Setting Up a Private Docker Registry

What we are setting up and why

We will be setting up Harbor — a powerful, cloud-native, open-source private container registry that stores, signs, and scans images. Harbor extends the functionality of a standard Docker Registry by adding enterprise features such as security, project management, role-based access control (RBAC), vulnerability scanning, image replication, and LDAP/AD integration. This solution allows development teams to securely manage their container images, ensuring their integrity and compliance with corporate standards.

Ultimately, you will get a fully functional, secure, and managed private Docker Registry that will serve as a central repository for all your container images. This is especially important for CI/CD pipelines, where images must be available quickly and reliably, and for environments where strict control over what is deployed is required. You will be able to store proprietary images, protect them from unauthorized access, scan them for vulnerabilities before deployment, and control who can publish or pull images.

What alternatives exist? You can use cloud-managed services such as AWS ECR, Google Container Registry (GCR) / Artifact Registry, Azure Container Registry (ACR), or GitLab Container Registry. They offer convenience, scalability, and are often integrated with other cloud services. However, a self-hosted solution on a VPS has its advantages:

• Full Control: You have complete control over data, security, and infrastructure. This is critical for companies with strict regulatory requirements or those who do not want to depend on a specific cloud provider.
• Cost-effectiveness: For medium to large volumes of storage and traffic, a self-hosted solution can be significantly cheaper than cloud counterparts, especially if you already have free resources on a VPS/dedicated server.
• Customization: The ability to fine-tune to the specific needs of your infrastructure, integrate with internal authentication systems or unique security tools.
• Privacy: Images are stored on your infrastructure, which reduces the risk of data leaks through third-party services.

Choosing self-hosted Harbor on a VPS is ideal for teams that need a balance between control, security, and cost, as well as for those who want to avoid vendor lock-in.

What VPS config is needed for this task

Choosing the right server configuration is critical for stable and productive Harbor operation. Harbor is not just storage, but a whole complex of services (PostgreSQL, Redis, Notary, Clair, Trivy, Portal) that consume resources.

Minimum requirements (for small teams / test environments):

• CPU: 2 cores. Harbor performs many background tasks, such as vulnerability scanning, which can be resource-intensive.
• RAM: 4 GB. This is an absolute minimum; 6-8 GB is recommended for stable operation of all components.
• Disk: 100 GB SSD. The main disk space consumption comes from storing images. SSD significantly speeds up file and database operations.
• Network: 100 Mbps. This is sufficient for initial use, but active CI/CD work or a large number of users will require a wider channel.

Recommended VPS plan (for medium-load production environment):

• CPU: 4 cores. Will provide sufficient performance for handling requests, scanning, and background tasks.
• RAM: 8-16 GB. Will allow all Harbor components to run without swapping, which is critical for performance.
• Disk: 250-500 GB NVMe/SSD. The volume depends on the number and size of stored images. NVMe offers maximum I/O speed. It is important to choose a disk with expansion capability or use external storage if a very large number of images is planned.
• Network: 1 Gbps. A high-speed channel is necessary for fast uploading and downloading of images, which significantly affects build and deployment times.

For renting a VPS with the specified characteristics, for example, 4 CPU cores, 8-16 GB RAM, 250-500 GB NVMe/SSD, and a 1 Gbps network, you can consider a VPS with the specified characteristics.

When a dedicated server is needed, not a VPS

A dedicated server becomes the preferred choice when:

• Very high load: If you plan to store thousands of images, serve hundreds of developers, or your CI/CD pipeline constantly pushes/pulls images.
• Performance requirements: When guaranteed CPU, RAM, and disk subsystem performance is required without the "noisy neighbor" effect from other users on the same hypervisor.
• Large storage volume: If you need several terabytes for images and long-term storage.
• Strict SLAs and isolation: For mission-critical systems where maximum isolation and control over hardware are required.

In such cases, a suitable dedicated server will provide the necessary power and reliability.

Location: what it affects

The location of your VPS or dedicated server affects several factors:

• Latency (ping): The closer the server is to your developers and CI/CD agents, the less delay when uploading/downloading images. This directly affects performance.
• Regional regulations: In some cases, due to legislation (e.g., GDPR), data must be stored in a specific geographical region.
• Cost: VPS prices can vary depending on the region.

