From 3e4e081c1d5033748c686f163affb5e4dd557861 Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Thu, 23 Apr 2015 09:52:49 +0200 Subject: [PATCH 1/7] Sample Apache 2.x configuration, mirror, registry v1+registry v2 Signed-off-by: Henri Gomez --- contrib/apache.conf | 140 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 contrib/apache.conf diff --git a/contrib/apache.conf b/contrib/apache.conf new file mode 100644 index 000000000..444c08701 --- /dev/null +++ b/contrib/apache.conf @@ -0,0 +1,140 @@ +# +# Sample Apache 2.x configuration where : +# +# http://registry.example.com proxify Docker Registry 1.0 in Mirror mode +# https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode +# +# 3 Docker containers should be started +# +# Docker Registry 1.0 in Mirror mode : port 5000 +# Docker Registry 1.0 in Hosting mode : port 5001 +# Docker Registry 2.0 in Hosting mode : port 5002 +# +# For Hosting mode : +#  +# users should have account (valid-user) to be able to fetch images +# only users using account docker-deployer will be allowed to push images + + + + ServerName registry.example.com + ServerAlias www.registry.example.com + + ProxyRequests off + ProxyPreserveHost on + + # no proxy for /error/ (Apache HTTPd errors messages) + ProxyPass /error/ ! + + ProxyPass /_ping http://localhost:5001/_ping + ProxyPassReverse /_ping http://localhost:5001/_ping + + ProxyPass /v1 http://localhost:5001/v1 + ProxyPassReverse /v1 http://localhost:5001/v1 + + # Logs + ErrorLog ${APACHE_LOG_DIR}/mirror_error_log + CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog + + + + + + + ServerName registry.example.com + ServerAlias www.registry.example.com + + SSLEngine on + SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt + SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key + + # Higher Strength SSL Ciphers + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 + SSLCipherSuite RC4-SHA:HIGH + SSLHonorCipherOrder on + + # Logs + ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log + CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog + + Header set Host "registry.example.com" + Header set "Docker-Distribution-Api-Version" "registry/2.0" + RequestHeader set X-Forwarded-Proto "https" + + ProxyRequests off + ProxyPreserveHost on + + # no proxy for /error/ (Apache HTTPd errors messages) + ProxyPass /error/ ! + + # + # Registry v1 + # + + ProxyPass /v1 http://localhost:5000/v1 + ProxyPassReverse /v1 http://localhost:5000/v1 + + ProxyPass /_ping http://localhost:5000/_ping + ProxyPassReverse /_ping http://localhost:5000/_ping + + # Authentication require for push + + Order deny,allow + Allow from all + AuthName "Registry Authentication" + AuthType basic + AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" + + # Read access to authentified users + + Require valid-user + + + # Write access to docker-deployer account only + + Require user docker-deployer + + + + + # Allow ping to run unauthenticated. + + Satisfy any + Allow from all + + + # Allow ping to run unauthenticated. + + Satisfy any + Allow from all + + + # + # Registry v2 + # + + ProxyPass /v2 http://localhost:5002/v2 + ProxyPassReverse /v2 http://localhost:5002/v2 + + + Order deny,allow + Allow from all + AuthName "Registry Authentication" + AuthType basic + AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" + + # Read access to authentified users + + Require valid-user + + + # Write access to docker-deployer only + + Require user docker-deployer + + + + + + + From c8aca239b1335509d90b52c2f50cdf7822b641bd Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Thu, 23 Apr 2015 09:55:48 +0200 Subject: [PATCH 2/7] describe 3 registry containers Signed-off-by: Henri Gomez --- contrib/apache.conf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/contrib/apache.conf b/contrib/apache.conf index 444c08701..fab1b16bd 100644 --- a/contrib/apache.conf +++ b/contrib/apache.conf @@ -10,6 +10,16 @@ # Docker Registry 1.0 in Hosting mode : port 5001 # Docker Registry 2.0 in Hosting mode : port 5002 # +# Mirror : +# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1" +# +# Registry v1 : +# docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \ +# -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1" +# +# Registry v2 : +# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/axway/docker-registry/storage/hosting2-v2:/tmp -p 5002:5000 registry:2.0" +# # For Hosting mode : #  # users should have account (valid-user) to be able to fetch images From 3e0e1b1d82c3631f63a738f2b6646bb7389a88ea Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Thu, 23 Apr 2015 10:14:49 +0200 Subject: [PATCH 3/7] Correct documentation Signed-off-by: Henri Gomez --- contrib/apache.