mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-28 21:37:31 +02:00
Feat: Enable mtls for registry
Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
parent
07a1d51693
commit
40e67f3b14
@ -21,10 +21,22 @@ redis:
|
|||||||
password: {{redis_password}}
|
password: {{redis_password}}
|
||||||
db: {{redis_db_index_reg}}
|
db: {{redis_db_index_reg}}
|
||||||
http:
|
http:
|
||||||
|
{% if internal_tls.enabled %}
|
||||||
|
addr: :5443
|
||||||
|
{% else %}
|
||||||
addr: :5000
|
addr: :5000
|
||||||
|
{% endif %}
|
||||||
secret: placeholder
|
secret: placeholder
|
||||||
debug:
|
debug:
|
||||||
addr: localhost:5001
|
addr: localhost:5001
|
||||||
|
{% if internal_tls.enabled %}
|
||||||
|
tls:
|
||||||
|
certificate: /etc/harbor/tls/registry.crt
|
||||||
|
key: /etc/harbor/tls/registry.key
|
||||||
|
clientcas:
|
||||||
|
- /etc/harbor/tls/harbor_internal_ca.crt
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
htpasswd:
|
htpasswd:
|
||||||
realm: harbor-registry-basic-realm
|
realm: harbor-registry-basic-realm
|
||||||
|
@ -347,6 +347,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
external_database=config_dict['external_database'])
|
external_database=config_dict['external_database'])
|
||||||
|
|
||||||
if config_dict['internal_tls'].enabled:
|
if config_dict['internal_tls'].enabled:
|
||||||
|
config_dict['registry_url']: 'https://registry:5443'
|
||||||
config_dict['registry_controller_url'] = 'https://registryctl:8443'
|
config_dict['registry_controller_url'] = 'https://registryctl:8443'
|
||||||
config_dict['core_url'] = 'https://core:8443'
|
config_dict['core_url'] = 'https://core:8443'
|
||||||
config_dict['core_local_url'] = 'https://127.0.0.1:8443'
|
config_dict['core_local_url'] = 'https://127.0.0.1:8443'
|
||||||
|
@ -16,10 +16,12 @@ package registry
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/goharbor/harbor/src/core/config"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
||||||
|
commonhttp "github.com/goharbor/harbor/src/common/http"
|
||||||
|
"github.com/goharbor/harbor/src/core/config"
|
||||||
)
|
)
|
||||||
|
|
||||||
var proxy = newProxy()
|
var proxy = newProxy()
|
||||||
@ -31,6 +33,10 @@ func newProxy() http.Handler {
|
|||||||
panic(fmt.Sprintf("failed to parse the URL of registry: %v", err))
|
panic(fmt.Sprintf("failed to parse the URL of registry: %v", err))
|
||||||
}
|
}
|
||||||
proxy := httputil.NewSingleHostReverseProxy(url)
|
proxy := httputil.NewSingleHostReverseProxy(url)
|
||||||
|
if commonhttp.InternalTLSEnabled() {
|
||||||
|
proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
|
||||||
|
}
|
||||||
|
|
||||||
proxy.Director = basicAuthDirector(proxy.Director)
|
proxy.Director = basicAuthDirector(proxy.Director)
|
||||||
return proxy
|
return proxy
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user