Choose a location that minimizes latency for most of your users and complies with all legal requirements.

Server preparation

It is assumed that you are using a freshly installed server with Ubuntu 24.04 LTS. These steps will provide basic security and prepare the system for Harbor installation.

1. System update

Always start by updating the package manager and installed packages to ensure the system is up-to-date and the latest security fixes are available.

sudo apt update             # Update package list
sudo apt upgrade -y         # Upgrade all installed packages
sudo apt autoremove -y      # Remove unused packages

2. Creating a new user and configuring SSH keys

It is not recommended to work under the root account. Create a new user with sudo privileges and configure SSH key authentication for enhanced security.

sudo adduser harboradmin    # Create a new user "harboradmin"
sudo usermod -aG sudo harboradmin # Add user to the sudo group
sudo mkdir /home/harboradmin/.ssh # Create directory for SSH keys
sudo chmod 700 /home/harboradmin/.ssh # Set correct permissions
sudo cp ~/.ssh/authorized_keys /home/harboradmin/.ssh/ # Copy your public key
sudo chown -R harboradmin:harboradmin /home/harboradmin/.ssh # Set owner for the directory

Important: After performing these steps, log out of the current root session and log in as the new user harboradmin using your SSH key. Then disable password login for root and regular users in the /etc/ssh/sshd_config file.

sudo nano /etc/ssh/sshd_config

Find and change the following lines:

PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Restart the SSH service to apply changes:

sudo systemctl restart sshd

3. Installing and configuring Firewall (UFW)

Configure a basic firewall to allow only necessary ports. Harbor will use ports 80 (HTTP, for redirect), 443 (HTTPS), and possibly others for internal services.

sudo apt install ufw -y     # Install UFW
sudo ufw default deny incoming # Deny all incoming connections by default
sudo ufw default allow outgoing # Allow all outgoing connections by default
sudo ufw allow OpenSSH      # Allow SSH (port 22)
sudo ufw allow http         # Allow HTTP (port 80)
sudo ufw allow https        # Allow HTTPS (port 443)
sudo ufw enable             # Enable UFW
sudo ufw status verbose     # Check UFW status

4. Installing Fail2Ban

Fail2Ban helps protect against brute-force attacks on SSH and other services.

sudo apt install fail2ban -y # Install Fail2Ban
sudo systemctl enable fail2ban # Enable Fail2Ban autostart
sudo systemctl start fail2ban  # Start Fail2Ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local # Create local configuration

Open /etc/fail2ban/jail.local and make sure the [sshd] section is active (enabled = true) and configure parameters as desired (e.g., bantime, findtime, maxretry).

sudo nano /etc/fail2ban/jail.local

Example configuration:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
bantime = 1h
findtime = 10m
maxretry = 5

Restart Fail2Ban to apply changes:

sudo systemctl restart fail2ban
sudo fail2ban-client status sshd # Check SSH filter status

5. Installing basic utilities

Some utilities may be useful during installation and debugging.

sudo apt install curl wget git nano htop net-tools -y # Install useful utilities

Now your server is ready for Docker and Harbor installation.

Software installation — step-by-step

Software Installation — Step-by-Step

In this step, we will install Docker Engine, Docker Compose, and Harbor. We will use the latest versions available in 2026. For Ubuntu 24.04 LTS, this will most likely be Docker Engine 25.x/26.x and Docker Compose v2.x, and Harbor version 2.x or 3.x.

1. Docker Engine Installation

We will install Docker from the official Docker repository to always have the latest versions.

