docker-registry-frontend/apache-site.conf

<VirtualHost *:*>

  # Redirect apache logs to docker stdout/stderr (See #24)
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
  CustomLog /proc/self/fd/1 combined
  ErrorLog /proc/self/fd/1

  DocumentRoot /var/www/html
  ServerName localhost
  
  # See https://github.com/angular-ui/ui-router/wiki/Frequently-Asked-Questions#how-to-configure-your-server-to-work-with-html5mode
  <Directory /var/www/html>
    Options -Indexes
    RewriteEngine on

    # Don't rewrite files or directories
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    # Rewrite everything else to index.html to allow html5 state links
    RewriteRule ^ index.html [L]
  </Directory>

  # When FRONTEND_BROWSE_ONLY_MODE is defined in envvars
  # we will only allow GET requests to the frontend. All other
  # HTTP requests will be aborted with a HTTP 403 Error.

  <IfDefine FRONTEND_BROWSE_ONLY_MODE>
    <Location />
      <LimitExcept GET>
        Order Allow,Deny
        Deny From All
      </LimitExcept>
    </Location>
  </IfDefine>

  # Proxy all docker REST API registry
  # requests to the docker registry server.

  <IfModule ssl_module>
     SSLProxyEngine on
     # SSLProxyVerify none
     SSLProxyCheckPeerCN off
     SSLProxyCheckPeerName off
  </IfModule>
  ProxyPreserveHost Off
  ProxyPass /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/
  ProxyPassReverse /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/

  # Enable Kerberos authentication if requested
  # NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.
  #       And the variables are also set by the script.

  <IfModule mod_auth_kerb.c>
    <Location "/">
      Options FollowSymLinks Indexes

      AuthType Kerberos
      AuthName "${AUTH_NAME}"
      KrbAuthRealms ${AUTH_KRB_REALMS}
      KrbServiceName ${AUTH_KRB_SERVICE_NAME}
      Krb5Keytab ${AUTH_KRB5_KEYTAB}
      KrbMethodNegotiate on
      KrbMethodK5Passwd on

      Require valid-user
    </Location>
  </IfModule>

  # Enable SSL encryption if requested
  # NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.

  <IfModule ssl_module>
    <IfDefine USE_SSL>
      ServerName localhost
      SSLEngine on
      SSLCertificateFile /etc/apache2/server.crt
      SSLCertificateKeyFile /etc/apache2/server.key
    </IfDefine>
  </IfModule>

  # Allow ping and users to run unauthenticated.
  <Location /v2/_ping>
    Satisfy any
    Allow from all
  </Location>

</VirtualHost>
Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00			`<VirtualHost :>`

Fix #24 redirect apache logs to docker stdout/stderr 2015-11-17 16:31:52 +08:00			`# Redirect apache logs to docker stdout/stderr (See #24)`
			`LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined`
			`CustomLog /proc/self/fd/1 combined`
Output Apache errors to stdout as well 2015-11-18 18:20:11 +08:00			`ErrorLog /proc/self/fd/1`
Fix #24 redirect apache logs to docker stdout/stderr 2015-11-17 16:31:52 +08:00
Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00			`DocumentRoot /var/www/html`
			`ServerName localhost`
Fix reload issue with HTML5 mode URLs 2015-06-08 21:11:48 +08:00
			`# See https://github.com/angular-ui/ui-router/wiki/Frequently-Asked-Questions#how-to-configure-your-server-to-work-with-html5mode`
			`<Directory /var/www/html>`
Add image details support with API v2 (#84) Revert changes on default projet file Add detailed information for tag listing Removed useless comments, divs, etc -> refactoring Prevent bugs from future changes of API Add digest attribute to Manifest query response Add basic pagination support to tag listing Add environment variable for tags per page Fix bug of image history without config + disabled parent id Fix tags pagination system - Fetch infos for all pages add missing comma Fetch infos for all pages -> simpler fix Disable apache directory listing feature Update tag pagination system to make it feel more like repository pagination system 2016-04-11 15:46:40 +08:00			`Options -Indexes`
Fix reload issue with HTML5 mode URLs 2015-06-08 21:11:48 +08:00			`RewriteEngine on`

