registry/files/etc/apache2/httpd.conf

LoadModule headers_module modules/mod_headers.so

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule access_compat_module modules/mod_access_compat.so

LoadModule log_config_module modules/mod_log_config.so

LoadModule ssl_module modules/mod_ssl.so

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

LoadModule unixd_module modules/mod_unixd.so

LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule env_module modules/mod_env.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
</IfModule>

<IfModule unixd_module>
    User daemon
    Group daemon
</IfModule>

ServerAdmin you@example.com

ErrorLog /proc/self/fd/2

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog /proc/self/fd/1 common
</IfModule>

ServerRoot "/usr/local/apache2"

Listen 443

<Directory />
    AllowOverride none
    Require all denied
</Directory>

<IfModule !mpm_prefork_module>
	#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
	#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/usr/local/apache2/htdocs"
<Directory "/usr/local/apache2/htdocs">
    Options Indexes FollowSymLinks

    AllowOverride None

    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>


<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #Scriptsock cgisock
</IfModule>

#
<Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz


</IfModule>

<IfModule proxy_html_module>
#Include conf/extra/proxy-html.conf
</IfModule>

<VirtualHost *:443>

  ServerName localhost

  SSLEngine on
  SSLCertificateFile /usr/local/apache2/conf/domain.crt
  SSLCertificateKeyFile /usr/local/apache2/conf/domain.key

  ## SSL settings recommendation from: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
  # Anti CRIME
  SSLCompression off

  # POODLE and other stuff
  SSLProtocol all -SSLv2 -SSLv3 -TLSv1

  # Secure cypher suites
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLHonorCipherOrder on

  Header always set "Docker-Distribution-Api-Version" "registry/2.0"
  Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
Header always set Strict-Transport-Security "max-age=max-age=15552000; includeSubdomains; preload"
Header set Public-Key-Pins "pin-sha256=\"redacted=\"; max-age=15552000; includeSubdomains;"
  # add for uknow blob
  Header add X-Forwarded-Proto "https"
  RequestHeader add X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Proto "https"

  ProxyRequests     off
  ProxyPreserveHost on

  # no proxy for /error/ (Apache HTTPd errors messages)
  ProxyPass /error/ !

  ProxyPass        /v2 http://registry:5000/v2
  ProxyPassReverse /v2 http://registry:5000/v2

  <Location /v2>
    Order deny,allow
    Allow from all
    AuthName "Registry Authentication"
    AuthType basic
    AuthUserFile "/usr/local/apache2/conf/httpd.htpasswd"
    AuthGroupFile "/usr/local/apache2/conf/httpd.groups"

    # Read access to authentified users
    <Limit GET HEAD>
      Require valid-user
    </Limit>

    # Write access to docker-deployer only
    <Limit POST PUT DELETE PATCH>
      Require group pusher
    </Limit>

  </Location>

</VirtualHost>
swarmlab registry 6 years ago			`LoadModule headers_module modules/mod_headers.so`

			`LoadModule authn_file_module modules/mod_authn_file.so`
			`LoadModule authn_core_module modules/mod_authn_core.so`
			`LoadModule authz_groupfile_module modules/mod_authz_groupfile.so`
			`LoadModule authz_user_module modules/mod_authz_user.so`
			`LoadModule authz_core_module modules/mod_authz_core.so`
			`LoadModule auth_basic_module modules/mod_auth_basic.so`
			`LoadModule access_compat_module modules/mod_access_compat.so`

			`LoadModule log_config_module modules/mod_log_config.so`

			`LoadModule ssl_module modules/mod_ssl.so`

			`LoadModule proxy_module modules/mod_proxy.so`
			`LoadModule proxy_http_module modules/mod_proxy_http.so`

			`LoadModule unixd_module modules/mod_unixd.so`

			`LoadModule mpm_event_module modules/mod_mpm_event.so`
			`LoadModule authz_host_module modules/mod_authz_host.so`
			`LoadModule reqtimeout_module modules/mod_reqtimeout.so`
			`LoadModule filter_module modules/mod_filter.so`
			`LoadModule mime_module modules/mod_mime.so`
			`LoadModule env_module modules/mod_env.so`
			`LoadModule setenvif_module modules/mod_setenvif.so`
			`LoadModule version_module modules/mod_version.so`
			`LoadModule status_module modules/mod_status.so`
			`LoadModule autoindex_module modules/mod_autoindex.so`
			`<IfModule ssl_module>`
			`SSLRandomSeed startup builtin`
			`SSLRandomSeed connect builtin`
			`</IfModule>`