# Remove old Docker versions, if any
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt remove $pkg; done

# Install necessary packages for using HTTPS repository
sudo apt install ca-certificates curl gnupg lsb-release -y

# Add Docker's official GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add Docker repository to APT sources
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Update package list and install Docker Engine
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Let's check that Docker is installed and running:

sudo systemctl status docker # Check Docker status
sudo docker run hello-world  # Run a test container

Add your user to the docker group to avoid using sudo with every Docker command (you need to log out and back in after this step):

sudo usermod -aG docker harboradmin # Add user to docker group

Log out and log back in for the changes to take effect. Then check:

docker run hello-world # Run a test container without sudo

2. Docker Compose Installation

The Docker Compose plugin is already installed with Docker Engine, but for convenience, you can create a symbolic link to docker compose as docker-compose.

sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose # Create a symbolic link
docker-compose version # Check Docker Compose version

3. Downloading and Preparing Harbor

Harbor is distributed as an archive with Docker Compose files. We will download the latest stable version (assuming Harbor 2.x or 3.x for 2026) from GitHub releases.

# Create directory for Harbor
mkdir -p ~/harbor && cd ~/harbor

# Download the latest stable version of Harbor installer (e.g., v2.10.x or v3.x)
# Check the current version on GitHub Releases: https://github.com/goharbor/harbor/releases
# Assume that version 2.10.0 is current in 2026
HARBOR_VERSION="2.10.0" # Replace with the actual version
wget https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/harbor-offline-installer-v${HARBOR_VERSION}.tgz

# Unpack the archive
tar xvf harbor-offline-installer-v${HARBOR_VERSION}.tgz

# Navigate to the unpacked Harbor directory
cd harbor

4. Harbor Installer Configuration

The main Harbor configuration file is harbor.yml.tmpl. We will copy it to harbor.yml and edit it.

cp harbor.yml.tmpl harbor.yml # Create configuration file from template
nano harbor.yml               # Edit configuration file

In the harbor.yml file, you need to change the following parameters (examples):

• hostname: your.domain.com — specify the domain name through which your Harbor Registry will be accessible. Ensure that an A-record pointing to your VPS's IP address is configured for this domain.
• http.port: 80 — port for HTTP access (will be redirected to HTTPS).
• https.port: 443 — port for HTTPS access.
• harbor_admin_password: YourSecurePassword123 — set a strong password for the Harbor administrator.
• data_volume: /data/harbor — the path where all Harbor data (images, database, etc.) will be stored. It is recommended to use a separate disk or partition for data.
• external_url: https://your.domain.com — the URL that will be used to access Harbor.

Example harbor.yml fragment:

hostname: your.domain.com

http:
  port: 80

https:
  port: 443
  # We will specify that TLS will be managed by Caddy, and Harbor will operate without direct TLS
  # For this, we will configure Caddy as a reverse proxy.
  # For now, leave these fields commented out or empty if Caddy will handle TLS.
  # If Harbor were to generate certificates itself, the paths to them would be here.
  # certificate: /your/path/to/server.crt
  # private_key: /your/path/to/server.key

harbor_admin_password: YourSecurePassword123

data_volume: /data/harbor

external_url: https://your.domain.com

Important: For a production environment, it is recommended to use an external PostgreSQL database and Redis for better scalability and manageability, but for this guide, we will use the containers built into Harbor.

5. Harbor Installation

After saving harbor.yml, you can start the installation. The installer will configure all necessary Docker Compose files and start the services.

# Run the installation script
sudo ./install.sh --with-clair --with-chartmuseum --with-trivy # Installation with scanning modules and ChartMuseum

The install.sh script will perform the following actions:

• Generate the necessary Docker Compose files.
• Create and start all Harbor containers.
• Configure the basic setup.

The process may take several minutes, as Docker will download all necessary images.

After the installation is complete, you can check the status of the running containers:

docker-compose ps # Check the status of all Harbor containers

Ensure that all containers are in the "Up" state.

Configuration

Now that Harbor is installed, we need to configure HTTPS access and ensure everything is working correctly. We will use Caddy as a reverse proxy with automatic TLS certificate acquisition from Let's Encrypt.

1. DNS Configuration

Before configuring Caddy, ensure that your domain (e.g., your.domain.com) has an A-record pointing to your VPS's public IP address. This is critically important for Let's Encrypt to work.

2. Caddy Installation

Caddy is a powerful web server that simplifies HTTPS configuration thanks to built-in Let's Encrypt support.

