1#
2# Sample Apache 2.x configuration where :
3#
4
5<VirtualHost *:80>
6
7  ServerName registry.example.com
8  ServerAlias www.registry.example.com
9
10  ProxyRequests     off
11  ProxyPreserveHost on
12
13  # no proxy for /error/ (Apache HTTPd errors messages)
14  ProxyPass /error/ !
15
16  ProxyPass        /_ping http://localhost:5001/_ping
17  ProxyPassReverse /_ping http://localhost:5001/_ping
18
19  ProxyPass        /v1 http://localhost:5001/v1
20  ProxyPassReverse /v1 http://localhost:5001/v1
21
22  # Logs
23  ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
24  CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog
25
26</VirtualHost>
27
28
29<VirtualHost *:443>
30
31  ServerName registry.example.com
32  ServerAlias www.registry.example.com
33
34  SSLEngine on
35  SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
36  SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key
37
38  # Higher Strength SSL Ciphers
39  SSLProtocol all -SSLv2 -SSLv3 -TLSv1
40  SSLCipherSuite RC4-SHA:HIGH
41  SSLHonorCipherOrder on
42
43  # Logs
44  ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
45  CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
46
47  Header always set "Docker-Distribution-Api-Version" "registry/2.0"
48  Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
49  RequestHeader set X-Forwarded-Proto "https"
50
51  ProxyRequests     off
52  ProxyPreserveHost on
53
54  # no proxy for /error/ (Apache HTTPd errors messages)
55  ProxyPass /error/ !
56
57  #
58  # Registry v1
59  #
60
61  ProxyPass        /v1 http://localhost:5000/v1
62  ProxyPassReverse /v1 http://localhost:5000/v1
63
64  ProxyPass        /_ping http://localhost:5000/_ping
65  ProxyPassReverse /_ping http://localhost:5000/_ping
66
67  # Authentication require for push
68  <Location /v1>
69    Order deny,allow
70    Allow from all
71    AuthName "Registry Authentication"
72    AuthType basic
73    AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
74
75    # Read access to authentified users
76    <Limit GET HEAD>
77      Require valid-user
78    </Limit>
79
80    # Write access to docker-deployer account only
81    <Limit POST PUT DELETE>
82      Require user docker-deployer
83    </Limit>
84
85  </Location>
86
87  # Allow ping to run unauthenticated.
88  <Location /v1/_ping>
89    Satisfy any
90    Allow from all
91  </Location>
92
93  # Allow ping to run unauthenticated.
94  <Location /_ping>
95    Satisfy any
96    Allow from all
97  </Location>
98
99  #
100  # Registry v2
101  #
102
103  ProxyPass        /v2 http://localhost:5002/v2
104  ProxyPassReverse /v2 http://localhost:5002/v2
105
106  <Location /v2>
107    Order deny,allow
108    Allow from all
109    AuthName "Registry Authentication"
110    AuthType basic
111    AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
112
113    # Read access to authentified users
114    <Limit GET HEAD>
115      Require valid-user
116    </Limit>
117
118    # Write access to docker-deployer only
119    <Limit POST PUT DELETE>
120      Require user docker-deployer
121    </Limit>
122
123  </Location>
124
125
126</VirtualHost>
127
128