From e3170854f973bf32d4d63b59aee75df7510cffc9 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Thu, 21 Feb 2019 11:22:08 -0800
Subject: [PATCH] Fix docker registry proxy

Our proxy was always returning 404 on content blobs because the
CDN part of the proxy was not matching since it appeared after
a greedier match.

Change-Id: Ie88a0e1f554922f6328809b3d96266cc7a20152b
---
 .../openstack_project/templates/mirror.vhost.erb  | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/modules/openstack_project/templates/mirror.vhost.erb b/modules/openstack_project/templates/mirror.vhost.erb
index e1457760a8..a53bea84d7 100644
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@@ -390,13 +390,6 @@ LogFormat "%h %l %u %t \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-a
     CacheDefaultExpire 86400
     CacheStoreExpired On
 
-    # NOTE(SamYaple): Docker has historically not allowed to have anything in
-    # the URI, but it wasn't enforced until they started validating the config
-    # in docker-ce 17.10. Prior to that, it was working fine.
-    CacheEnable disk  "/"
-    ProxyPass "/" "https://registry-1.docker.io/" ttl=120 keepalive=On retry=0
-    ProxyPassReverse "/" "https://registry-1.docker.io/"
-
     # dseasb33srnrn.cloudfront.net
     CacheEnable disk "/cloudfront"
     ProxyPass "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/" ttl=120 keepalive=On retry=0
@@ -407,4 +400,12 @@ LogFormat "%h %l %u %t \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-a
     ProxyPass "/cloudflare/" "https://production.cloudflare.docker.com/" ttl=120 keepalive=On retry=0
     ProxyPassReverse "/cloudflare/" "https://production.cloudflare.docker.com/"
 
+    # NOTE(SamYaple): Docker has historically not allowed to have anything in
+    # the URI, but it wasn't enforced until they started validating the config
+    # in docker-ce 17.10. Prior to that, it was working fine.
+    # NOTE(corvus): Ensure this stanza is last since it's the most
+    # greedy match.
+    CacheEnable disk  "/"
+    ProxyPass "/" "https://registry-1.docker.io/" ttl=120 keepalive=On retry=0
+    ProxyPassReverse "/" "https://registry-1.docker.io/"
 </VirtualHost>