From cb57b256892b7d6c046cf28e45b9114f28f07aa3 Mon Sep 17 00:00:00 2001
From: Richard Scothern <richard.scothern@gmail.com>
Date: Tue, 21 Jul 2015 14:10:34 -0700
Subject: [PATCH 1/2] Configure TLS for private registry mirrors.

If a registry mirror is using TLS, ensure that certs for it
are picked up from /etc/docker/certs.d

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
---
 registry/service.go | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/registry/service.go b/registry/service.go
index 8dda537a98..64ea242a21 100644
--- a/registry/service.go
+++ b/registry/service.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -161,19 +162,31 @@ func (s *Service) TlsConfig(hostname string) (*tls.Config, error) {
 	return &tlsConfig, nil
 }
 
+func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {
+	mirrorUrl, err := url.Parse(mirror)
+	if err != nil {
+		return nil, err
+	}
+	return s.TlsConfig(mirrorUrl.Host)
+}
+
 func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err error) {
 	var cfg = tlsconfig.ServerDefault
 	tlsConfig := &cfg
 	if strings.HasPrefix(repoName, DEFAULT_NAMESPACE+"/") {
 		// v2 mirrors
 		for _, mirror := range s.Config.Mirrors {
+			mirrorTlsConfig, err := s.tlsConfigForMirror(mirror)
+			if err != nil {
+				return nil, err
+			}
 			endpoints = append(endpoints, APIEndpoint{
 				URL: mirror,
 				// guess mirrors are v2
 				Version:      APIVersion2,
 				Mirror:       true,
 				TrimHostname: true,
-				TLSConfig:    tlsConfig,
+				TLSConfig:    mirrorTlsConfig,
 			})
 		}
 		// v2 registry
@@ -187,13 +200,17 @@ func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err
 		// v1 mirrors
 		// TODO(tiborvass): shouldn't we remove v1 mirrors from here, since v1 mirrors are kinda special?
 		for _, mirror := range s.Config.Mirrors {
+			mirrorTlsConfig, err := s.tlsConfigForMirror(mirror)
+			if err != nil {
+				return nil, err
+			}
 			endpoints = append(endpoints, APIEndpoint{
 				URL: mirror,
 				// guess mirrors are v1
 				Version:      APIVersion1,
 				Mirror:       true,
 				TrimHostname: true,
-				TLSConfig:    tlsConfig,
+				TLSConfig:    mirrorTlsConfig,
 			})
 		}
 		// v1 registry

From 6b36a488e77c9d91c8eacb07053bff263bda04f3 Mon Sep 17 00:00:00 2001
From: Richard Scothern <richard.scothern@gmail.com>
Date: Tue, 21 Jul 2015 15:03:51 -0700
Subject: [PATCH 2/2] Remove v1 registry mirror configuration from
 LookupEndpoints.

V1 mirrors do not mirror the index and those endpoints should
only be indexes.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
---
 registry/service.go | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/registry/service.go b/registry/service.go
index 64ea242a21..1be448e457 100644
--- a/registry/service.go
+++ b/registry/service.go
@@ -197,22 +197,6 @@ func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err
 			TrimHostname: true,
 			TLSConfig:    tlsConfig,
 		})
-		// v1 mirrors
-		// TODO(tiborvass): shouldn't we remove v1 mirrors from here, since v1 mirrors are kinda special?
-		for _, mirror := range s.Config.Mirrors {
-			mirrorTlsConfig, err := s.tlsConfigForMirror(mirror)
-			if err != nil {
-				return nil, err
-			}
-			endpoints = append(endpoints, APIEndpoint{
-				URL: mirror,
-				// guess mirrors are v1
-				Version:      APIVersion1,
-				Mirror:       true,
-				TrimHostname: true,
-				TLSConfig:    mirrorTlsConfig,
-			})
-		}
 		// v1 registry
 		endpoints = append(endpoints, APIEndpoint{
 			URL:          DEFAULT_V1_REGISTRY,