Sign upLogin

kwk/docker-registry-frontend

View on GitHub
Star
apache-site.conf

Summary

Maintainability
Test Coverage
<VirtualHost *:*>

  # Redirect apache logs to docker stdout/stderr (See #24)
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
  CustomLog /proc/self/fd/1 combined
  ErrorLog /proc/self/fd/1

  DocumentRoot /var/www/html
  ServerName localhost
  
  # See https://github.com/angular-ui/ui-router/wiki/Frequently-Asked-Questions#how-to-configure-your-server-to-work-with-html5mode
  <Directory /var/www/html>
    Options -Indexes
    RewriteEngine on

    # Don't rewrite files or directories
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    # Rewrite everything else to index.html to allow html5 state links
    RewriteRule ^ index.html [L]
  </Directory>

  # When FRONTEND_BROWSE_ONLY_MODE is defined in envvars
  # we will only allow GET requests to the frontend. All other
  # HTTP requests will be aborted with a HTTP 403 Error.

  <IfDefine FRONTEND_BROWSE_ONLY_MODE>
    <Location />
      <LimitExcept GET>
        Order Allow,Deny
        Deny From All
      </LimitExcept>
    </Location>
  </IfDefine>

  # Proxy all docker REST API registry
  # requests to the docker registry server.

  <IfModule ssl_module>
     SSLProxyEngine on
     # SSLProxyVerify none
     SSLProxyCheckPeerCN off
     SSLProxyCheckPeerName off
  </IfModule>
  ProxyPreserveHost Off
  ProxyPass /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/
  ProxyPassReverse /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/

  # Enable Kerberos authentication if requested
  # NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.
  #       And the variables are also set by the script.

  <IfModule mod_auth_kerb.c>
    <Location "/">
      Options FollowSymLinks Indexes

      AuthType Kerberos
      AuthName "${AUTH_NAME}"
      KrbAuthRealms ${AUTH_KRB_REALMS}
      KrbServiceName ${AUTH_KRB_SERVICE_NAME}
      Krb5Keytab ${AUTH_KRB5_KEYTAB}
      KrbMethodNegotiate on
      KrbMethodK5Passwd on

      Require valid-user
    </Location>
  </IfModule>

  # Enable SSL encryption if requested
  # NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.

  <IfModule ssl_module>
    <IfDefine USE_SSL>
      ServerName localhost
      SSLEngine on
      SSLCertificateFile /etc/apache2/server.crt
      SSLCertificateKeyFile /etc/apache2/server.key
    </IfDefine>
  </IfModule>

  # Allow ping and users to run unauthenticated.
  <Location /v2/_ping>
    Satisfy any
    Allow from all
  </Location>

</VirtualHost>