From 88aa413fe63730362f8a4a7909fc5cfa4414e958 Mon Sep 17 00:00:00 2001
From: Wenkai Yin <yinw@vmware.com>
Date: Thu, 1 Nov 2018 17:13:38 +0800
Subject: [PATCH] Pass internal core URL as source in replication

Currently, we pass the external URL as the source registry and set insecure as true in replication, this causes security issue. This commit replaces the URL with the internal one and set insecure to false. Fixes #6109.

Signed-off-by: Wenkai Yin <yinw@vmware.com>
---
 src/replication/replicator/replicator.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/replication/replicator/replicator.go b/src/replication/replicator/replicator.go
index 9e3fdeb34..d53f22c75 100644
--- a/src/replication/replicator/replicator.go
+++ b/src/replication/replicator/replicator.go
@@ -89,17 +89,13 @@ func (d *DefaultReplicator) Replicate(replication *Replication) error {
 			}
 
 			if operation == common_models.RepOpTransfer {
-				url, err := config.ExtEndpoint()
-				if err != nil {
-					return err
-				}
 				job.Name = common_job.ImageTransfer
 				job.Parameters = map[string]interface{}{
 					"repository":            repository,
 					"tags":                  tags,
-					"src_registry_url":      url,
-					"src_registry_insecure": true,
-					// "src_token_service_url":"",
+					"src_registry_url":      config.InternalCoreURL(),
+					"src_registry_insecure": false,
+					"src_token_service_url": config.InternalTokenServiceEndpoint(),
 					"dst_registry_url":      target.URL,
 					"dst_registry_insecure": target.Insecure,
 					"dst_registry_username": target.Username,