# # Sample Apache 2.x configuration where : # <VirtualHost *:80> ServerName registry.example.com ServerAlias www.registry.example.com ProxyRequests off ProxyPreserveHost on # no proxy for /error/ (Apache HTTPd errors messages) ProxyPass /error/ ! ProxyPass /_ping http://localhost:5001/_ping ProxyPassReverse /_ping http://localhost:5001/_ping ProxyPass /v1 http://localhost:5001/v1 ProxyPassReverse /v1 http://localhost:5001/v1 # Logs ErrorLog ${APACHE_LOG_DIR}/mirror_error_log CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog </VirtualHost> <VirtualHost *:443> ServerName registry.example.com ServerAlias www.registry.example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key # Higher Strength SSL Ciphers SSLProtocol all -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite RC4-SHA:HIGH SSLHonorCipherOrder on # Logs ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog Header always set "Docker-Distribution-Api-Version" "registry/2.0" Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0" RequestHeader set X-Forwarded-Proto "https" ProxyRequests off ProxyPreserveHost on # no proxy for /error/ (Apache HTTPd errors messages) ProxyPass /error/ ! # # Registry v1 # ProxyPass /v1 http://localhost:5000/v1 ProxyPassReverse /v1 http://localhost:5000/v1 ProxyPass /_ping http://localhost:5000/_ping ProxyPassReverse /_ping http://localhost:5000/_ping # Authentication require for push <Location /v1> Order deny,allow Allow from all AuthName "Registry Authentication" AuthType basic AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" # Read access to authentified users <Limit GET HEAD> Require valid-user </Limit> # Write access to docker-deployer account only <Limit POST PUT DELETE> Require user docker-deployer </Limit> </Location> # Allow ping to run unauthenticated. <Location /v1/_ping> Satisfy any Allow from all </Location> # Allow ping to run unauthenticated. <Location /_ping> Satisfy any Allow from all </Location> # # Registry v2 # ProxyPass /v2 http://localhost:5002/v2 ProxyPassReverse /v2 http://localhost:5002/v2 <Location /v2> Order deny,allow Allow from all AuthName "Registry Authentication" AuthType basic AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd" # Read access to authentified users <Limit GET HEAD> Require valid-user </Limit> # Write access to docker-deployer only <Limit POST PUT DELETE> Require user docker-deployer </Limit> </Location> </VirtualHost>