DEV Community

Alex Spinov
Alex Spinov

Posted on

Harbor Has a Free API — Heres How to Self-Host a Container Registry

#devops #docker #opensource #tutorial

Harbor is an open-source container registry with vulnerability scanning, RBAC, image signing, and replication. A self-hosted Docker Hub with enterprise features.

Why Harbor?

  • Vulnerability scanning: Trivy integration scans every image
  • RBAC: Project-based access control
  • Image signing: Cosign/Notary support
  • Replication: Sync across multiple registries
  • Garbage collection: Automatic cleanup
  • Audit logs: Track who pushed/pulled what
  • Free: No per-image or per-pull limits

Install 

# Download installer
curl -LO https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz
tar xvf harbor-offline-installer-v2.10.0.tgz
cd harbor

# Configure
cp harbor.yml.tmpl harbor.yml
# Edit harbor.yml: set hostname, HTTPS certs, admin password

# Install
./install.sh
Enter fullscreen mode Exit fullscreen mode

Push Your First Image 

# Login
docker login harbor.example.com

# Tag and push
docker tag my-app:latest harbor.example.com/myproject/my-app:v1.0
docker push harbor.example.com/myproject/my-app:v1.0
Enter fullscreen mode Exit fullscreen mode

API: List Projects 

curl -u admin:Harbor12345 https://harbor.example.com/api/v2.0/projects
Enter fullscreen mode Exit fullscreen mode

API: Create Project 

curl -X POST -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/projects \
  -H 'Content-Type: application/json' \
  -d '{"project_name": "my-team", "public": false}'
Enter fullscreen mode Exit fullscreen mode

API: List Repositories 

curl -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/projects/my-team/repositories
Enter fullscreen mode Exit fullscreen mode

API: Get Vulnerability Report 

# Trigger scan
curl -X POST -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/projects/my-team/repositories/my-app/artifacts/v1.0/scan

# Get results
curl -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/projects/my-team/repositories/my-app/artifacts/v1.0/additions/vulnerabilities
Enter fullscreen mode Exit fullscreen mode

API: Delete Old Tags 

curl -X DELETE -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/projects/my-team/repositories/my-app/artifacts/old-tag
Enter fullscreen mode Exit fullscreen mode

Webhook Notifications 

curl -X POST -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/projects/1/webhook/policies \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "deploy-on-push",
    "targets": [{"type": "http", "address": "https://ci.example.com/deploy"}],
    "event_types": ["PUSH_ARTIFACT"]
  }'
Enter fullscreen mode Exit fullscreen mode

Replication (Multi-Registry Sync) 

curl -X POST -u admin:Harbor12345 \
  https://harbor.example.com/api/v2.0/replication/policies \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "sync-to-backup",
    "src_registry": {"id": 0},
    "dest_registry": {"id": 1},
    "trigger": {"type": "event_based"}
  }'
Enter fullscreen mode Exit fullscreen mode

Real-World Use Case

A company paying $300/mo for Docker Hub Team switched to Harbor on a $20 VPS. They got vulnerability scanning (found 12 critical CVEs on first scan), RBAC per team, and unlimited storage — saving $280/mo.

Need to automate data collection? Check out my Apify actors for ready-made scrapers, or email spinov001@gmail.com for custom solutions.

Top comments (0)