feat: expose ssl_protocols from nginx configuration in harbor.yml

[malmor]

Thank you for contributing to Harbor!

Comprehensive Summary of your change

This PR adds ssl_protocols as a new configuration option to harbor.yml. This allows users to customize the nginx protocols - by default both TLSv1.2 and TLSv1.3 will be allowed, but one can restrict this to TLSv1.3 only.

There is no need to update the ssl_ciphers based on the configured ssl_protocols because nginx automatically disables unsupported ciphers. I tested the following combinations in a local nginx instance:

• (Default) Neither ssl_protocols nor strong_ssl_ciphers configured - both protocols and all ciphers will be accepted
• ssl_protocols unset, strong_ssl_ciphers enabled - both protocols will be accepted, with a restricted list of ciphers
• ssl_protocols set to TLSv1.3, strong_ssl_ciphers disabled - only TLSv1.3 connections will be accepted
• ssl_protocols set to TLSv1.3, strong_ssl_ciphers enabled - only TLSv1.3 connections will be accepted

Issue being fixed

Fixes #20627

Please indicate you've done the following:

• Well Written Title and Summary of the PR
• Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
• Accepted the DCO. Commits without the DCO will delay acceptance.
• Made sure tests are passing and test coverage is added if needed.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.22%. Comparing base (b7b8847) to head (2ee5dc6).
Report is 230 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #20637      +/-   ##
==========================================
- Coverage   67.56%   66.22%   -1.35%     
==========================================
  Files         991     1045      +54     
  Lines      109181   113476    +4295     
  Branches     2719     2845     +126     
==========================================
+ Hits        73768    75149    +1381     
- Misses      31449    34219    +2770     
- Partials     3964     4108     +144     

Flag	Coverage Δ
unittests	66.22% <ø> (-1.35%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 572 files with indirect coverage changes

[malmor]

The pipeline failures seem unrelated to the changes, not sure if I can fix them.

[MinerYang]

Hi @malmor ,

We appreciate your contribution and understood your requirements. However we would like to keep the harbor.yml file as simple as possible for most of the offline-installer users. So we'll hold this PR for a while to see if there's more requirements on this config.

As a workaround, you could change the config file manually then 'docker compose up -d' to meet the purpose.

Best,
Miner

[malmor]

Hey @MinerYang,
thank you for the response - I understand ����