6745591369
We should be able to accomplish the registry redirect using a single rewrite rule and a single empty file. Change-Id: I85a09d19bbbad1ba7078076644a3c5cea4d8aeb8
45 lines
1.5 KiB
Plaintext
45 lines
1.5 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName registry.zuul-ci.org
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/(.*) https://registry.zuul-ci.org/$1 [last,redirect=permanent]
|
|
|
|
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName registry.zuul-ci.org
|
|
|
|
RewriteEngine on
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/registry.zuul-ci.org/ca.cer
|
|
|
|
DocumentRoot /var/www/registry
|
|
<Directory /var/www/registry>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
Require all granted
|
|
AllowOverride None
|
|
</Directory>
|
|
|
|
RewriteRule ^/v2/(.*)$ https://quay.io/v2/corvus/$1 [R=302,L]
|
|
|
|
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|