Feat: Enable mtls for registry

Signed-off-by: DQ <dengq@vmware.com>

make/photon/prepare/templates/registry/config.yml.jinja

@@ -21,10 +21,22 @@ redis:
   password: {{redis_password}}
   db: {{redis_db_index_reg}}
 http:
+{% if internal_tls.enabled %}
+  addr: :5443
+{% else %}
   addr: :5000
+{% endif %}
   secret: placeholder
   debug:
     addr: localhost:5001
+{% if internal_tls.enabled %}
+  tls:
+    certificate: /etc/harbor/tls/registry.crt
+    key: /etc/harbor/tls/registry.key
+    clientcas:
+      - /etc/harbor/tls/harbor_internal_ca.crt
+{% endif %}
+
 auth:
   htpasswd:
     realm: harbor-registry-basic-realm

make/photon/prepare/utils/configs.py

@@ -347,6 +347,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
             external_database=config_dict['external_database'])
 
         if config_dict['internal_tls'].enabled:
+            config_dict['registry_url']: 'https://registry:5443'
             config_dict['registry_controller_url'] = 'https://registryctl:8443'
             config_dict['core_url'] = 'https://core:8443'
             config_dict['core_local_url'] = 'https://127.0.0.1:8443'

src/server/registry/proxy.go

@@ -16,10 +16,12 @@ package registry
 
 import (
 	"fmt"
-	"github.com/goharbor/harbor/src/core/config"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+
+	commonhttp "github.com/goharbor/harbor/src/common/http"
+	"github.com/goharbor/harbor/src/core/config"
 )
 
 var proxy = newProxy()
@@ -31,6 +33,10 @@ func newProxy() http.Handler {
 		panic(fmt.Sprintf("failed to parse the URL of registry: %v", err))
 	}
 	proxy := httputil.NewSingleHostReverseProxy(url)
+	if commonhttp.InternalTLSEnabled() {
+		proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
+	}
+
 	proxy.Director = basicAuthDirector(proxy.Director)
 	return proxy
 }