			`# Don't rewrite files or directories`
			`RewriteCond %{REQUEST_FILENAME} -f [OR]`
			`RewriteCond %{REQUEST_FILENAME} -d`
			`RewriteRule ^ - [L]`

			`# Rewrite everything else to index.html to allow html5 state links`
			`RewriteRule ^ index.html [L]`
			`</Directory>`
Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00
Limit allowed requests to GET method in browse only mode With this change, no destructive requests (e.g. PUT, POST, DELETE) are allowed on the frontend site which proxies through to the actual registry. This should make the browse only mode more safe. See PR #15 2015-02-13 18:34:29 +08:00			`# When FRONTEND_BROWSE_ONLY_MODE is defined in envvars`
			`# we will only allow GET requests to the frontend. All other`
			`# HTTP requests will be aborted with a HTTP 403 Error.`

			`<IfDefine FRONTEND_BROWSE_ONLY_MODE>`
			`<Location />`
			`<LimitExcept GET>`
			`Order Allow,Deny`
			`Deny From All`
			`</LimitExcept>`
			`</Location>`
			`</IfDefine>`

Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00			`# Proxy all docker REST API registry`
			`# requests to the docker registry server.`

Add SSLProxyEngine instruction to apache config file. 2014-11-15 09:04:56 +08:00			`<IfModule ssl_module>`
Add missing piece to Support SSL connection to Docker registry #8 These two options needed to be turned off in my case (see the pull request #8 for more information). http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslproxycheckpeername http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslproxycheckpeercn 2014-11-28 20:38:43 +08:00			`SSLProxyEngine on`
			`# SSLProxyVerify none`
			`SSLProxyCheckPeerCN off`
			`SSLProxyCheckPeerName off`
Add SSLProxyEngine instruction to apache config file. 2014-11-15 09:04:56 +08:00			`</IfModule>`
Setting ProxyPreserveHost to its default value: Off 2016-01-19 06:48:12 +08:00			`ProxyPreserveHost Off`
Apache config should handle v2 rather than v2 2015-09-16 16:37:48 +08:00			`ProxyPass /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/`
			`ProxyPassReverse /v2/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v2/`
Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00
			`# Enable Kerberos authentication if requested`
			`# NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.`
			`# And the variables are also set by the script.`

			`<IfModule mod_auth_kerb.c>`
			`<Location "/">`
			`Options FollowSymLinks Indexes`

			`AuthType Kerberos`
			`AuthName "${AUTH_NAME}"`
			`KrbAuthRealms ${AUTH_KRB_REALMS}`
			`KrbServiceName ${AUTH_KRB_SERVICE_NAME}`
			`Krb5Keytab ${AUTH_KRB5_KEYTAB}`
			`KrbMethodNegotiate on`
			`KrbMethodK5Passwd on`

			`Require valid-user`
			`</Location>`
			`</IfModule>`

			`# Enable SSL encryption if requested`
			`# NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.`

			`<IfModule ssl_module>`
Add SSLProxyEngine instruction to apache config file. 2014-11-15 09:04:56 +08:00			`<IfDefine USE_SSL>`
			`ServerName localhost`
			`SSLEngine on`
			`SSLCertificateFile /etc/apache2/server.crt`
			`SSLCertificateKeyFile /etc/apache2/server.key`
			`</IfDefine>`
Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00			`</IfModule>`

Allow /v1/_ping run unauthenticated 2014-10-10 19:51:41 +08:00			`# Allow ping and users to run unauthenticated.`
Apache config should handle v2 rather than v2 2015-09-16 16:37:48 +08:00			`<Location /v2/_ping>`
Allow /v1/_ping run unauthenticated 2014-10-10 19:51:41 +08:00			`Satisfy any`
			`Allow from all`
			`</Location>`

Replaced NGINX with Apache for Kerberos auth. SSL is working. 2014-09-29 20:04:40 +08:00			`</VirtualHost>`