# Install Caddy from the official repository
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy -y

3. Caddy Configuration for Harbor

Let's create a Caddy configuration file (Caddyfile) to work with Harbor. Caddy will proxy requests to Harbor and automatically manage TLS.

sudo nano /etc/caddy/Caddyfile

Remove the existing content and add the following, replacing your.domain.com with your domain name:

your.domain.com {
    reverse_proxy 127.0.0.1:8080 { # Harbor by default runs on 8080 inside the container
        header_up Host {host}
        header_up X-Real-IP {remote_ip}
        header_up X-Forwarded-For {remote_ip}
        header_up X-Forwarded-Proto {scheme}
    }
    # Optional: enable Gzip compression
    encode gzip
    # Optional: logging
    log {
        output file /var/log/caddy/harbor_access.log
        format json
    }
    # Optional: basic Rate Limiting for DoS protection
    # rate_limit {
    #     burst 10
    #     rate 5r/s
    # }
}

Create a directory for Caddy logs if you enabled logging:

sudo mkdir -p /var/log/caddy
sudo chown caddy:caddy /var/log/caddy

Restart Caddy to apply the changes:

sudo systemctl restart caddy
sudo systemctl enable caddy # Enable Caddy autostart
sudo systemctl status caddy # Check Caddy status

Ensure that Caddy has started successfully and obtained TLS certificates. You can check Caddy logs: sudo journalctl -u caddy --no-pager.

4. Checking Harbor Functionality

Now that Caddy is configured, Harbor should be accessible via HTTPS.

• Access via browser: Open https://your.domain.com in your browser. You should see the Harbor interface. Log in with the username admin and the password you specified in harbor.yml (harbor_admin_password).
• Check via curl:

curl -I https://your.domain.com/api/v2.0/health # Check Harbor API accessibility

You should receive an HTTP status of 200 OK. If not, check Caddy and Harbor logs.

5. Docker Client Configuration

To work with your private Docker registry on your local machine or CI/CD agents, you need to log in to it:

docker login your.domain.com # Enter username (e.g., admin) and password

After successful login, you will be able to push and pull images:

# Example: tag an existing image and upload it to Harbor
docker tag hello-world your.domain.com/myproject/hello-world:latest
docker push your.domain.com/myproject/hello-world:latest

# Example: download an image from Harbor
docker pull your.domain.com/myproject/hello-world:latest

Important: Create the myproject project in the Harbor web interface before attempting to upload images to it.

6. Secrets and Environment Variables

The Harbor administrator password you specified in harbor.yml is sensitive information. In production environments, it is recommended to use Docker Secrets or external secret management systems. For Harbor, which runs via docker-compose, you can use an .env file. Although the Harbor installer does not use it directly, you can edit the generated docker-compose.yml and use environment variables for sensitive data. However, for the simplicity of this guide, we have left the password in harbor.yml.

Example of using .env for the administrator password (not automatically applied by the Harbor installer, but demonstrates the principle):

# In your .env file (next to docker-compose.yml)
HARBOR_ADMIN_PASSWORD=MySuperSecurePassword123

# In docker-compose.yml or harbor.yml (if it supported it)
# harbor_admin_password: ${HARBOR_ADMIN_PASSWORD}

For Harbor, a more secure approach is to change the administrator password via the web interface after installation, and to use LDAP/OIDC for user authentication instead of local accounts.

Backups and Maintenance

Regular backups and maintenance are the foundation of reliable operation for any service, including Harbor. Loss of image data or configuration can lead to serious problems.

1. What to Back Up

The following data is critically important for Harbor:

• Registry Data: The Docker images themselves, stored in /data/harbor/registry (or another path specified in data_volume).
• PostgreSQL Database: Contains image metadata, users, projects, policies, etc. Stored in /data/harbor/database.
• Configuration Files: harbor.yml and other files in the Harbor installation directory (~/harbor/harbor).
• TLS Certificates: If you manage them manually. In our case, Caddy manages them automatically, but if you use Harbor with your own certificates, they need to be backed up.

