vendor/github.com/docker/distribution/contrib/apache/apache.conf - cloudstack-kubernetes-provider - Git at Google

 #
 # Sample Apache 2.x configuration where :
 #

 <VirtualHost *:80>

   ServerName registry.example.com
   ServerAlias www.registry.example.com

   ProxyRequests     off
   ProxyPreserveHost on

   # no proxy for /error/ (Apache HTTPd errors messages)
   ProxyPass /error/ !

   ProxyPass        /_ping http://localhost:5001/_ping
   ProxyPassReverse /_ping http://localhost:5001/_ping

   ProxyPass        /v1 http://localhost:5001/v1
   ProxyPassReverse /v1 http://localhost:5001/v1

   # Logs
   ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
   CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog

 </VirtualHost>


 <VirtualHost *:443>

   ServerName registry.example.com
   ServerAlias www.registry.example.com

   SSLEngine on
   SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
   SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key

   # Higher Strength SSL Ciphers
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1
   SSLCipherSuite RC4-SHA:HIGH
   SSLHonorCipherOrder on

   # Logs
   ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
   CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog

   Header always set "Docker-Distribution-Api-Version" "registry/2.0"
   Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
   RequestHeader set X-Forwarded-Proto "https"

   ProxyRequests     off
   ProxyPreserveHost on

   # no proxy for /error/ (Apache HTTPd errors messages)
   ProxyPass /error/ !

   #
   # Registry v1
   #

   ProxyPass        /v1 http://localhost:5000/v1
   ProxyPassReverse /v1 http://localhost:5000/v1

   ProxyPass        /_ping http://localhost:5000/_ping
   ProxyPassReverse /_ping http://localhost:5000/_ping

   # Authentication require for push
   <Location /v1>
     Order deny,allow
     Allow from all
     AuthName "Registry Authentication"
     AuthType basic
     AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"

     # Read access to authentified users
     <Limit GET HEAD>
       Require valid-user
     </Limit>

     # Write access to docker-deployer account only
     <Limit POST PUT DELETE>
       Require user docker-deployer
     </Limit>

   </Location>

   # Allow ping to run unauthenticated.
   <Location /v1/_ping>
     Satisfy any
     Allow from all
   </Location>

   # Allow ping to run unauthenticated.
   <Location /_ping>
     Satisfy any
     Allow from all
   </Location>

   #
   # Registry v2
   #

   ProxyPass        /v2 http://localhost:5002/v2
   ProxyPassReverse /v2 http://localhost:5002/v2

   <Location /v2>
     Order deny,allow
     Allow from all
     AuthName "Registry Authentication"
     AuthType basic
     AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"

     # Read access to authentified users
     <Limit GET HEAD>
       Require valid-user
     </Limit>

     # Write access to docker-deployer only
     <Limit POST PUT DELETE>
       Require user docker-deployer
     </Limit>

   </Location>


 </VirtualHost>
	#
	# Sample Apache 2.x configuration where :
	#

	<VirtualHost *:80>

	ServerName registry.example.com
	ServerAlias www.registry.example.com

	ProxyRequests off
	ProxyPreserveHost on

	# no proxy for /error/ (Apache HTTPd errors messages)
	ProxyPass /error/ !

	ProxyPass /_ping http://localhost:5001/_ping
	ProxyPassReverse /_ping http://localhost:5001/_ping

	ProxyPass /v1 http://localhost:5001/v1
	ProxyPassReverse /v1 http://localhost:5001/v1

	# Logs
	ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
	CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog

	</VirtualHost>


	<VirtualHost *:443>

	ServerName registry.example.com
	ServerAlias www.registry.example.com

	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
	SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key

	# Higher Strength SSL Ciphers
	SSLProtocol all -SSLv2 -SSLv3 -TLSv1
	SSLCipherSuite RC4-SHA:HIGH
	SSLHonorCipherOrder on

	# Logs
	ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
	CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog

	Header always set "Docker-Distribution-Api-Version" "registry/2.0"
	Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
	RequestHeader set X-Forwarded-Proto "https"

	ProxyRequests off
	ProxyPreserveHost on

	# no proxy for /error/ (Apache HTTPd errors messages)
	ProxyPass /error/ !

	#
	# Registry v1
	#

	ProxyPass /v1 http://localhost:5000/v1
	ProxyPassReverse /v1 http://localhost:5000/v1

	ProxyPass /_ping http://localhost:5000/_ping
	ProxyPassReverse /_ping http://localhost:5000/_ping

	# Authentication require for push
	<Location /v1>
	Order deny,allow
	Allow from all
	AuthName "Registry Authentication"
	AuthType basic
	AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"

	# Read access to authentified users
	<Limit GET HEAD>
	Require valid-user
	</Limit>

	# Write access to docker-deployer account only
	<Limit POST PUT DELETE>
	Require user docker-deployer
	</Limit>

	</Location>

	# Allow ping to run unauthenticated.
	<Location /v1/_ping>
	Satisfy any
	Allow from all
	</Location>

	# Allow ping to run unauthenticated.
	<Location /_ping>
	Satisfy any
	Allow from all
	</Location>

	#
	# Registry v2
	#

	ProxyPass /v2 http://localhost:5002/v2
	ProxyPassReverse /v2 http://localhost:5002/v2

	<Location /v2>
	Order deny,allow
	Allow from all
	AuthName "Registry Authentication"
	AuthType basic
	AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"

	# Read access to authentified users
	<Limit GET HEAD>
	Require valid-user
	</Limit>

	# Write access to docker-deployer only
	<Limit POST PUT DELETE>
	Require user docker-deployer
	</Limit>

	</Location>


	</VirtualHost>