enable-gzip

Signed-off-by: Kay Yan <kay.yan@daocloud.io> Improve swagger descriptions (without changing security settings) (goharbor#18205) * Improve swagger definitions. References goharbor#15624 Remove chartmuseum test case (goharbor#18267) Harbor deprecates chartmuseum as of v2.8.0 Epic: goharbor#17958 Discussion: goharbor#15057 Signed-off-by: Yang Jiao <jiaoya@vmware.com> Remove chart api (goharbor#18265) * remove chart api from swagger Delete the api path for chart in the swagger Signed-off-by: Wang Yan <wangyan@vmware.com> * Remove chart APIs 1. Remove some chart-related steps for Dockerfile for portal container 2. Remove chart APIs for API center Signed-off-by: AllForNothing <sshijun@vmware.com> --------- Signed-off-by: Wang Yan <wangyan@vmware.com> Signed-off-by: AllForNothing <sshijun@vmware.com> Co-authored-by: Wang Yan <wangyan@vmware.com> Sort user and usergroup by most match order (goharbor#18273) fixes goharbor#17859 Signed-off-by: stonezdj <daojunz@vmware.com> Update the replication rule related to the Chartmuseum (goharbor#18274) Update the registry and replication rule related to the Chartmuseum Update replication_policy and registry as Harbor v2.8.0 deprecates chartmuseum. Harbor deprecates chartmuseum as of v2.8.0 Epic: goharbor#17958 Discussion: goharbor#15057 Signed-off-by: Yang Jiao <jiaoya@vmware.com> refactor: refact the webhook API and life process (goharbor#18255) refactor: refact the notification job API and life process 1. Introduce new APIs for webhook jobs management. 2. Refact legacy APIs for backforward compatible. 3. Migrate the webhook jobs process to unified execution/task framework. Closes: goharbor#18210 Signed-off-by: chlins <chenyuzh@vmware.com> Add retry times for calling CVE data export execution list API (goharbor#18297) 1.Fixes goharbor#17879 2.Add retry times to avoid endless API calls for CVE data export execution list API Signed-off-by: AllForNothing <sshijun@vmware.com> Get job log by job_id in worker (goharbor#18261) Get job by job_id in redis Get the last 10MB of data if it exceeds 10MB Signed-off-by: stonezdj <daojunz@vmware.com> Enhance webhook UI (goharbor#18291) 1. Add execution list for a certain webhook policy 2. Add task list for a certain execution Signed-off-by: AllForNothing <sshijun@vmware.com> Update UI for the deprecation of Artifact Hub (goharbor#18303) 1. Update edit-registry page to enable the edition for Artifact Hub 2. Update edit-replication-rule page to enable the edition for rules contain Artifact Hub Signed-off-by: AllForNothing <sshijun@vmware.com> Add logs column for worker datagrid (goharbor#18307) 1. Related back-end PR goharbor#18261 Signed-off-by: AllForNothing <sshijun@vmware.com>
yankay · Mar 8, 2023 · 9791c35 · 9791c35
1 parent 1238384
commit 9791c35
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 2 deletions.
diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl
@@ -8,6 +8,7 @@ hostname: reg.mydomain.com
 http:
   # port for http, default is 80. If https enabled, this port will redirect to https port
   port: 80
+  gzip_enabled: false
 
 # https related config
 https:
@@ -16,6 +17,7 @@ https:
   # The path of cert and key files for nginx
   certificate: /your/certificate/path
   private_key: /your/private/key/path
+  gzip_enabled: false
 
 # # Uncomment following will enable tls communication between all harbor components
 # internal_tls:

diff --git a/make/photon/prepare/templates/nginx/nginx.http.conf.jinja b/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
@@ -59,6 +59,14 @@ http {
     # customized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
     include /etc/nginx/conf.d/harbor.http.*.conf;
 
+{% if gzip_enabled %}
+    # enable gzip
+    gzip on;
+    gzip_min_length 1000;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-yaml text/x-yaml;
+{% endif %}
+
     location / {
 {% if internal_tls.enabled %}
       proxy_pass https://portal/;

diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -77,6 +77,14 @@ http {
     # customized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf
     include /etc/nginx/conf.d/harbor.https.*.conf;
 
+{% if gzip_enabled %}
+    # enable gzip
+    gzip on;
+    gzip_min_length 1000;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-yaml text/x-yaml;
+{% endif %}
+
     location / {
 {% if internal_tls.enabled %}
       proxy_pass https://portal/;

diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py
@@ -123,13 +123,15 @@ def parse_yaml_config(config_file_path, with_notary, with_trivy):
     config_dict['protocol'] = 'http'
     http_config = configs.get('http') or {}
     config_dict['http_port'] = http_config.get('port', 80)
+    config_dict['http_gzip_enabled'] = http_config.get('gzip_enabled', False)
 
     https_config = configs.get('https')
     if https_config:
         config_dict['protocol'] = 'https'
         config_dict['https_port'] = https_config.get('port', 443)
         config_dict['cert_path'] = https_config["certificate"]
         config_dict['cert_key_path'] = https_config["private_key"]
+        config_dict['https_gzip_enabled'] = http_config.get('gzip_enabled', False)
 
     if configs.get('external_url'):
         config_dict['public_url'] = configs.get('external_url')

diff --git a/make/photon/prepare/utils/nginx.py b/make/photon/prepare/utils/nginx.py
@@ -63,7 +63,8 @@ def render_nginx_template(config_dict):
             ssl_cert=SSL_CERT_PATH,
             ssl_cert_key=SSL_CERT_KEY_PATH,
             internal_tls=config_dict['internal_tls'],
-            metric=config_dict['metric'])
+            metric=config_dict['metric'],
+            gzip_enabled=config_dict['https_gzip_enabled'])
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS
 
     else:
@@ -73,7 +74,8 @@ def render_nginx_template(config_dict):
             uid=DEFAULT_UID,
             gid=DEFAULT_GID,
             internal_tls=config_dict['internal_tls'],
-            metric=config_dict['metric'])
+            metric=config_dict['metric'],
+            gzip_enabled=config_dict['https_gzip_enabled'])
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTP
     copy_nginx_location_configs_if_exist(nginx_template_ext_dir, nginx_confd_dir, location_file_pattern)