mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-03 06:28:06 +01:00
Feat: enable tls in registryctlAdd tls related code in registryctl
Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
DQ
parent
10753caf90
commit
07a1d51693
@ -117,9 +117,8 @@ class InternalTLS:
|
|||||||
logging.info('internal tls NOT enabled...')
|
logging.info('internal tls NOT enabled...')
|
||||||
return
|
return
|
||||||
original_tls_dir = get_realpath(self.tls_dir)
|
original_tls_dir = get_realpath(self.tls_dir)
|
||||||
rmtree(internal_tls_dir)
|
if internal_tls_dir.exists():
|
||||||
if not internal_tls_dir.exists():
|
rmtree(internal_tls_dir)
|
||||||
os.makedirs(internal_tls_dir)
|
|
||||||
copytree(original_tls_dir, internal_tls_dir, symlinks=True)
|
copytree(original_tls_dir, internal_tls_dir, symlinks=True)
|
||||||
|
|
||||||
for file in internal_tls_dir.iterdir():
|
for file in internal_tls_dir.iterdir():
|
||||||
|
|||||||
@ -57,7 +57,9 @@ func NewClient(baseURL string, cfg *Config) Client {
|
|||||||
}
|
}
|
||||||
if cfg != nil {
|
if cfg != nil {
|
||||||
authorizer := auth.NewSecretAuthorizer(cfg.Secret)
|
authorizer := auth.NewSecretAuthorizer(cfg.Secret)
|
||||||
client.client = common_http.NewClient(nil, authorizer)
|
client.client = common_http.NewClient(&http.Client{
|
||||||
|
Transport: common_http.GetHTTPTransport(common_http.InternalTransport),
|
||||||
|
}, authorizer)
|
||||||
}
|
}
|
||||||
return client
|
return client
|
||||||
}
|
}
|
||||||
|
|||||||
@ -19,6 +19,7 @@ import (
|
|||||||
"flag"
|
"flag"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
commonhttp "github.com/goharbor/harbor/src/common/http"
|
||||||
"github.com/goharbor/harbor/src/common/utils/log"
|
"github.com/goharbor/harbor/src/common/utils/log"
|
||||||
"github.com/goharbor/harbor/src/registryctl/config"
|
"github.com/goharbor/harbor/src/registryctl/config"
|
||||||
"github.com/goharbor/harbor/src/registryctl/handlers"
|
"github.com/goharbor/harbor/src/registryctl/handlers"
|
||||||
@ -37,25 +38,15 @@ func (s *RegistryCtl) Start() {
|
|||||||
Handler: s.Handler,
|
Handler: s.Handler,
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.ServerConf.Protocol == "HTTPS" {
|
if s.ServerConf.Protocol == "https" {
|
||||||
tlsCfg := &tls.Config{
|
regCtl.TLSConfig = &tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||||
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
|
ClientCAs: commonhttp.GetInternalCA(nil),
|
||||||
PreferServerCipherSuites: true,
|
|
||||||
CipherSuites: []uint16{
|
|
||||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
||||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
|
||||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
regCtl.TLSConfig = tlsCfg
|
|
||||||
regCtl.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
if s.ServerConf.Protocol == "HTTPS" {
|
if s.ServerConf.Protocol == "https" {
|
||||||
err = regCtl.ListenAndServeTLS(s.ServerConf.HTTPSConfig.Cert, s.ServerConf.HTTPSConfig.Key)
|
err = regCtl.ListenAndServeTLS(s.ServerConf.HTTPSConfig.Cert, s.ServerConf.HTTPSConfig.Key)
|
||||||
} else {
|
} else {
|
||||||
err = regCtl.ListenAndServe()
|
err = regCtl.ListenAndServe()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user