Harbor optionally supports HTTP connections, however the Docker client always attempts to connect to registries by first using HTTPS. If Harbor is configured for HTTP, you must configure your Docker client so that it can connect to insecure registries. In your Docker client is not configured for insecure registries, you will see the following error when you attempt to pull or push images to Harbor:
Error response from daemon: Get https://myregistrydomain.com/v1/users/: dial tcp myregistrydomain.com:443 getsockopt: connection refused.
docker tag ubuntu:14.04 <harbor_address>/demo/ubuntu:14.04
Push the image:
docker push <harbor_address>/demo/ubuntu:14.04
Pushing Windows Images
If you plan to push Windows images to your Harbor instance, you must configure your docker daemon to allow pushing restricted artifacts by setting allow-nondistributable-artifacts in your daemon.json file.
After pushing an image, the project administrator can add information to describe the repository.
Go into the repository and select the Info tab, and click the Edit button. Enter a description and click Save to save the description.
Download the Harbor Certificate
Users can click the Registry Certificate button to download the registry certificate.
Deleting repositories involves two steps.
First, you delete a repository in the Harbor interface. This is soft deletion. You can delete the entire repository or just one of its tags. After the soft deletion, the repository is no longer managed by Harbor, however, the repository files remain in the Harbor storage.
If both tag A and tag B refer to the same image, after deleting tag A, B will also get deleted. if you enabled content trust, you need to use notary command line tool to delete the tag’s signature before you delete an image.
Make sure that https is enabled in harbor.yml and the attributes ssl_cert and ssl_cert_key point to valid certificates. For more information about generating a HTTPS certificate, see
Configure HTTPS Access to Harbor.
Copy the Root Certificate
If Harbor instance is hosted at 192.168.0.5, ff you are using a self-signed certificate, copy the Harbor CA root cert to /etc/docker/certs.d/192.168.0.5/ and ~/.docker/tls/192.168.0.5:4443/ on the machine on which you run the Docker client.
Enable Docker Content Trust
You can enable content trust by setting the following environment variables on the machine on which you run the Docker client.
By default the local directory for storing meta files for the Notary client is different from the one for the Docker client. To simplify the use of the Notary client to manipulate the keys/meta files that are generated by Docker content trust, you can set an alias.