diff --git a/modules/openstack_project/templates/mirror.vhost.erb b/modules/openstack_project/templates/mirror.vhost.erb
index 80f4acc03f..88cea25393 100644
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@@ -14,6 +14,8 @@ NameVirtualHost <%= @vhost_name %>:8081
Listen 8082
NameVirtualHost <%= @vhost_name %>:8082
+Listen 8083
+NameVirtualHost <%= @vhost_name %>:8083
LogFormat "%h %l %u %t \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-agent}i\"" combined-cache
@@ -408,3 +410,62 @@ LogFormat "%h %l %u %t \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-a
ProxyPass "/" "https://registry-1.docker.io/" ttl=120 keepalive=On retry=0
ProxyPassReverse "/" "https://registry-1.docker.io/"
+
+# Redhat registry proxy.
+:8083>
+ ServerName <%= @srvname %>:8083
+ <% if @serveraliases.is_a? Array -%>
+ <% @serveraliases.each do |name| -%>
+ <%= " ServerAlias #{name}:8083\n" %>
+ <% end %>
+ <% elsif @serveraliases != nil -%>
+ <%= " ServerAlias #{@serveraliases}:8083" -%>
+ <% end %>
+
+ # Disable directory listing by default.
+
+ Order Deny,Allow
+ Deny from all
+ Options None
+ AllowOverride None
+
+
+ ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8083_error.log
+ LogLevel warn
+ CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8083_access.log combined-cache
+ ServerSignature Off
+
+ # Caching reverse proxy for things that don't make sense in AFS
+ #
+ # General cache rules
+ CacheRoot "/var/cache/apache2/proxy"
+ CacheDirLevels 5
+ CacheDirLength 2
+ # SSL support
+ SSLProxyEngine on
+ # Prevent thundering herds.
+ CacheLock on
+ CacheLockPath "/tmp/mod_cache-lock"
+ CacheLockMaxAge 5
+ # 5GiB
+ CacheMaxFileSize 5368709120
+ # Ignore expire headers as the urls use sha256 hashes.
+ CacheIgnoreQueryString On
+ CacheDefaultExpire 86400
+ CacheStoreExpired On
+
+ # e14353.d.akamaiedge.net
+ CacheEnable disk "/e14353.d.akamaiedge"
+ ProxyPass "/e14353.d.akamaiedge/" "https://e14353.d.akamaiedge.net/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/e14353.d.akamaiedge/" "https://e14353.d.akamaiedge.net/"
+
+ # edgekey.net
+ CacheEnable disk "/redhat.com.edgekey"
+ ProxyPass "/redhat.com.edgekey/" "https://registry.access.redhat.com.edgekey.net/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/redhat.com.edgekey/" "https://registry.access.redhat.com.edgekey.net/"
+
+ # registry.access.redhat.com
+ CacheEnable disk "/"
+ ProxyPass "/" "https://registry.access.redhat.com/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/" "https://registry.access.redhat.com/"
+
diff --git a/playbooks/group_vars/mirror.yaml b/playbooks/group_vars/mirror.yaml
index ec2b85c27c..0c08088397 100644
--- a/playbooks/group_vars/mirror.yaml
+++ b/playbooks/group_vars/mirror.yaml
@@ -3,3 +3,4 @@ iptables_extra_public_tcp_ports:
- 8080
- 8081
- 8082
+ - 8083
diff --git a/playbooks/group_vars/mirror_opendev.yaml b/playbooks/group_vars/mirror_opendev.yaml
index 3f4cb5ba92..e65dc65cb2 100644
--- a/playbooks/group_vars/mirror_opendev.yaml
+++ b/playbooks/group_vars/mirror_opendev.yaml
@@ -4,3 +4,4 @@ iptables_extra_public_tcp_ports:
- 8080
- 8081
- 8082
+ - 8083
diff --git a/playbooks/roles/mirror/templates/mirror.vhost.j2 b/playbooks/roles/mirror/templates/mirror.vhost.j2
index 582cfb7f7d..891470296f 100644
--- a/playbooks/roles/mirror/templates/mirror.vhost.j2
+++ b/playbooks/roles/mirror/templates/mirror.vhost.j2
@@ -11,6 +11,9 @@ NameVirtualHost *:8081
Listen 8082
NameVirtualHost *:8082
+Listen 8083
+NameVirtualHost *:8083
+
{% raw %}
LogFormat "%h %l %u [%{%F %T}t.%{msec_frac}t] \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-agent}i\"" combined-cache
ErrorLogFormat "[%{cu}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% , \ referer\ %{Referer}i"
@@ -405,3 +408,56 @@ ErrorLogFormat "[%{cu}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% , \
ProxyPass "/" "https://registry-1.docker.io/" ttl=120 keepalive=On retry=0
ProxyPassReverse "/" "https://registry-1.docker.io/"
+
+# Redhat registry proxy.
+
+ ServerName {{ apache_server_name }}:8083
+ ServerAlias {{ apache_server_alias }}:8083
+
+ # Disable directory listing by default.
+
+ Order Deny,Allow
+ Deny from all
+ Options None
+ AllowOverride None
+
+
+ ErrorLog /var/log/apache2/proxy_8083_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/proxy_8083_access.log combined-cache
+ ServerSignature Off
+
+ # Caching reverse proxy for things that don't make sense in AFS
+ #
+ # General cache rules
+ CacheRoot "/var/cache/apache2/proxy"
+ CacheDirLevels 5
+ CacheDirLength 2
+ # SSL support
+ SSLProxyEngine on
+ # Prevent thundering herds.
+ CacheLock on
+ CacheLockPath "/tmp/mod_cache-lock"
+ CacheLockMaxAge 5
+ # 5GiB
+ CacheMaxFileSize 5368709120
+ # Ignore expire headers as the urls use sha256 hashes.
+ CacheIgnoreQueryString On
+ CacheDefaultExpire 86400
+ CacheStoreExpired On
+
+ # e14353.d.akamaiedge.net
+ CacheEnable disk "/e14353.d.akamaiedge"
+ ProxyPass "/e14353.d.akamaiedge/" "https://e14353.d.akamaiedge.net/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/e14353.d.akamaiedge/" "https://e14353.d.akamaiedge.net/"
+
+ # edgekey.net
+ CacheEnable disk "/redhat.com.edgekey"
+ ProxyPass "/redhat.com.edgekey/" "https://registry.access.redhat.com.edgekey.net/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/redhat.com.edgekey/" "https://registry.access.redhat.com.edgekey.net/"
+
+ # registry.access.redhat.com
+ CacheEnable disk "/"
+ ProxyPass "/" "https://registry.access.redhat.com/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/" "https://registry.access.redhat.com/"
+