When using S3 as storage backend, why do need to allow s3 urls in external firewalls to download from the registry

[nevotheless]

Howdy, we're using harbor as a public registry for our customers to receive software images from. Harbor works very well but has one little flaw when using s3 as a storage backend.

Customers need to not only allow access to our registry url but the aws s3 endpoint urls as well. I wanted to know if there's another mode where harbor doesn't redirect the artifact urls to the direct s3 url and instead would kinda mask it so only the registry url would need to be whitelisted in a customers firewall?

Thanks in advance.

[zyyw]

unfortunately, when setting s3 as the storage backend, Harbor requires to set the redirect configuration. This comment may provide us with more details on this.

https://github.com/goharbor/harbor-helm/blob/67eabb4251a217ccb549d5a25f0c167ee17cdee1/values.yaml#L236-L242