2. Simple Auto-Backup Script

We will create a simple script that will stop Harbor, back up the data, and then restart Harbor. This will require the rsync or tar utility.

sudo nano /usr/local/bin/backup_harbor.sh

Script content (replace your.domain.com and /path/to/backup/destination):

#!/bin/bash

# Path to Harbor directory
HARBOR_DIR="/home/harboradmin/harbor/harbor" # Make sure this is the correct path to the unzipped Harbor directory
HARBOR_DATA_VOLUME="/data/harbor" # Path to Harbor data volume

# Directory for storing backups
BACKUP_DESTINATION="/path/to/backup/destination" # E.g., /mnt/backup/harbor_backups
BACKUP_TIMESTAMP=$(date +%Y%m%d%H%M%S)
FULL_BACKUP_PATH="${BACKUP_DESTINATION}/harbor_backup_${BACKUP_TIMESTAMP}"

echo "Starting Harbor backup at ${BACKUP_TIMESTAMP}..."

# 1. Stopping Harbor services
echo "Stopping Harbor services..."
cd ${HARBOR_DIR}
docker-compose down # Stop all Harbor containers

# 2. Creating directory for the current backup
echo "Creating backup directory: ${FULL_BACKUP_PATH}"
mkdir -p ${FULL_BACKUP_PATH}

# 3. Copying configuration files
echo "Backing up Harbor configuration files..."
cp ${HARBOR_DIR}/harbor.yml ${FULL_BACKUP_PATH}/
cp ${HARBOR_DIR}/docker-compose.yml ${FULL_BACKUP_PATH}/ # Other configs can be added if present

# 4. Copying Harbor data (images, DB)
echo "Backing up Harbor data volume: ${HARBOR_DATA_VOLUME}"
# Use rsync for incremental backups or tar for a full archive
# rsync -avh --delete ${HARBOR_DATA_VOLUME}/ ${FULL_BACKUP_PATH}/data/
tar -czvf ${FULL_BACKUP_PATH}/harbor_data.tar.gz ${HARBOR_DATA_VOLUME}

# 5. Starting Harbor services
echo "Starting Harbor services..."
docker-compose up -d # Start Harbor containers in detached mode

echo "Harbor backup completed. Backup saved to ${FULL_BACKUP_PATH}"

Make the script executable:

sudo chmod +x /usr/local/bin/backup_harbor.sh

Attention: Stopping Harbor will result in temporary registry unavailability. Plan backups during periods of lowest activity or consider more complex backup methods without downtime if Harbor is critical 24/7.

3. Where to Store Backups

Backups should be stored separately from the main server to avoid data loss in case of server failure.

• External S3-compatible object storage: AWS S3, MinIO, DigitalOcean Spaces, etc. This is a reliable and scalable option. For this, utilities like awscli or s3cmd can be used in the backup script.
• Separate VPS: A dedicated small VPS for storing backups, accessible via SSH/SFTP. rsync can be used to copy backups to it.
• NFS/SMB storage: If you have centralized network storage.

Example of adding backup upload to S3 (requires awscli configuration):

# Add to script after tar -czvf ...
echo "Uploading backup to S3..."
aws s3 cp ${FULL_BACKUP_PATH}/harbor_data.tar.gz s3://your-s3-bucket-name/harbor_backups/ --recursive
aws s3 cp ${FULL_BACKUP_PATH}/harbor.yml s3://your-s3-bucket-name/harbor_backups/ --recursive

4. Setting Up Cron for Automatic Backups

Add the script to the Cron scheduler for daily execution (e.g., at 3 AM).

sudo crontab -e

Add the following line to the end of the file:

0 3 * * * /usr/local/bin/backup_harbor.sh >> /var/log/harbor_backup.log 2>&1

This will run the script every day at 03:00 and redirect the output to the log file /var/log/harbor_backup.log.

5. Updates: Rolling vs. Maintenance Window

Keeping software up-to-date is critically important for security and stability. You need to update:

• Operating System: Regularly run sudo apt update && sudo apt upgrade -y.
• Docker Engine and Docker Compose: Update them from the official Docker repository.
• Harbor: Harbor updates usually require using a new installer and performing a migration procedure. This often entails service downtime.