			`<IfModule unixd_module>`
			`User daemon`
			`Group daemon`
			`</IfModule>`

			`ServerAdmin you@example.com`

			`ErrorLog /proc/self/fd/2`

			`LogLevel warn`

			`<IfModule log_config_module>`
			`LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined`
			`LogFormat "%h %l %u %t \"%r\" %>s %b" common`

			`<IfModule logio_module>`
			`LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio`
			`</IfModule>`

			`CustomLog /proc/self/fd/1 common`
			`</IfModule>`

			`ServerRoot "/usr/local/apache2"`

			`Listen 443`

			`<Directory />`
			`AllowOverride none`
			`Require all denied`
			`</Directory>`

			`<IfModule !mpm_prefork_module>`
			`#LoadModule cgid_module modules/mod_cgid.so`
			`</IfModule>`
			`<IfModule mpm_prefork_module>`
			`#LoadModule cgi_module modules/mod_cgi.so`
			`</IfModule>`
			`LoadModule dir_module modules/mod_dir.so`
			`LoadModule alias_module modules/mod_alias.so`

			`<Directory />`
			`AllowOverride none`
			`Require all denied`
			`</Directory>`

			`DocumentRoot "/usr/local/apache2/htdocs"`
			`<Directory "/usr/local/apache2/htdocs">`
			`Options Indexes FollowSymLinks`

			`AllowOverride None`

			`Require all granted`
			`</Directory>`

			`<IfModule dir_module>`
			`DirectoryIndex index.html`
			`</IfModule>`

			`<Files ".ht*">`
			`Require all denied`
			`</Files>`


			`<IfModule alias_module>`
			`ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"`

			`</IfModule>`

			`<IfModule cgid_module>`
			`#Scriptsock cgisock`
			`</IfModule>`

			`#`
			`<Directory "/usr/local/apache2/cgi-bin">`
			`AllowOverride None`
			`Options None`
			`Require all granted`
			`</Directory>`

			`<IfModule headers_module>`
			`RequestHeader unset Proxy early`
			`</IfModule>`

			`<IfModule mime_module>`
			`TypesConfig conf/mime.types`

			`AddType application/x-compress .Z`
			`AddType application/x-gzip .gz .tgz`


			`</IfModule>`

			`<IfModule proxy_html_module>`
			`#Include conf/extra/proxy-html.conf`
			`</IfModule>`

			`<VirtualHost *:443>`

			`ServerName localhost`

			`SSLEngine on`
			`SSLCertificateFile /usr/local/apache2/conf/domain.crt`
			`SSLCertificateKeyFile /usr/local/apache2/conf/domain.key`

			`## SSL settings recommendation from: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html`
			`# Anti CRIME`
			`SSLCompression off`

			`# POODLE and other stuff`
			`SSLProtocol all -SSLv2 -SSLv3 -TLSv1`

			`# Secure cypher suites`
			`SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH`
			`SSLHonorCipherOrder on`

			`Header always set "Docker-Distribution-Api-Version" "registry/2.0"`
			`Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"`
			`Header always set Strict-Transport-Security "max-age=max-age=15552000; includeSubdomains; preload"`
			`Header set Public-Key-Pins "pin-sha256=\"redacted=\"; max-age=15552000; includeSubdomains;"`
			`# add for uknow blob`
			`Header add X-Forwarded-Proto "https"`
			`RequestHeader add X-Forwarded-Proto "https"`
			`RequestHeader set X-Forwarded-Proto "https"`

			`ProxyRequests off`
			`ProxyPreserveHost on`

			`# no proxy for /error/ (Apache HTTPd errors messages)`
			`ProxyPass /error/ !`

			`ProxyPass /v2 http://registry:5000/v2`
			`ProxyPassReverse /v2 http://registry:5000/v2`

			`<Location /v2>`
			`Order deny,allow`
			`Allow from all`
			`AuthName "Registry Authentication"`
			`AuthType basic`
			`AuthUserFile "/usr/local/apache2/conf/httpd.htpasswd"`
			`AuthGroupFile "/usr/local/apache2/conf/httpd.groups"`

			`# Read access to authentified users`
			`<Limit GET HEAD>`
			`Require valid-user`
			`</Limit>`

			`# Write access to docker-deployer only`
			`<Limit POST PUT DELETE PATCH>`
			`Require group pusher`
			`</Limit>`

			`</Location>`

			`</VirtualHost>`