WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 21:41:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
fedora-infra_ansible/roles/httpd/reverseproxy/templates/reversepassproxy.registry-generic.conf
Mattia Verga 2b4de7b85d another try on registry redirection 
Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
2025-01-20 23:18:55 +00:00

120 lines
4.2 KiB
Plaintext
Raw Blame History

RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Scheme https early
RequestHeader set X-Forwarded-Proto https early
ProxyPreserveHost On
{% if env == "production" %}
#
# These conditions are ANDed together and negated, and are the list of things we
# do NOT want to use the cdn. ie, the things not going to the cdn will not match
# here and fall through to the regular registry. Everything else will go to the cdn
#
# We don't want the cdn itself to go to the cdn, it needs to get content from origin
RewriteCond %{HTTP:VIA} !cloudfront
# We have a 'registry-no-cdn' host that we don't want to use the cdn
RewriteCond %{SERVER_NAME} !^registry-no-cdn\.fedoraproject\.org$
# We don't want some methods to go to the cdn so we can update it
RewriteCond %{REQUEST_METHOD} !^(PATCH|POST|PUT|DELETE|HEAD)$
# builders shouldn't use the cdn for flatpak building.
RewriteCond expr "! -R '10.3.169.0/24'"
RewriteCond expr "! -R '10.3.170.0/24'"
RewriteCond expr "! -R '10.3.171.0/24'"
RewriteRule ^/v2/(.*)/blobs/([a-zA-Z0-9:]*) https://cdn.registry.fedoraproject.org/v2/$1/blobs/$2 [R]
{% endif %}
# This is terible, but Docker.
RewriteCond %{REQUEST_METHOD} ^(PATCH|POST|PUT|DELETE)$
{% if env == "production" %}
RewriteRule ^/v2/(.*)$ http://oci-registry02:5000/v2/$1 [P,L]
{% elif env == "staging" %}
RewriteRule ^/v2/(.*)$ http://oci-registry01:5000/v2/$1 [P,L]
{% endif %}
RewriteRule ^/v2/(.*)$ http://localhost:10048/v2/$1 [P,L]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest-annotations.json [L,PT]
DocumentRoot /srv/web/registry-index/
<Directory /srv/web/registry-index>
Require all granted
</Directory>
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert
SSLOptions +FakeBasicAuth
<Location /v2>
AuthName "Registry Authentication"
AuthType Basic
AuthUserFile /etc/httpd/conf.d/registry.fedoraproject.org/passwd
<Limit GET HEAD>
Require all granted
</Limit>
</Location>
Alias "/index/" "/srv/web/registry-index/index/"
Alias "/app-icons/" "/srv/web/registry-index/icons/"
Alias "/deltas/" "/srv/web/registry-index/deltas/"
Alias "/static/" "/srv/web/registry-index/"
<Directory “/srv/web/registry-index/index/">
Options +FollowSymLinks
ExpiresActive on
ExpiresDefault "access plus 30 minutes"
AllowOverride None
Require all granted
</Directory>
<Directory "/srv/web/registry-index/icons/">
ExpiresActive on
ExpiresDefault "access plus 1 year"
AllowOverride None
Options +Indexes
Require all granted
</Directory>
<Directory "/srv/web/registry-index/deltas/">
ExpiresActive on
ExpiresDefault "access plus 1 year"
AllowOverride None
Options +Indexes
Require all granted
</Directory>
Reference in New Issue View Git Blame Copy Permalink