github.com/lusis/distribution@v2.0.1+incompatible/contrib/apache/apache.conf (about)

     1  #
     2  # Sample Apache 2.x configuration where : 
     3  #
     4  
     5  <VirtualHost *:80>
     6           
     7    ServerName registry.example.com
     8    ServerAlias www.registry.example.com
     9  
    10    ProxyRequests     off
    11    ProxyPreserveHost on
    12  
    13    # no proxy for /error/ (Apache HTTPd errors messages)
    14    ProxyPass /error/ !
    15  
    16    ProxyPass        /_ping http://localhost:5001/_ping
    17    ProxyPassReverse /_ping http://localhost:5001/_ping
    18  
    19    ProxyPass        /v1 http://localhost:5001/v1
    20    ProxyPassReverse /v1 http://localhost:5001/v1
    21  
    22    # Logs
    23    ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
    24    CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog
    25  
    26  </VirtualHost>
    27  
    28  
    29  <VirtualHost *:443>
    30  
    31    ServerName registry.example.com
    32    ServerAlias www.registry.example.com
    33  
    34    SSLEngine on
    35    SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
    36    SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key
    37  
    38    # Higher Strength SSL Ciphers
    39    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 
    40    SSLCipherSuite RC4-SHA:HIGH
    41    SSLHonorCipherOrder on
    42  
    43    # Logs
    44    ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
    45    CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
    46  
    47    Header always set "Docker-Distribution-Api-Version" "registry/2.0"
    48    Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
    49    RequestHeader set X-Forwarded-Proto "https"
    50  
    51    ProxyRequests     off
    52    ProxyPreserveHost on
    53  
    54    # no proxy for /error/ (Apache HTTPd errors messages)
    55    ProxyPass /error/ !
    56  
    57    #
    58    # Registry v1
    59    #
    60  
    61    ProxyPass        /v1 http://localhost:5000/v1
    62    ProxyPassReverse /v1 http://localhost:5000/v1
    63  
    64    ProxyPass        /_ping http://localhost:5000/_ping
    65    ProxyPassReverse /_ping http://localhost:5000/_ping
    66  
    67    # Authentication require for push
    68    <Location /v1>
    69      Order deny,allow
    70      Allow from all
    71      AuthName "Registry Authentication"
    72      AuthType basic
    73      AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
    74  
    75      # Read access to authentified users
    76      <Limit GET HEAD>
    77        Require valid-user
    78      </Limit>
    79  
    80      # Write access to docker-deployer account only
    81      <Limit POST PUT DELETE>
    82        Require user docker-deployer
    83      </Limit>
    84  
    85    </Location>
    86  
    87    # Allow ping to run unauthenticated.
    88    <Location /v1/_ping>
    89      Satisfy any
    90      Allow from all
    91    </Location>
    92  
    93    # Allow ping to run unauthenticated.
    94    <Location /_ping>
    95      Satisfy any
    96      Allow from all
    97    </Location>
    98  
    99    #
   100    # Registry v2
   101    #
   102  
   103    ProxyPass        /v2 http://localhost:5002/v2
   104    ProxyPassReverse /v2 http://localhost:5002/v2
   105  
   106    <Location /v2>
   107      Order deny,allow
   108      Allow from all
   109      AuthName "Registry Authentication"
   110      AuthType basic
   111      AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
   112  
   113      # Read access to authentified users
   114      <Limit GET HEAD>
   115        Require valid-user
   116      </Limit>
   117  
   118      # Write access to docker-deployer only
   119      <Limit POST PUT DELETE>
   120        Require user docker-deployer
   121      </Limit>
   122  
   123    </Location>
   124  
   125  
   126  </VirtualHost>
   127