Listen to this Post

Have you ever thought about hosting your own OCI registry for containers and Helm charts? With Harbor, you can self-host a secure, private registry, avoiding costly cloud fees. Pairing this with TailScale creates a seamless, encrypted network connecting your homelab, GitHub Actions runners, and local devices—enabling a powerful yet cost-effective CI/CD pipeline.
You Should Know:
1. Setting Up Harbor for OCI Registry
Harbor is an open-source registry that supports Docker images, Helm charts, and OCI artifacts.
Install Harbor on Linux (Ubuntu/Debian)
Install Docker & Docker Compose sudo apt update sudo apt install docker.io docker-compose -y Download Harbor offline installer wget https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-offline-installer-v2.7.0.tgz tar xvf harbor-offline-installer-v2.7.0.tgz cd harbor Configure Harbor cp harbor.yml.tmpl harbor.yml nano harbor.yml Update hostname, admin password, and HTTPS settings Install & Start Harbor sudo ./install.sh Verify sudo docker-compose ps
Push/Pull Images from Harbor
Login docker login harbor.yourdomain.com Tag & Push docker tag nginx:latest harbor.yourdomain.com/library/nginx:latest docker push harbor.yourdomain.com/library/nginx:latest Pull docker pull harbor.yourdomain.com/library/nginx:latest
2. Integrating TailScale for Secure Networking
TailScale creates a zero-config VPN using WireGuard, linking your homelab, CI/CD runners, and cloud services securely.
Install TailScale on Linux
Add TailScale repo curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | sudo apt-key add - curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.list | sudo tee /etc/apt/sources.list.d/tailscale.list Install & Start sudo apt update sudo apt install tailscale -y sudo tailscale up
Allow GitHub Actions Runners to Access Harbor via TailScale
– Share your TailScale network with GitHub Actions runners.
– Use TailScale ACLs to restrict access:
// tailscale ACL example
{
"acls": [
{
"action": "accept",
"src": ["github-runner-ip"],
"dst": ["harbor-server:443"],
}
]
}
3. Automating CI/CD with GitHub Actions
Use GitHub Actions to push images to your self-hosted Harbor registry.
Example GitHub Actions Workflow
name: Build and Push to Harbor
on: [bash]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
<ul>
<li>name: Login to Harbor
run: |
echo "${{ secrets.HARBOR_PASSWORD }}" | docker login harbor.yourdomain.com -u ${{ secrets.HARBOR_USERNAME }} --password-stdin</p></li>
<li><p>name: Build and Push
run: |
docker build -t harbor.yourdomain.com/myapp:${{ github.sha }} .
docker push harbor.yourdomain.com/myapp:${{ github.sha }}
4. Backup Your Harbor Registry
Avoid data loss by automating backups.
Backup Harbor Data
Backup database and storage sudo docker exec -it harbor-db pg_dump -U postgres registry > harbor_backup.sql tar czvf harbor_data_backup.tar.gz /data/harbor
Restore Harbor
Restore database sudo docker exec -i harbor-db psql -U postgres registry < harbor_backup.sql Restore data tar xzvf harbor_data_backup.tar.gz -C /
What Undercode Say
Self-hosting Harbor with TailScale and GitHub Actions provides cost efficiency, security, and control over your container workflow. However, ensure:
– Regular backups of Harbor’s database and storage.
– Network hardening via TailScale ACLs.
– Automated CI/CD checks to prevent faulty deployments.
For further reading:
Prediction
As cloud costs rise, self-hosted OCI registries and private CI/CD pipelines will become mainstream for SMEs and indie developers. Expect tighter integrations between TailScale, Kubernetes, and GitOps tools like ArgoCD.
Expected Output:
A fully automated, secure, and self-hosted container registry with CI/CD capabilities, reducing reliance on expensive cloud services.
References:
Reported By: Parisnakitakejser Devops – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


