2015-04-24 09:50:05 +02:00
|
|
|
|
#
|
|
|
|
|
# Sample Apache 2.x configuration where :
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
<VirtualHost *:80>
|
|
|
|
|
|
|
|
|
|
ServerName registry.example.com
|
|
|
|
|
ServerAlias www.registry.example.com
|
|
|
|
|
|
|
|
|
|
ProxyRequests off
|
|
|
|
|
ProxyPreserveHost on
|
|
|
|
|
|
|
|
|
|
# no proxy for /error/ (Apache HTTPd errors messages)
|
|
|
|
|
ProxyPass /error/ !
|
|
|
|
|
|
|
|
|
|
ProxyPass /_ping http://localhost:5001/_ping
|
|
|
|
|
ProxyPassReverse /_ping http://localhost:5001/_ping
|
|
|
|
|
|
|
|
|
|
ProxyPass /v1 http://localhost:5001/v1
|
|
|
|
|
ProxyPassReverse /v1 http://localhost:5001/v1
|
|
|
|
|
|
|
|
|
|
# Logs
|
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
|
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog
|
|
|
|
|
|
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
|
|
|
|
|
|
|
|
|
ServerName registry.example.com
|
|
|
|
|
ServerAlias www.registry.example.com
|
|
|
|
|
|
|
|
|
|
SSLEngine on
|
|
|
|
|
SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
|
|
|
|
|
SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key
|
|
|
|
|
|
|
|
|
|
# Higher Strength SSL Ciphers
|
|
|
|
|
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
|
|
|
|
|
SSLCipherSuite RC4-SHA:HIGH
|
|
|
|
|
SSLHonorCipherOrder on
|
|
|
|
|
|
|
|
|
|
# Logs
|
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
|
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
|
|
|
|
|
|
2015-05-04 22:09:58 +02:00
|
|
|
|
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
|
|
|
|
|
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
|
2015-04-24 09:50:05 +02:00
|
|
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
|
|
|
|
|
|
|
|
ProxyRequests off
|
|
|
|
|
ProxyPreserveHost on
|
|
|
|
|
|
|
|
|
|
# no proxy for /error/ (Apache HTTPd errors messages)
|
|
|
|
|
ProxyPass /error/ !
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Registry v1
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
ProxyPass /v1 http://localhost:5000/v1
|
|
|
|
|
ProxyPassReverse /v1 http://localhost:5000/v1
|
|
|
|
|
|
|
|
|
|
ProxyPass /_ping http://localhost:5000/_ping
|
|
|
|
|
ProxyPassReverse /_ping http://localhost:5000/_ping
|
|
|
|
|
|
|
|
|
|
# Authentication require for push
|
|
|
|
|
<Location /v1>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Allow from all
|
|
|
|
|
AuthName "Registry Authentication"
|
|
|
|
|
AuthType basic
|
|
|
|
|
AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
|
|
|
|
|
|
|
|
|
|
# Read access to authentified users
|
|
|
|
|
<Limit GET HEAD>
|
|
|
|
|
Require valid-user
|
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
|
|
# Write access to docker-deployer account only
|
|
|
|
|
<Limit POST PUT DELETE>
|
|
|
|
|
Require user docker-deployer
|
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
|
|
</Location>
|
|
|
|
|
|
|
|
|
|
# Allow ping to run unauthenticated.
|
|
|
|
|
<Location /v1/_ping>
|
|
|
|
|
Satisfy any
|
|
|
|
|
Allow from all
|
|
|
|
|
</Location>
|
|
|
|
|
|
|
|
|
|
# Allow ping to run unauthenticated.
|
|
|
|
|
<Location /_ping>
|
|
|
|
|
Satisfy any
|
|
|
|
|
Allow from all
|
|
|
|
|
</Location>
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Registry v2
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
ProxyPass /v2 http://localhost:5002/v2
|
|
|
|
|
ProxyPassReverse /v2 http://localhost:5002/v2
|
|
|
|
|
|
|
|
|
|
<Location /v2>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
Allow from all
|
|
|
|
|
AuthName "Registry Authentication"
|
|
|
|
|
AuthType basic
|
|
|
|
|
AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
|
|
|
|
|
|
|
|
|
|
# Read access to authentified users
|
|
|
|
|
<Limit GET HEAD>
|
|
|
|
|
Require valid-user
|
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
|
|
# Write access to docker-deployer only
|
|
|
|
|
<Limit POST PUT DELETE>
|
|
|
|
|
Require user docker-deployer
|
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
|
|
</Location>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</VirtualHost>
|
|
|
|
|
|