1#
2# Sample Apache 2.x configuration where :
3#
4
5<VirtualHost *:80>
6
7 ServerName registry.example.com
8 ServerAlias www.registry.example.com
9
10 ProxyRequests off
11 ProxyPreserveHost on
12
13 # no proxy for /error/ (Apache HTTPd errors messages)
14 ProxyPass /error/ !
15
16 ProxyPass /_ping http://localhost:5001/_ping
17 ProxyPassReverse /_ping http://localhost:5001/_ping
18
19 ProxyPass /v1 http://localhost:5001/v1
20 ProxyPassReverse /v1 http://localhost:5001/v1
21
22 # Logs
23 ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
24 CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog
25
26</VirtualHost>
27
28
29<VirtualHost *:443>
30
31 ServerName registry.example.com
32 ServerAlias www.registry.example.com
33
34 SSLEngine on
35 SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
36 SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key
37
38 # Higher Strength SSL Ciphers
39 SSLProtocol all -SSLv2 -SSLv3 -TLSv1
40 SSLCipherSuite RC4-SHA:HIGH
41 SSLHonorCipherOrder on
42
43 # Logs
44 ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
45 CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
46
47 Header always set "Docker-Distribution-Api-Version" "registry/2.0"
48 Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
49 RequestHeader set X-Forwarded-Proto "https"
50
51 ProxyRequests off
52 ProxyPreserveHost on
53
54 # no proxy for /error/ (Apache HTTPd errors messages)
55 ProxyPass /error/ !
56
57 #
58 # Registry v1
59 #
60
61 ProxyPass /v1 http://localhost:5000/v1
62 ProxyPassReverse /v1 http://localhost:5000/v1
63
64 ProxyPass /_ping http://localhost:5000/_ping
65 ProxyPassReverse /_ping http://localhost:5000/_ping
66
67 # Authentication require for push
68 <Location /v1>
69 Order deny,allow
70 Allow from all
71 AuthName "Registry Authentication"
72 AuthType basic
73 AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
74
75 # Read access to authentified users
76 <Limit GET HEAD>
77 Require valid-user
78 </Limit>
79
80 # Write access to docker-deployer account only
81 <Limit POST PUT DELETE>
82 Require user docker-deployer
83 </Limit>
84
85 </Location>
86
87 # Allow ping to run unauthenticated.
88 <Location /v1/_ping>
89 Satisfy any
90 Allow from all
91 </Location>
92
93 # Allow ping to run unauthenticated.
94 <Location /_ping>
95 Satisfy any
96 Allow from all
97 </Location>
98
99 #
100 # Registry v2
101 #
102
103 ProxyPass /v2 http://localhost:5002/v2
104 ProxyPassReverse /v2 http://localhost:5002/v2
105
106 <Location /v2>
107 Order deny,allow
108 Allow from all
109 AuthName "Registry Authentication"
110 AuthType basic
111 AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
112
113 # Read access to authentified users
114 <Limit GET HEAD>
115 Require valid-user
116 </Limit>
117
118 # Write access to docker-deployer only
119 <Limit POST PUT DELETE>
120 Require user docker-deployer
121 </Limit>
122
123 </Location>
124
125
126</VirtualHost>
127
View as plain text