remotes/docker/config: Skipping TLS verification for localhost
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
This commit is contained in:
Iceber Gu
@@ -400,7 +400,7 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("get TLSConfig for registry %q: %w", e, err)
|
||||
}
|
||||
} else if isLocalHost(host) && u.Scheme == "http" {
|
||||
} else if docker.IsLocalhost(host) && u.Scheme == "http" {
|
||||
// Skipping TLS verification for localhost
|
||||
transport.TLSClientConfig = &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
@@ -445,26 +445,12 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
|
||||
|
||||
// defaultScheme returns the default scheme for a registry host.
|
||||
func defaultScheme(host string) string {
|
||||
if isLocalHost(host) {
|
||||
if docker.IsLocalhost(host) {
|
||||
return "http"
|
||||
}
|
||||
return "https"
|
||||
}
|
||||
|
||||
// isLocalHost checks if the registry host is local.
|
||||
func isLocalHost(host string) bool {
|
||||
if h, _, err := net.SplitHostPort(host); err == nil {
|
||||
host = h
|
||||
}
|
||||
|
||||
if host == "localhost" {
|
||||
return true
|
||||
}
|
||||
|
||||
ip := net.ParseIP(host)
|
||||
return ip.IsLoopback()
|
||||
}
|
||||
|
||||
// addDefaultScheme returns the endpoint with default scheme
|
||||
func addDefaultScheme(endpoint string) (string, error) {
|
||||
if strings.Contains(endpoint, "://") {
|
||||
|
||||
@@ -99,6 +99,17 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos
|
||||
if host == "docker.io" {
|
||||
hosts[len(hosts)-1].scheme = "https"
|
||||
hosts[len(hosts)-1].host = "registry-1.docker.io"
|
||||
} else if docker.IsLocalhost(host) {
|
||||
hosts[len(hosts)-1].host = host
|
||||
if options.DefaultScheme == "" || options.DefaultScheme == "http" {
|
||||
hosts[len(hosts)-1].scheme = "http"
|
||||
|
||||
// Skipping TLS verification for localhost
|
||||
var skipVerify = true
|
||||
hosts[len(hosts)-1].skipVerify = &skipVerify
|
||||
} else {
|
||||
hosts[len(hosts)-1].scheme = options.DefaultScheme
|
||||
}
|
||||
} else {
|
||||
hosts[len(hosts)-1].host = host
|
||||
if options.DefaultScheme != "" {
|
||||
|
||||
@@ -21,6 +21,7 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"path"
|
||||
@@ -667,3 +668,17 @@ func responseFields(resp *http.Response) logrus.Fields {
|
||||
|
||||
return logrus.Fields(fields)
|
||||
}
|
||||
|
||||
// IsLocalhost checks if the registry host is local.
|
||||
func IsLocalhost(host string) bool {
|
||||
if h, _, err := net.SplitHostPort(host); err == nil {
|
||||
host = h
|
||||
}
|
||||
|
||||
if host == "localhost" {
|
||||
return true
|
||||
}
|
||||
|
||||
ip := net.ParseIP(host)
|
||||
return ip.IsLoopback()
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user