blob: 4bdd1b2deda2d46698c3bd1fe55b8b9161dd6fc3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Scheme https early
RequestHeader set X-Forwarded-Proto https early
ProxyPreserveHost On
RewriteEngine on
RewriteRule ^/signatures/(.*) /srv/web/registry-signatures/$1 [L]
{% if env == "production" %}
RewriteCond %{HTTP:VIA} !cdn77
RewriteCond %{REQUEST_METHOD} !^(PATCH|POST|PUT|DELETE|HEAD)$
RewriteRule ^/v2/(.*)/blobs/([a-zA-Z0-9:]*) https://cdn.registry.fedoraproject.org/v2/$1/blobs/$2 [R]
{% endif %}
# This is terible, but Docker.
RewriteCond %{REQUEST_METHOD} ^(PATCH|POST|PUT|DELETE)$
{% if env == "staging" %}
RewriteRule ^/(.*)$ http://docker-registry01:5000/$1 [P,L]
{% else %}
RewriteRule ^/(.*)$ http://localhost:10048/$1 [P,L]
{% endif %}
RewriteRule ^/(.*)$ http://localhost:6081/$1 [P,L]
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert
SSLOptions +FakeBasicAuth
<Directory /srv/web/registry-signatures>
Require all granted
</Directory>
<Location /v2>
Order deny,allow
Allow from all
AuthName "Registry Authentication"
AuthType Basic
AuthUserFile /etc/httpd/conf.d/registry.fedoraproject.org/passwd
# Anyone can read
<Limit GET HEAD>
Require all granted
</Limit>
# Write access to docker-deployer only
<Limit POST PUT DELETE>
Require valid-user
</Limit>
</Location>
|
