Sample Apache 2.x configuration, mirror, registry v1+registry v2

Signed-off-by: Henri Gomez <henri.gomez@gmail.com>
2015-04-23 09:52:49 +02:00 · 2015-04-23 09:52:49 +02:00 · 3e4e081c1d
commit 3e4e081c1d
parent 73960f4024
1 changed files with 140 additions and 0 deletions
--- a/contrib/apache.conf
+++ b/contrib/apache.conf
@ -0,0 +1,140 @@
+#
+# Sample Apache 2.x configuration where : 
+#
+# http://registry.example.com proxify Docker Registry 1.0 in Mirror mode
+# https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode
+#
+# 3 Docker containers should be started 
+#
+# Docker Registry 1.0 in Mirror mode : port 5000
+# Docker Registry 1.0 in Hosting mode : port 5001
+# Docker Registry 2.0 in Hosting mode : port 5002
+#
+# For Hosting mode :
+# 
+# users should have account (valid-user) to be able to fetch images
+# only users using account docker-deployer will be allowed to push images
+
+<VirtualHost *:80>
+         
+  ServerName registry.example.com
+  ServerAlias www.registry.example.com
+
+  ProxyRequests     off
+  ProxyPreserveHost on
+
+  # no proxy for /error/ (Apache HTTPd errors messages)
+  ProxyPass /error/ !
+
+  ProxyPass        /_ping http://localhost:5001/_ping
+  ProxyPassReverse /_ping http://localhost:5001/_ping
+
+  ProxyPass        /v1 http://localhost:5001/v1
+  ProxyPassReverse /v1 http://localhost:5001/v1
+
+  # Logs
+  ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
+  CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog
+
+</VirtualHost>
+
+
+<VirtualHost *:443>
+
+  ServerName registry.example.com
+  ServerAlias www.registry.example.com
+
+  SSLEngine on
+  SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
+  SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key
+
+  # Higher Strength SSL Ciphers
+  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 
+  SSLCipherSuite RC4-SHA:HIGH
+  SSLHonorCipherOrder on
+
+  # Logs
+  ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
+  CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
+
+  Header set Host "registry.example.com"
+  Header set "Docker-Distribution-Api-Version" "registry/2.0"
+  RequestHeader set X-Forwarded-Proto "https"
+
+  ProxyRequests     off
+  ProxyPreserveHost on
+
+  # no proxy for /error/ (Apache HTTPd errors messages)
+  ProxyPass /error/ !
+
+  #
+  # Registry v1
+  #
+
+  ProxyPass        /v1 http://localhost:5000/v1
+  ProxyPassReverse /v1 http://localhost:5000/v1
+
+  ProxyPass        /_ping http://localhost:5000/_ping
+  ProxyPassReverse /_ping http://localhost:5000/_ping
+
+  # Authentication require for push
+  <Location /v1>
+    Order deny,allow
+    Allow from all
+    AuthName "Registry Authentication"
+    AuthType basic
+    AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
+
+    # Read access to authentified users
+    <Limit GET HEAD>
+      Require valid-user
+    </Limit>
+
+    # Write access to docker-deployer account only
+    <Limit POST PUT DELETE>
+      Require user docker-deployer
+    </Limit>
+
+  </Location>
+
+  # Allow ping to run unauthenticated.
+  <Location /v1/_ping>
+    Satisfy any
+    Allow from all
+  </Location>
+
+  # Allow ping to run unauthenticated.
+  <Location /_ping>
+    Satisfy any
+    Allow from all
+  </Location>
+
+  #
+  # Registry v2
+  #
+
+  ProxyPass        /v2 http://localhost:5002/v2
+  ProxyPassReverse /v2 http://localhost:5002/v2
+
+  <Location /v2>
+    Order deny,allow
+    Allow from all
+    AuthName "Registry Authentication"
+    AuthType basic
+    AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
+
+    # Read access to authentified users
+    <Limit GET HEAD>
+      Require valid-user
+    </Limit>
+
+    # Write access to docker-deployer only
+    <Limit POST PUT DELETE>
+      Require user docker-deployer
+    </Limit>
+
+  </Location>
+
+
+</VirtualHost>
+