diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-08-29 16:44:36 +0000 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-08-29 19:09:38 +0000 |
| commit | b6dda2c8b364d69c56d02c586a6dda1f8d120cb4 (patch) | |
| tree | 59442ed354005c71d622078e6594165a4e11d272 /roles/httpd/reverseproxy | |
| parent | 0cd6667e7faee4993b524d855fc25548095347fe (diff) | |
| download | ansible-b6dda2c8b364d69c56d02c586a6dda1f8d120cb4.tar.gz ansible-b6dda2c8b364d69c56d02c586a6dda1f8d120cb4.tar.xz ansible-b6dda2c8b364d69c56d02c586a6dda1f8d120cb4.zip | |
Create candidate registry at proxy
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'roles/httpd/reverseproxy')
| -rw-r--r-- | roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf new file mode 100644 index 000000000..d2c0cd650 --- /dev/null +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf @@ -0,0 +1,32 @@ +RequestHeader set X-Forwarded-Scheme https early +RequestHeader set X-Scheme https early +RequestHeader set X-Forwarded-Proto https early +ProxyPreserveHost On + +ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} +ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} + +SSLVerifyClient optional +SSLVerifyDepth 1 +SSLCACertificateFile /etc/pki/httpd/fedora-server-ca.cert +SSLOptions +FakeBasicAuth + + +<Location /v2> + Order deny,allow + Allow from all + AuthName "Registry Authentication" + AuthType Basic + AuthUserFile /etc/httpd/conf.d/candidate-registry.fedoraproject.org/passwd + + # Anyone can read + <Limit GET HEAD> + Require all granted + </Limit> + + # Write access to docker-deployer only + <Limit POST PUT DELETE> + Require valid-user + </Limit> + +</Location> |