apache-site.conf

<VirtualHost *:*>

  DocumentRoot /var/www/html
  ServerName localhost

  # When FRONTEND_BROWSE_ONLY_MODE is defined in envvars
  # we will only allow GET requests to the frontend. All other
  # HTTP requests will be aborted with a HTTP 403 Error.

  <IfDefine FRONTEND_BROWSE_ONLY_MODE>
    <Location />
      <LimitExcept GET>
        Order Allow,Deny
        Deny From All
      </LimitExcept>
    </Location>
  </IfDefine>

  # Proxy all docker REST API registry
  # requests to the docker registry server.

  <IfModule ssl_module>
     SSLProxyEngine on
     # SSLProxyVerify none
     SSLProxyCheckPeerCN off
     SSLProxyCheckPeerName off
  </IfModule>
  ProxyPreserveHost On
  ProxyPass /v1/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v1/
  ProxyPassReverse /v1/ ${DOCKER_REGISTRY_SCHEME}://${DOCKER_REGISTRY_HOST}:${DOCKER_REGISTRY_PORT}/v1/

  # Enable Kerberos authentication if requested
  # NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.
  #       And the variables are also set by the script.

  <IfModule mod_auth_kerb.c>
    <Location "/">
      Options FollowSymLinks Indexes

      AuthType Kerberos
      AuthName "${AUTH_NAME}"
      KrbAuthRealms ${AUTH_KRB_REALMS}
      KrbServiceName ${AUTH_KRB_SERVICE_NAME}
      Krb5Keytab ${AUTH_KRB5_KEYTAB}
      KrbMethodNegotiate on
      KrbMethodK5Passwd on

      Require valid-user
    </Location>
  </IfModule>

  # Enable SSL encryption if requested
  # NOTE: The module will be loaded or unloaded by the /root/start-apache.sh script.

  <IfModule ssl_module>
    <IfDefine USE_SSL>
      ServerName localhost
      SSLEngine on
      SSLCertificateFile /etc/apache2/server.crt
      SSLCertificateKeyFile /etc/apache2/server.key
    </IfDefine>
  </IfModule>

  # Allow ping and users to run unauthenticated.
  <Location /v1/_ping>
    Satisfy any
    Allow from all
  </Location>

</VirtualHost>