From 65c712a1a3f433429ab160a69a9fb0aa41cb2217 Mon Sep 17 00:00:00 2001
From: msc-xdev <m.schiener@xdev-software.de>
Date: Tue, 27 Aug 2024 10:07:00 +0200
Subject: [PATCH 1/3] conditionally enable ipv6 listen directives in nginx
 configs

Signed-off-by: msc-xdev <m.schiener@xdev-software.de>
---
 .../prepare/templates/nginx/nginx.http.conf.jinja      | 10 ++++++++++
 .../prepare/templates/nginx/nginx.https.conf.jinja     | 10 ++++++++++
 make/photon/prepare/templates/portal/nginx.conf.jinja  |  5 +++++
 3 files changed, 25 insertions(+)

diff --git a/make/photon/prepare/templates/nginx/nginx.http.conf.jinja b/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
index 7e55e72ded9..caddc184e6c 100644
--- a/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
+++ b/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
@@ -47,7 +47,12 @@ http {
   }
 
   server {
+    {% if ip_family.ipv4.enabled %}
     listen 8080;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
+    listen [::]:8080;
+    {% endif %}
     server_tokens off;
     # disable any limits to avoid HTTP 413 for large image uploads
     client_max_body_size 0;
@@ -200,7 +205,12 @@ http {
   }
 
   server {
+    {% if ip_family.ipv4.enabled %}
     listen 9090;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
+    listen [::]:9090;
+    {% endif %}
     location = /metrics {
       if ($arg_comp = core) { proxy_pass http://core_metrics; }
       if ($arg_comp = jobservice) { proxy_pass http://js_metrics; }
diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
index 6fa2bae788e..24418500742 100644
--- a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
+++ b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -214,7 +214,12 @@ http {
     }
   }
   server {
+      {% if ip_family.ipv4.enabled %}
       listen 8080;
+      {% endif %}
+      {% if ip_family.ipv6.enabled %}
+      listen [::]:8080;
+      {% endif %}
       #server_name harbordomain.com;
       return 308 https://{{https_redirect}}$request_uri;
   }
@@ -236,7 +241,12 @@ http {
   }
 
   server {
+    {% if ip_family.ipv4.enabled %}
     listen 9090;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
+    listen [::]:9090;
+    {% endif %}
     location = {{ metric.path }} {
       if ($arg_comp = core) { proxy_pass http://core_metrics; }
       if ($arg_comp = jobservice) { proxy_pass http://js_metrics; }
diff --git a/make/photon/prepare/templates/portal/nginx.conf.jinja b/make/photon/prepare/templates/portal/nginx.conf.jinja
index 85a68a094cc..6a986ce604c 100644
--- a/make/photon/prepare/templates/portal/nginx.conf.jinja
+++ b/make/photon/prepare/templates/portal/nginx.conf.jinja
@@ -36,7 +36,12 @@ http {
         ssl_prefer_server_ciphers on;
         ssl_session_cache shared:SSL:10m;
 {% else %}
+    {% if ip_family.ipv4.enabled %}
         listen 8080;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
+        listen [::]:8080;
+    {% endif %}
 {% endif %}
         server_name  localhost;
 

From 4052e858d33165a4ae552a14173d678c1d9ec67e Mon Sep 17 00:00:00 2001
From: msc-xdev <m.schiener@xdev-software.de>
Date: Tue, 27 Aug 2024 11:05:04 +0200
Subject: [PATCH 2/3] conditionally enable ipv6 in the docker-compose.yml

Signed-off-by: msc-xdev <m.schiener@xdev-software.de>
---
 .../templates/docker_compose/docker-compose.yml.jinja    | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
index 0ccf1ace524..a7819fcf5f0 100644
--- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
+++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
@@ -314,6 +314,9 @@ services:
 {% endif %}
     networks:
       - harbor
+      {% if ip_family.ipv6.enabled %}
+      - harbor_ipv6
+      {% endif %}
     ports:
       - {{http_port}}:8080
 {% if protocol == 'https' %}
@@ -399,4 +402,8 @@ services:
 networks:
   harbor:
     external: false
-
+  {% if ip_family.ipv6.enabled %}
+  harbor_ipv6:
+    external: false
+    enable_ipv6: true
+  {% endif %}

From 5c2efb402010517b6166823fd83e417ee42a6f31 Mon Sep 17 00:00:00 2001
From: msc-xdev <m.schiener@xdev-software.de>
Date: Mon, 2 Sep 2024 14:18:50 +0200
Subject: [PATCH 3/3] make tests pass

Signed-off-by: msc-xdev <m.schiener@xdev-software.de>
---
 make/photon/prepare/utils/docker_compose.py | 1 +
 make/photon/prepare/utils/nginx.py          | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/make/photon/prepare/utils/docker_compose.py b/make/photon/prepare/utils/docker_compose.py
index c1c11116174..7006c91b6d5 100644
--- a/make/photon/prepare/utils/docker_compose.py
+++ b/make/photon/prepare/utils/docker_compose.py
@@ -23,6 +23,7 @@ def prepare_docker_compose(configs, with_trivy):
         'http_port': configs['http_port'],
         'external_redis': configs['external_redis'],
         'external_database': configs['external_database'],
+        'ip_family': configs['ip_family'],
         'with_trivy': with_trivy,
     }
 
diff --git a/make/photon/prepare/utils/nginx.py b/make/photon/prepare/utils/nginx.py
index 2872bafbe7c..daea010e9c4 100644
--- a/make/photon/prepare/utils/nginx.py
+++ b/make/photon/prepare/utils/nginx.py
@@ -75,7 +75,8 @@ def render_nginx_template(config_dict):
             uid=DEFAULT_UID,
             gid=DEFAULT_GID,
             internal_tls=config_dict['internal_tls'],
-            metric=config_dict['metric'])
+            metric=config_dict['metric'],
+            ip_family=config_dict['ip_family'])
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTP
     copy_nginx_location_configs_if_exist(nginx_template_ext_dir, nginx_confd_dir, location_file_pattern)