1# 2# Sample Apache 2.x configuration where : 3# 4 5<VirtualHost *:80> 6 7 ServerName registry.example.com 8 ServerAlias www.registry.example.com 9 10 ProxyRequests off 11 ProxyPreserveHost on 12 13 # no proxy for /error/ (Apache HTTPd errors messages) 14 ProxyPass /error/ ! 15 16 ProxyPass /_ping http://localhost:5001/_ping 17 ProxyPassReverse /_ping http://localhost:5001/_ping 18 19 ProxyPass /v1 http://localhost:5001/v1 20 ProxyPassReverse /v1 http://localhost:5001/v1 21 22 # Logs 23 ErrorLog ${APACHE_LOG_DIR}/mirror_error_log 24 CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog 25 26</VirtualHost> 27 28 29<VirtualHost *:443> 30 31 ServerName registry.example.com 32 ServerAlias www.registry.example.com 33 34 SSLEngine on 35 SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt 36 SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key 37 38 # Higher Strength SSL Ciphers 39 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 40 SSLCipherSuite RC4-SHA:HIGH 41 SSLHonorCipherOrder on 42 43 # Logs 44 ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log 45 CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog 46 47 Header always set "Docker-Distribution-Api-Version" "registry/2.0" 48 Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0" 49 RequestHeader set X-Forwarded-Proto "https" 50 51 ProxyRequests off 52 ProxyPreserveHost on 53 54 # no proxy for /error/ (Apache HTTPd errors messages) 55 ProxyPass /error/ ! 56 57 # 58 # Registry v1 59 # 60 61 ProxyPass /v1 http://localhost:5000/v1 62 ProxyPassReverse /v1 http://localhost:5000/v1 63 64 ProxyPass /_ping http://localhost:5000/_ping 65 ProxyPassReverse /_ping http://localhost:5000/_ping 66 67 # Authentication require for push 68 <Location /v1> 69 Order deny,allow 70 Allow from all 71 AuthName "Registry Authentication" 72 AuthType basic 73 AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" 74 75 # Read access to authentified users 76 <Limit GET HEAD> 77 Require valid-user 78 </Limit> 79 80 # Write access to docker-deployer account only 81 <Limit POST PUT DELETE> 82 Require user docker-deployer 83 </Limit> 84 85 </Location> 86 87 # Allow ping to run unauthenticated. 88 <Location /v1/_ping> 89 Satisfy any 90 Allow from all 91 </Location> 92 93 # Allow ping to run unauthenticated. 94 <Location /_ping> 95 Satisfy any 96 Allow from all 97 </Location> 98 99 # 100 # Registry v2 101 # 102 103 ProxyPass /v2 http://localhost:5002/v2 104 ProxyPassReverse /v2 http://localhost:5002/v2 105 106 <Location /v2> 107 Order deny,allow 108 Allow from all 109 AuthName "Registry Authentication" 110 AuthType basic 111 AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" 112 113 # Read access to authentified users 114 <Limit GET HEAD> 115 Require valid-user 116 </Limit> 117 118 # Write access to docker-deployer only 119 <Limit POST PUT DELETE> 120 Require user docker-deployer 121 </Limit> 122 123 </Location> 124 125 126</VirtualHost> 127 128