings. Use HTTPS.

3. Does Harbor support Notary image signing?
Yes. You can enable Notary to sign and verify images to prevent tampering.

4. Can Harbor be used in Kubernetes?
Absolutely. Harbor is widely used as a private registry backend for Kubernetes clusters.

5. What ports does Harbor use?

443 (HTTPS)
80 (HTTP)
Additional internal ports for services (Redis, DB)