Harbor Update Strategies:

• Maintenance Window: The simplest approach for most self-hosted installations. Plan a maintenance window (e.g., once a month or quarter) during which Harbor will be unavailable. This allows you to perform the update, test it, and roll back in case of issues.
• Rolling Updates (for clustered deployments): If Harbor is deployed in a cluster (e.g., Kubernetes), rolling updates can be performed without downtime. However, this significantly complicates the architecture and is beyond the scope of this guide.

Always read the official Harbor documentation before updating, as the procedure may change between versions.

Troubleshooting + FAQ

What to do if Harbor does not start after installation?

First, check the logs of Harbor's Docker containers. Navigate to the Harbor installation directory (~/harbor/harbor) and run docker-compose logs. This will show the logs for all services. If the problem is with a specific service (e.g., core or registry), you can view its logs separately: docker-compose logs core. Common issues include port conflicts, incorrect domain name configuration, or data access problems.

Why can't I access Harbor by domain name?

Check the following points: 1) Ensure that the DNS record (A-record) for your domain correctly points to your VPS's IP address. 2) Check Caddy's status (sudo systemctl status caddy) and its logs (sudo journalctl -u caddy --no-pager) — Caddy might not have been able to obtain a TLS certificate. 3) Make sure ports 80 and 443 are open in your firewall (UFW: sudo ufw status). 4) Verify that the hostname in harbor.yml matches your domain name.

Cannot log in to Harbor via Docker CLI (docker login)

Ensure you are using the correct domain name (e.g., your.domain.com) and credentials (by default admin and the password specified in harbor.yml). If Harbor uses self-signed certificates (which we avoided with Caddy), you might need to add the Harbor certificate to Docker's trusted certificates list on your client machine. Also, verify that Harbor is running and accessible via HTTPS.

What is the minimum suitable VPS configuration?

For test environments or very small teams with a minimal number of images and users, the minimum configuration should include 2 CPU cores, 4 GB RAM, and at least 100 GB SSD disk. However, such a configuration might not be sufficient for active vulnerability scanning or high load. For stable operation in a production environment, 4 CPU cores, 8-16 GB RAM, and 250-500 GB NVMe/SSD are recommended.

What to choose — VPS or dedicated for this task?

The choice between a VPS and a dedicated server depends on the scale of your task. A VPS is sufficient for most medium-sized teams and projects, offering a good balance of cost and performance. A dedicated server should be chosen if you have a very large volume of images (terabytes), high and constant load from hundreds of users or CI/CD agents, and if maximum performance, resource isolation, and strict SLAs are required, which might not be guaranteed on a VPS due to the "noisy neighbor effect".

How to update Harbor to a new version?

Updating Harbor typically involves downloading a new installer for the target version, stopping current Harbor services, backing up data, running the prepare script from the new installer to migrate the database, and then running install.sh. Always carefully read the official update documentation for your specific Harbor version, as the steps may vary.

Harbor gives "no such host" error when trying to push/pull images.

This error usually means that the Docker client cannot resolve the domain name of your Harbor Registry. Ensure that the DNS servers used by your client machine correctly resolve your domain. Check this with the command ping your.domain.com or nslookup your.domain.com. If the domain does not resolve, the problem is with DNS. If it resolves, check that port 443 is open and Caddy/Harbor are accessible.

Conclusions and Next Steps

Congratulations! You have successfully set up a private Docker Registry (Harbor) on your VPS. You now have a secure and managed repository for your container images, providing access control, vulnerability scanning, and auditing capabilities. This will significantly improve your CI/CD pipeline and overall deployment security.

Next steps for further developing your Harbor infrastructure:

1. CI/CD Integration: Configure your CI/CD systems (Jenkins, GitLab CI, GitHub Actions) for automatic building, pushing, and pulling of images from your private Harbor Registry.
2. User Management and RBAC: Configure Harbor integration with your corporate authentication system (LDAP/AD, OIDC) and create projects with appropriate roles for development teams to ensure granular access control.
3. Replication and High Availability: For critically important production environments, consider setting up image replication between multiple Harbor installations or deploying Harbor in a Kubernetes cluster to ensure high availability and fault tolerance.