From 40e67f3b1429714173dbaa3f08666685066d8fa2 Mon Sep 17 00:00:00 2001
From: DQ <dengq@vmware.com>
Date: Wed, 12 Feb 2020 17:40:57 +0800
Subject: [PATCH] Feat: Enable mtls for registry

Signed-off-by: DQ <dengq@vmware.com>
---
 .../prepare/templates/registry/config.yml.jinja      | 12 ++++++++++++
 make/photon/prepare/utils/configs.py                 |  1 +
 src/server/registry/proxy.go                         |  8 +++++++-
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/make/photon/prepare/templates/registry/config.yml.jinja b/make/photon/prepare/templates/registry/config.yml.jinja
index d566da0b43..888b3a5294 100644
--- a/make/photon/prepare/templates/registry/config.yml.jinja
+++ b/make/photon/prepare/templates/registry/config.yml.jinja
@@ -21,10 +21,22 @@ redis:
   password: {{redis_password}}
   db: {{redis_db_index_reg}}
 http:
+{% if internal_tls.enabled %}
+  addr: :5443
+{% else %}
   addr: :5000
+{% endif %}
   secret: placeholder
   debug:
     addr: localhost:5001
+{% if internal_tls.enabled %}
+  tls:
+    certificate: /etc/harbor/tls/registry.crt
+    key: /etc/harbor/tls/registry.key
+    clientcas:
+      - /etc/harbor/tls/harbor_internal_ca.crt
+{% endif %}
+
 auth:
   htpasswd:
     realm: harbor-registry-basic-realm
diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py
index 2197f89ab7..1d361dca4f 100644
--- a/make/photon/prepare/utils/configs.py
+++ b/make/photon/prepare/utils/configs.py
@@ -347,6 +347,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
             external_database=config_dict['external_database'])
 
         if config_dict['internal_tls'].enabled:
+            config_dict['registry_url']: 'https://registry:5443'
             config_dict['registry_controller_url'] = 'https://registryctl:8443'
             config_dict['core_url'] = 'https://core:8443'
             config_dict['core_local_url'] = 'https://127.0.0.1:8443'
diff --git a/src/server/registry/proxy.go b/src/server/registry/proxy.go
index d891f8386c..f6db9ee756 100644
--- a/src/server/registry/proxy.go
+++ b/src/server/registry/proxy.go
@@ -16,10 +16,12 @@ package registry
 
 import (
 	"fmt"
-	"github.com/goharbor/harbor/src/core/config"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+
+	commonhttp "github.com/goharbor/harbor/src/common/http"
+	"github.com/goharbor/harbor/src/core/config"
 )
 
 var proxy = newProxy()
@@ -31,6 +33,10 @@ func newProxy() http.Handler {
 		panic(fmt.Sprintf("failed to parse the URL of registry: %v", err))
 	}
 	proxy := httputil.NewSingleHostReverseProxy(url)
+	if commonhttp.InternalTLSEnabled() {
+		proxy.Transport = commonhttp.GetHTTPTransport(commonhttp.InternalTransport)
+	}
+
 	proxy.Director = basicAuthDirector(proxy.Director)
 	return proxy
 }