RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Scheme https early
RequestHeader set X-Forwarded-Proto https early
ProxyPreserveHost On
{% if env == "production" %}
#
# These conditions are ANDed together and negated, and are the list of things we
# do NOT want to use the cdn. ie, the things not going to the cdn will not match
# here and fall through to the regular registry. Everything else will go to the cdn
#
# We don't want the cdn itself to go to the cdn, it needs to get content from origin
RewriteCond %{HTTP:VIA} !cloudfront
# We have a 'registry-no-cdn' host that we don't want to use the cdn
RewriteCond %{SERVER_NAME} !^registry-no-cdn\.fedoraproject\.org$
# We don't want some methods to go to the cdn so we can update it
RewriteCond %{REQUEST_METHOD} !^(PATCH|POST|PUT|DELETE|HEAD)$
# builders shouldn't use the cdn for flatpak building.
RewriteCond expr "! -R '10.16.169.0/24'"
RewriteCond expr "! -R '10.16.170.0/24'"
RewriteCond expr "! -R '10.16.171.0/24'"
RewriteRule ^/v2/(.*)/blobs/([a-zA-Z0-9:]*) https://cdn.registry.fedoraproject.org/v2/$1/blobs/$2 [R]
{% endif %}
# This is terible, but Docker.
RewriteCond %{REQUEST_METHOD} ^(PATCH|POST|PUT|DELETE)$
{% if env == "production" %}
RewriteRule ^/v2/(.*)$ http://oci-registry02:5000/v2/$1 [P,L]
{% elif env == "staging" %}
RewriteRule ^/v2/(.*)$ http://oci-registry01:5000/v2/$1 [P,L]
{% endif %}
RewriteRule ^/v2/(.*)$ http://localhost:10048/v2/$1 [P,L]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest-annotations.json [L,PT]
DocumentRoot /srv/web/registry-index/
Require all granted
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert
SSLOptions +FakeBasicAuth
AuthName "Registry Authentication"
AuthType Basic
AuthUserFile /etc/httpd/conf.d/registry.fedoraproject.org/passwd
Require all granted
Alias "/index/" "/srv/web/registry-index/index/"
Alias "/app-icons/" "/srv/web/registry-index/icons/"
Alias "/deltas/" "/srv/web/registry-index/deltas/"
Alias "/static/" "/srv/web/registry-index/"
Options +FollowSymLinks
ExpiresActive on
ExpiresDefault "access plus 30 minutes"
AllowOverride None
Require all granted
ExpiresActive on
ExpiresDefault "access plus 1 year"
AllowOverride None
Options +Indexes
Require all granted
ExpiresActive on
ExpiresDefault "access plus 1 year"
AllowOverride None
Options +Indexes
Require all granted