aee123862c
This is mostly harmless, but since we don't actually test the v1 path and basically nothing uses it anymore, remove it so that we catch v2 errors more easily (and also don't accidentally end up with a half-working v1). Change-Id: Ia62b840f25cf38c0548fd7159fea334b06ba8404
45 lines
1.5 KiB
Plaintext
45 lines
1.5 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName registry.zuul-ci.org
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/(.*) https://registry.zuul-ci.org/$1 [last,redirect=permanent]
|
|
|
|
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName registry.zuul-ci.org
|
|
|
|
RewriteEngine on
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Once the machine is using something to terminate TLS that supports ECDHE
|
|
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
|
|
# only is guarenteed.
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
SSLCertificateFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/registry.zuul-ci.org/ca.cer
|
|
|
|
DocumentRoot /var/www/registry
|
|
<Directory /var/www/registry>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
Require all granted
|
|
AllowOverride None
|
|
</Directory>
|
|
|
|
RewriteRule ^/v2/(.+)$ https://quay.io/v2/corvus/$1 [R=302,L]
|
|
|
|
ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
|
|
LogLevel warn
|
|
CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
</IfModule>
|