WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / How to setup Harbor registry on Synology

How to setup Harbor registry on Synology

10.18.2023 by William Lam // 6 Comments

With my recent exploration of GenAI and using a private ChatGPT solution with my own blog posts, I quickly realized in the space of AI/ML, the required software dependencies can take up a significant amount of storage, especially for a kubernetes/container-based deployment.

To give you an example, to deploy the private ChatGPT (h2ogpt) application using kubernetes, just the container image itself is a whopping 40GB+! 😲

Unfourntately, this is not a one off scenario but a common theme when working in the AI/ML space that the size of the packages and drivers are extremely large even when using containers. I figure I should probably setup my own container registry instead of pulling directly from the Internet given the size of these images.

I already have a local Harbor instance running in a VM but with my Synology, I have been using it centralize a number of functions and that would be the ideal place to actually run Harbor. While you can run individual containers on the Synology as I have demonstrated HERE with GitLab, the Harbor installation processes relies on Docker Compose, which Synology does not natively support using the Synology DiskStation Manager (DSM) interface.

With a little bit of tinkering and trial/error, I was able to finally get Harbor running on my Synology and centralize all my storage needs including having my own container registry.

Step 1 - Login to the DSM management interface and create a new shared folder called harbor


Step 2 - Generate a self-signed TLS certificate for Harbor since we are going to consume the registry using vSphere with Tanzu, which only supports HTTPS and SCP that to your Synology.

openssl req -newkey rsa:4096 -nodes -sha256 -keyout primp-industries.local.key -subj "/CN=nas.primp-industries.local/O=nas.primp-industries.local" -addext "subjectAltName = DNS:nas.primp-industries.local" -x509 -days 3650 -out primp-industries.local.crt

Step 3 - SSH to the Synology as the remainder steps will require the command-line. The following commands will download the latest Harbor release (as of this blog post, v2.9.0 is latest but you can change to your desired version) and setup the required directories and also copy the generated TLS certificate file to the certs directory which will be referenced in the Harbor configuration file. You will need to replace the volume1 with the name of your Synology volume label and the TLS certificate filename.

cd /volume1/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz
tar -zxvf harbor-offline-installer-v2.9.0.tgz
mkdir -p /volume1/harbor/harbor/{data,config,log,secret,certs}
mkdir -p /volume1/harbor/harbor/common/config
cp primp-industries.local.* /volume1/harbor/harbor/certs/
sudo chown -R 10000:10000 /volume1/harbor
sudo chmod -R 755 /volume1/harbor/harbor
cd /volume1/harbor/harbor/

Step 4 - Next, we need to update the harbor.yml configuration file and below is a snippet of the changes I made for my setup which includes the hostname, HTTP(s) ports, TLS certificate paths and data_volume. You can leave the default Harbor admin password since you will need to change it upon logging in for the first time.

hostname: nas.primp-industries.local

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 8888

# https related config
https:
  # https port for harbor, default is 443
  port: 8443
  # The path of cert and key files for nginx
  certificate: /volume1/harbor/harbor/certs/primp-industries.local.crt
  private_key: /volume1/harbor/harbor/certs/primp-industries.local.key

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor1234

# The default data volume
data_volume: /volume1/harbor/harbor/data

Step 4 - Now we run the Harbor prepare script which will verify that everything was setup correctly prior to performing Harbor installation.

sudo ./prepare


Note: If you run into any errors, please resolve them before proceeding. More than likely, you missed a step or forgot to update a value during Step 3.

Step 5 - Finally to install Harbor, we run the install.sh script like the following:

sudo ./install.sh


This process can take a few minutes but once everything is up and running, you should be able to open a browser to the FQDN (remember to try HTTPS) and the port you had specified on your Synology and login using admin and the default password (Harbor1234). Once successfully logged in, you should immediately change the default password by clicking on the username on the upper right hand side.


Before you can start pushing and pulling images to your private Harbor registry, you need to configure your Docker Client so that it is aware of the insecure registry which includes HTTP or or HTTPS (with self-signed TLS certificate), unless you are using a proper signed TLS certificate

Since I am using Docker Desktop on macOS, you can easily do this by going to Settings->Docker Engine and then append the Harbor hostame and port to the existing JSON configuration:

"insecure-registries": [ "nas.primp-industries.local:8443" ]


Note: For more details on configuring Docker Client with insecure registry including HTTP, please see the documentation here.

At this point you should be able to push container image to your Harbor registry.


Similarly, you should also be able to pull the container image from your Harbor registry.


While you will not be able to administrator Harbor using the Synology DSM, you can still get progress for the individual containers that make up the Harbor registry, which can be useful to determine if all services are healthy and running.

More from my site

  • vCenter Server Identity Federation with Synology SSO
  • How to download offline copy of the Tanzu Kubernetes releases (TKr) Content Library?
  • How to setup private GitLab on a Synology for Project Keswick?
  • How to setup custom vSphere Content Library on a Synology?
  • Synology NFS VAAI Plug-in support for vSphere 8.0

Categories // Automation, Cloud Native, Kubernetes Tags // Harbor, Synology

Comments

  1. *protectedduckblaster7090 says

    10/20/2023 at 1:26 am

    My DS918+ running DSM 7.2-64570 Update 3 and Container Manager 20.10.23-1473 has support for docker compose, they call it Projects.

    Reply
    • William Lam says

      10/20/2023 at 7:20 am

      Oh .... that's what Projects are for. I vaguely recall looking at that when I had first setup my Synology but didn't connect the dots. While Harbor uses docker compose, the install/setup requires running the scripts from console anyhow, so I don't think it would have worked anyhow. At least this follows the Harbor setup process in case there's any issues, could ask for help

      Reply
  2. *protectedChristopher says

    10/20/2023 at 2:26 pm

    While you might have to run scripts from console for this setup of harbour, you should look into running portainer on your Syno and from there you get more docker functionality. I typically put portainer (with portainer agent) in a compose in the projects part of Container Manager, and then use portainer for most other docker stuff, including watchtower to update my containers automatically. And since I have two Syno boxes, I deploy portainer agent on the second and can control both from the same Portainer interface on my main Syno.

    Reply
  3. *protectedChristopher says

    10/20/2023 at 2:27 pm

    And of course Portainer doesn't call it "compose" either, they call it Stacks. Yayh!!?! 😆

    Reply
  4. *protectedPascal says

    08/27/2024 at 2:00 pm

    Hi, Thanks for those installation instructions, I follow the to the letter and runs in the following errror; "Error response from daemon: Bind mount failed: '/var/log/harbor' does not exists" Any idea? Best Regards, Pascal.

    Reply
    • *protectedalbersdevelopment says

      01/30/2025 at 7:19 am

      If you haven't found it, there is a log location setting in the harbor.yml file. Set that to /volume1/harbor/harbor/logs and re-run the install.sh script

      Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...