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/apache.conf b/contrib/apache.conf index fab1b16bd..e4c6176a3 100644 --- a/contrib/apache.conf +++ b/contrib/apache.conf @@ -6,14 +6,14 @@ # # 3 Docker containers should be started # -# Docker Registry 1.0 in Mirror mode : port 5000 -# Docker Registry 1.0 in Hosting mode : port 5001 +# Docker Registry 1.0 in Mirror mode : port 5001 +# Docker Registry 1.0 in Hosting mode : port 5000 # Docker Registry 2.0 in Hosting mode : port 5002 # -# Mirror : +# Registry v1 : # docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1" # -# Registry v1 : +# Mirror : # docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \ # -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1" # From 9e4db7bbd36d8d61a60250dc4bad4fbc33834834 Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Fri, 24 Apr 2015 09:50:05 +0200 Subject: [PATCH 4/7] move apache.conf to apache subdir Signed-off-by: Henri Gomez --- contrib/apache/apache.conf | 150 +++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 contrib/apache/apache.conf diff --git a/contrib/apache/apache.conf b/contrib/apache/apache.conf new file mode 100644 index 000000000..e4c6176a3 --- /dev/null +++ b/contrib/apache/apache.conf @@ -0,0 +1,150 @@ +# +# Sample Apache 2.x configuration where : +# +# http://registry.example.com proxify Docker Registry 1.0 in Mirror mode +# https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode +# +# 3 Docker containers should be started +# +# Docker Registry 1.0 in Mirror mode : port 5001 +# Docker Registry 1.0 in Hosting mode : port 5000 +# Docker Registry 2.0 in Hosting mode : port 5002 +# +# Registry v1 : +# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1" +# +# Mirror : +# docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \ +# -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1" +# +# Registry v2 : +# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/axway/docker-registry/storage/hosting2-v2:/tmp -p 5002:5000 registry:2.0" +# +# For Hosting mode : +#  +# users should have account (valid-user) to be able to fetch images +# only users using account docker-deployer will be allowed to push images + + + + ServerName registry.example.com + ServerAlias www.registry.example.com + + ProxyRequests off + ProxyPreserveHost on + + # no proxy for /error/ (Apache HTTPd errors messages) + ProxyPass /error/ ! + + ProxyPass /_ping http://localhost:5001/_ping + ProxyPassReverse /_ping http://localhost:5001/_ping + + ProxyPass /v1 http://localhost:5001/v1 + ProxyPassReverse /v1 http://localhost:5001/v1 + + # Logs + ErrorLog ${APACHE_LOG_DIR}/mirror_error_log + CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog + + + + + + + ServerName registry.example.com + ServerAlias www.registry.example.com + + SSLEngine on + SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt + SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key + + # Higher Strength SSL Ciphers + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 + SSLCipherSuite RC4-SHA:HIGH + SSLHonorCipherOrder on + + # Logs + ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log + CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog + + Header set Host "registry.example.com" + Header set "Docker-Distribution-Api-Version" "registry/2.0" + RequestHeader set X-Forwarded-Proto "https" + + ProxyRequests off + ProxyPreserveHost on + + # no proxy for /error/ (Apache HTTPd errors messages) + ProxyPass /error/ ! + + # + # Registry v1 + # + + ProxyPass /v1 http://localhost:5000/v1 + ProxyPassReverse /v1 http://localhost:5000/v1 + + ProxyPass /_ping http://localhost:5000/_ping + ProxyPassReverse /_ping http://localhost:5000/_ping + + # Authentication require for push + + Order deny,allow + Allow from all + AuthName "Registry Authentication" + AuthType basic + AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" + + # Read access to authentified users + + Require valid-user + + + # Write access to docker-deployer account only + + Require user docker-deployer + + + + + # Allow ping to run unauthenticated. + + Satisfy any + Allow from all + + + # Allow ping to run unauthenticated. + + Satisfy any + Allow from all + + + # + # Registry v2 + # + + ProxyPass /v2 http://localhost:5002/v2 + ProxyPassReverse /v2 http://localhost:5002/v2 + + + Order deny,allow + Allow from all + AuthName "Registry Authentication" + AuthType basic + AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" + + # Read access to authentified users + + Require valid-user + + + # Write access to docker-deployer only + + Require user docker-deployer + + + + + + + From 66a9e12f996c8415485bd755b96cf5a774fc803f Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Fri, 24 Apr 2015 09:53:44 +0200 Subject: [PATCH 5/7] remove apache.conf from contrib dir Signed-off-by: Henri Gomez --- contrib/apache.conf | 150 -------------------------------------------- 1 file changed, 150 deletions(-) delete mode 100644 contrib/apache.conf diff --git a/contrib/apache.conf b/contrib/apache.conf deleted file mode 100644 index e4c6176a3..000000000 --- a/contrib/apache.conf +++ /dev/null @@ -1,150 +0,0 @@ -# -# Sample Apache 2.x configuration where : -# -# http://registry.example.com proxify Docker Registry 1.0 in Mirror mode -# https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode -# -# 3 Docker containers should be started -# -# Docker Registry 1.0 in Mirror mode : port 5001 -# Docker Registry 1.0 in Hosting mode : port 5000 -# Docker Registry 2.0 in Hosting mode : port 5002 -# -# Registry v1 : -# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1" -# -# Mirror : -# docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \ -# -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1" -# -# Registry v2 : -# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/axway/docker-registry/storage/hosting2-v2:/tmp -p 5002:5000 registry:2.0" -# -# For Hosting mode : -#  -# users should have account (valid-user) to be able to fetch images -# only users using account docker-deployer will be allowed to push images - - - - ServerName registry.example.com - ServerAlias www.registry.example.com - - ProxyRequests off - ProxyPreserveHost on - - # no proxy for /error/ (Apache HTTPd errors messages) - ProxyPass /error/ ! - - ProxyPass /_ping http://localhost:5001/_ping - ProxyPassReverse /_ping http://localhost:5001/_ping - - ProxyPass /v1 http://localhost:5001/v1 - ProxyPassReverse /v1 http://localhost:5001/v1 - - # Logs - ErrorLog ${APACHE_LOG_DIR}/mirror_error_log - CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog - - - - - - - ServerName registry.example.com - ServerAlias www.registry.example.com - - SSLEngine on - SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt - SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key - - # Higher Strength SSL Ciphers - SSLProtocol all -SSLv2 -SSLv3 -TLSv1 - SSLCipherSuite RC4-SHA:HIGH - SSLHonorCipherOrder on - - # Logs - ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log - CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog - - Header set Host "registry.example.com" - Header set "Docker-Distribution-Api-Version" "registry/2.0" - RequestHeader set X-Forwarded-Proto "https" - - ProxyRequests off - ProxyPreserveHost on - - # no proxy for /error/ (Apache HTTPd errors messages) - ProxyPass /error/ ! - - # - # Registry v1 - # - - ProxyPass /v1 http://localhost:5000/v1 - ProxyPassReverse /v1 http://localhost:5000/v1 - - ProxyPass /_ping http://localhost:5000/_ping - ProxyPassReverse /_ping http://localhost:5000/_ping - - # Authentication require for push - - Order deny,allow - Allow from all - AuthName "Registry Authentication" - AuthType basic - AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" - - # Read access to authentified users - - Require valid-user - - - # Write access to docker-deployer account only - - Require user docker-deployer - - - - - # Allow ping to run unauthenticated. - - Satisfy any - Allow from all - - - # Allow ping to run unauthenticated. - - Satisfy any - Allow from all - - - # - # Registry v2 - # - - ProxyPass /v2 http://localhost:5002/v2 - ProxyPassReverse /v2 http://localhost:5002/v2 - - - Order deny,allow - Allow from all - AuthName "Registry Authentication" - AuthType basic - AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" - - # Read access to authentified users - - Require valid-user - - - # Write access to docker-deployer only - - Require user docker-deployer - - - - - - - From f3e08f87211b3517e78b7caddeee3e7d17fa7b10 Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Mon, 27 Apr 2015 12:54:41 +0200 Subject: [PATCH 6/7] Update apache.conf Signed-off-by: Henri Gomez --- contrib/apache/apache.conf | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/contrib/apache/apache.conf b/contrib/apache/apache.conf index e4c6176a3..b7581fd16 100644 --- a/contrib/apache/apache.conf +++ b/contrib/apache/apache.conf @@ -1,29 +1,6 @@ # # Sample Apache 2.x configuration where : # -# http://registry.example.com proxify Docker Registry 1.0 in Mirror mode -# https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode -# -# 3 Docker containers should be started -# -# Docker Registry 1.0 in Mirror mode : port 5001 -# Docker Registry 1.0 in Hosting mode : port 5000 -# Docker Registry 2.0 in Hosting mode : port 5002 -# -# Registry v1 : -# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1" -# -# Mirror : -# docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \ -# -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1" -# -# Registry v2 : -# docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/axway/docker-registry/storage/hosting2-v2:/tmp -p 5002:5000 registry:2.0" -# -# For Hosting mode : -#  -# users should have account (valid-user) to be able to fetch images -# only users using account docker-deployer will be allowed to push images From 7df490b6b2225dd1dd0791ec648d08c3ff3761bf Mon Sep 17 00:00:00 2001 From: Henri Gomez Date: Mon, 27 Apr 2015 12:59:17 +0200 Subject: [PATCH 7/7] Create README.MD Signed-off-by: Henri Gomez --- contrib/apache/README.MD | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 contrib/apache/README.MD diff --git a/contrib/apache/README.MD b/contrib/apache/README.MD new file mode 100644 index 000000000..f7e14b5b4 --- /dev/null +++ b/contrib/apache/README.MD @@ -0,0 +1,36 @@ +# Apache HTTPd sample for Registry v1, v2 and mirror + +3 containers involved + +* Docker Registry v1 (registry 0.9.1) +* Docker Registry v2 (registry 2.0.0) +* Docker Registry v1 in mirror mode + +HTTP for mirror and HTTPS for v1 & v2 + +* http://registry.example.com proxify Docker Registry 1.0 in Mirror mode +* https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode + +## 3 Docker containers should be started + +* Docker Registry 1.0 in Mirror mode : port 5001 +* Docker Registry 1.0 in Hosting mode : port 5000 +* Docker Registry 2.0 in Hosting mode : port 5002 + +### Registry v1 + + docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1" + +### Mirror + + docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \ + -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1" + +### Registry v2 + + docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/axway/docker-registry/storage/hosting2-v2:/tmp -p 5002:5000 registry:2.0" + +# For Hosting mode access + +* users should have account (valid-user) to be able to fetch images +* only users using account docker-deployer will be allowed to push images