AndyA · May 16, 2019 16:54
diff --git a/docker-registry.conf b/docker-registry.conf
 <IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerName "registry.example.com"

    DocumentRoot /opt/registry.example.com/www

    CustomLog "|/usr/bin/rotatelogs -L /opt/registry.example.com/logs/apache.access_log.current /opt/registry.example.com/logs/apache.access_log 86400" combined
    ErrorLog "|/usr/bin/rotatelogs -L /opt/registry.example.com/logs/apache.error_log.current /opt/registry.example.com/logs/apache.error_log 86400"

    ProxyRequests off
    ProxyPreserveHost on

    ProxyPass /v2 http://localhost:5000/v2
    ProxyPassReverse /v2 http://localhost:5000/v2

    <Directory /opt/registry.example.com/www>
      AllowOverride All
      Options +ExecCGI -MultiViews +FollowSymLinks
      Require all granted
    </Directory>

    <Location /v2>

      RequestHeader set X-Forwarded-Proto https

      AuthName "Example Docker Registry"
      AuthType Basic
      AuthUserFile "/etc/apache2/passwd/docker"
      AuthGroupFile "/etc/apache2/passwd/docker.group"

      # Read access to authentified users
      <Limit GET HEAD>
        <RequireAny >
          Require forward-dns home.dyn.example.com
          Require local
          Require valid-user
        </RequireAny>
      </Limit>

      # Write access to docker-deployer only
      <Limit POST PUT DELETE PATCH>
        <RequireAny >
          Require forward-dns home.dyn.example.com
          Require local
          Require group pusher
        </RequireAny>
      </Limit>
    </Location>

    # Pass-through for certbot. Not currently necessary: we only proxy /v2
    <Location /.well-known/acme-challenge>
      ProxyPass !
      Require all granted
    </Location>

    SSLCertificateFile /etc/letsencrypt/live/registry.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/registry.example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
  </VirtualHost>
 </IfModule>
diff --git a/registry.sh b/registry.sh
 # Run the docker registry
 docker run -d -p 5000:5000 --restart unless-stopped --name registry -v /data/docker/registry:/var/lib/registry registry:2
	<IfModule mod_ssl.c>
	<VirtualHost *:443>
	ServerName "registry.example.com"

	DocumentRoot /opt/registry.example.com/www

	CustomLog "\|/usr/bin/rotatelogs -L /opt/registry.example.com/logs/apache.access_log.current /opt/registry.example.com/logs/apache.access_log 86400" combined
	ErrorLog "\|/usr/bin/rotatelogs -L /opt/registry.example.com/logs/apache.error_log.current /opt/registry.example.com/logs/apache.error_log 86400"

	ProxyRequests off
	ProxyPreserveHost on

	ProxyPass /v2 http://localhost:5000/v2
	ProxyPassReverse /v2 http://localhost:5000/v2

	<Directory /opt/registry.example.com/www>
	AllowOverride All
	Options +ExecCGI -MultiViews +FollowSymLinks
	Require all granted
	</Directory>

	<Location /v2>

	RequestHeader set X-Forwarded-Proto https

	AuthName "Example Docker Registry"
	AuthType Basic
	AuthUserFile "/etc/apache2/passwd/docker"
	AuthGroupFile "/etc/apache2/passwd/docker.group"

	# Read access to authentified users
	<Limit GET HEAD>
	<RequireAny >
	Require forward-dns home.dyn.example.com
	Require local
	Require valid-user
	</RequireAny>
	</Limit>

	# Write access to docker-deployer only
	<Limit POST PUT DELETE PATCH>
	<RequireAny >
	Require forward-dns home.dyn.example.com
	Require local
	Require group pusher
	</RequireAny>
	</Limit>
	</Location>

	# Pass-through for certbot. Not currently necessary: we only proxy /v2
	<Location /.well-known/acme-challenge>
	ProxyPass !
	Require all granted
	</Location>

	SSLCertificateFile /etc/letsencrypt/live/registry.example.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/registry.example.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
	</VirtualHost>
	</IfModule>
	# Run the docker registry
	docker run -d -p 5000:5000 --restart unless-stopped --name registry -v /data/docker/registry:/var/lib/registry registry:2