| # |
| # Sample Apache 2.x configuration where : |
| # |
| |
| <VirtualHost *:80> |
| |
| ServerName registry.example.com |
| ServerAlias www.registry.example.com |
| |
| ProxyRequests off |
| ProxyPreserveHost on |
| |
| # no proxy for /error/ (Apache HTTPd errors messages) |
| ProxyPass /error/ ! |
| |
| ProxyPass /_ping http://localhost:5001/_ping |
| ProxyPassReverse /_ping http://localhost:5001/_ping |
| |
| ProxyPass /v1 http://localhost:5001/v1 |
| ProxyPassReverse /v1 http://localhost:5001/v1 |
| |
| # Logs |
| ErrorLog ${APACHE_LOG_DIR}/mirror_error_log |
| CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog |
| |
| </VirtualHost> |
| |
| |
| <VirtualHost *:443> |
| |
| ServerName registry.example.com |
| ServerAlias www.registry.example.com |
| |
| SSLEngine on |
| SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt |
| SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key |
| |
| # Higher Strength SSL Ciphers |
| SSLProtocol all -SSLv2 -SSLv3 -TLSv1 |
| SSLCipherSuite RC4-SHA:HIGH |
| SSLHonorCipherOrder on |
| |
| # Logs |
| ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log |
| CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog |
| |
| Header always set "Docker-Distribution-Api-Version" "registry/2.0" |
| Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0" |
| RequestHeader set X-Forwarded-Proto "https" |
| |
| ProxyRequests off |
| ProxyPreserveHost on |
| |
| # no proxy for /error/ (Apache HTTPd errors messages) |
| ProxyPass /error/ ! |
| |
| # |
| # Registry v1 |
| # |
| |
| ProxyPass /v1 http://localhost:5000/v1 |
| ProxyPassReverse /v1 http://localhost:5000/v1 |
| |
| ProxyPass /_ping http://localhost:5000/_ping |
| ProxyPassReverse /_ping http://localhost:5000/_ping |
| |
| # Authentication require for push |
| <Location /v1> |
| Order deny,allow |
| Allow from all |
| AuthName "Registry Authentication" |
| AuthType basic |
| AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" |
| |
| # Read access to authentified users |
| <Limit GET HEAD> |
| Require valid-user |
| </Limit> |
| |
| # Write access to docker-deployer account only |
| <Limit POST PUT DELETE> |
| Require user docker-deployer |
| </Limit> |
| |
| </Location> |
| |
| # Allow ping to run unauthenticated. |
| <Location /v1/_ping> |
| Satisfy any |
| Allow from all |
| </Location> |
| |
| # Allow ping to run unauthenticated. |
| <Location /_ping> |
| Satisfy any |
| Allow from all |
| </Location> |
| |
| # |
| # Registry v2 |
| # |
| |
| ProxyPass /v2 http://localhost:5002/v2 |
| ProxyPassReverse /v2 http://localhost:5002/v2 |
| |
| <Location /v2> |
| Order deny,allow |
| Allow from all |
| AuthName "Registry Authentication" |
| AuthType basic |
| AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" |
| |
| # Read access to authentified users |
| <Limit GET HEAD> |
| Require valid-user |
| </Limit> |
| |
| # Write access to docker-deployer only |
| <Limit POST PUT DELETE> |
| Require user docker-deployer |
| </Limit> |
| |
| </Location> |
| |
| |
| </VirtualHost> |
| |