LoadModule headers_module modules/mod_headers.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule log_config_module modules/mod_log_config.so LoadModule ssl_module modules/mod_ssl.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule unixd_module modules/mod_unixd.so LoadModule mpm_event_module modules/mod_mpm_event.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule filter_module modules/mod_filter.so LoadModule mime_module modules/mod_mime.so LoadModule env_module modules/mod_env.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so SSLRandomSeed startup builtin SSLRandomSeed connect builtin User daemon Group daemon ServerAdmin you@example.com ErrorLog /proc/self/fd/2 LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio CustomLog /proc/self/fd/1 common ServerRoot "/usr/local/apache2" Listen 443 AllowOverride none Require all denied #LoadModule cgid_module modules/mod_cgid.so #LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module modules/mod_dir.so LoadModule alias_module modules/mod_alias.so AllowOverride none Require all denied DocumentRoot "/usr/local/apache2/htdocs" Options Indexes FollowSymLinks AllowOverride None Require all granted DirectoryIndex index.html Require all denied ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" #Scriptsock cgisock # AllowOverride None Options None Require all granted RequestHeader unset Proxy early TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz #Include conf/extra/proxy-html.conf ServerName localhost SSLEngine on SSLCertificateFile /usr/local/apache2/conf/domain.crt SSLCertificateKeyFile /usr/local/apache2/conf/domain.key ## SSL settings recommendation from: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html # Anti CRIME SSLCompression off # POODLE and other stuff SSLProtocol all -SSLv2 -SSLv3 -TLSv1 # Secure cypher suites SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLHonorCipherOrder on Header always set "Docker-Distribution-Api-Version" "registry/2.0" Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0" Header always set Strict-Transport-Security "max-age=max-age=15552000; includeSubdomains; preload" Header set Public-Key-Pins "pin-sha256=\"redacted=\"; max-age=15552000; includeSubdomains;" # add for uknow blob Header add X-Forwarded-Proto "https" RequestHeader add X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Proto "https" ProxyRequests off ProxyPreserveHost on # no proxy for /error/ (Apache HTTPd errors messages) ProxyPass /error/ ! ProxyPass /v2 http://registry:5000/v2 ProxyPassReverse /v2 http://registry:5000/v2 Order deny,allow Allow from all AuthName "Registry Authentication" AuthType basic AuthUserFile "/usr/local/apache2/conf/httpd.htpasswd" AuthGroupFile "/usr/local/apache2/conf/httpd.groups" # Read access to authentified users Require valid-user # Write access to docker-deployer only Require group pusher