diff --git a/modules/openstack_project/templates/mirror.vhost.erb b/modules/openstack_project/templates/mirror.vhost.erb
index 88cea25393..479f3cbd74 100644
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@@ -469,3 +469,57 @@ LogFormat "%h %l %u %t \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-a
ProxyPass "/" "https://registry.access.redhat.com/" ttl=120 keepalive=On retry=0
ProxyPassReverse "/" "https://registry.access.redhat.com/"
+
+# Quay registry proxy.
+:8084>
+ ServerName <%= @srvname %>:8084
+ <% if @serveraliases.is_a? Array -%>
+ <% @serveraliases.each do |name| -%>
+ <%= " ServerAlias #{name}:8084\n" %>
+ <% end %>
+ <% elsif @serveraliases != nil -%>
+ <%= " ServerAlias #{@serveraliases}:8084" -%>
+ <% end %>
+
+ # Disable directory listing by default.
+
+ Order Deny,Allow
+ Deny from all
+ Options None
+ AllowOverride None
+
+
+ ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8084_error.log
+ LogLevel warn
+ CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8084_access.log combined-cache
+ ServerSignature Off
+
+ # Caching reverse proxy for things that don't make sense in AFS
+ #
+ # General cache rules
+ CacheRoot "/var/cache/apache2/proxy"
+ CacheDirLevels 5
+ CacheDirLength 2
+ # SSL support
+ SSLProxyEngine on
+ # Prevent thundering herds.
+ CacheLock on
+ CacheLockPath "/tmp/mod_cache-lock"
+ CacheLockMaxAge 5
+ # 5GiB
+ CacheMaxFileSize 5368709120
+ # Ignore expire headers as the urls use sha256 hashes.
+ CacheIgnoreQueryString On
+ CacheDefaultExpire 86400
+ CacheStoreExpired On
+
+ # iah50.r.cloudfront.net
+ CacheEnable disk "/iah50.r.cloudfront.net"
+ ProxyPass "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/"
+
+ # quay.io
+ CacheEnable disk "/"
+ ProxyPass "/" "https://quay.io/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/" "https://quay.io/"
+
diff --git a/playbooks/group_vars/mirror.yaml b/playbooks/group_vars/mirror.yaml
index 0c08088397..beae37d749 100644
--- a/playbooks/group_vars/mirror.yaml
+++ b/playbooks/group_vars/mirror.yaml
@@ -4,3 +4,4 @@ iptables_extra_public_tcp_ports:
- 8081
- 8082
- 8083
+ - 8084
diff --git a/playbooks/group_vars/mirror_opendev.yaml b/playbooks/group_vars/mirror_opendev.yaml
index e65dc65cb2..1306e83cf7 100644
--- a/playbooks/group_vars/mirror_opendev.yaml
+++ b/playbooks/group_vars/mirror_opendev.yaml
@@ -5,3 +5,4 @@ iptables_extra_public_tcp_ports:
- 8081
- 8082
- 8083
+ - 8084
diff --git a/playbooks/roles/mirror/templates/mirror.vhost.j2 b/playbooks/roles/mirror/templates/mirror.vhost.j2
index 36c3640915..d9218e58f7 100644
--- a/playbooks/roles/mirror/templates/mirror.vhost.j2
+++ b/playbooks/roles/mirror/templates/mirror.vhost.j2
@@ -463,3 +463,51 @@ ErrorLogFormat "[%{cu}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% , \
ProxyPass "/" "https://registry.access.redhat.com/" ttl=120 keepalive=On retry=0
ProxyPassReverse "/" "https://registry.access.redhat.com/"
+
+# Quay registry proxy.
+
+ ServerName {{ apache_server_name }}:8084
+ ServerAlias {{ apache_server_alias }}:8084
+
+ # Disable directory listing by default.
+
+ Order Deny,Allow
+ Deny from all
+ Options None
+ AllowOverride None
+
+
+ ErrorLog /var/log/apache2/proxy_8083_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/proxy_8083_access.log combined-cache
+ ServerSignature Off
+
+ # Caching reverse proxy for things that don't make sense in AFS
+ #
+ # General cache rules
+ CacheRoot "/var/cache/apache2/proxy"
+ CacheDirLevels 5
+ CacheDirLength 2
+ # SSL support
+ SSLProxyEngine on
+ # Prevent thundering herds.
+ CacheLock on
+ CacheLockPath "/tmp/mod_cache-lock"
+ CacheLockMaxAge 5
+ # 5GiB
+ CacheMaxFileSize 5368709120
+ # Ignore expire headers as the urls use sha256 hashes.
+ CacheIgnoreQueryString On
+ CacheDefaultExpire 86400
+ CacheStoreExpired On
+
+ # iah50.r.cloudfront.net
+ CacheEnable disk "/iah50.r.cloudfront.net"
+ ProxyPass "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/"
+
+ # quay.io
+ CacheEnable disk "/"
+ ProxyPass "/" "https://quay.io/" ttl=120 keepalive=On retry=0
+ ProxyPassReverse "/" "https://quay.io/"
+