RewriteEngine On
RewriteBase /

# Redirect non-HTTPS traffic to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?registry\.kodeuni\.com$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Secure registry.kodeuni.com
<If "%{HTTP_HOST} =~ /^(www\.)?registry\.kodeuni\.com$/i">
    AuthType Basic
    AuthName "Restricted Docker Registry"
    AuthUserFile /etc/httpd/conf.d/.htpasswd
    Require valid-user
    <RequireAny>
        Require ip 192.168.1.0/24  # Adjust to your network
        Require ip 203.0.113.1     # Adjust to your IP
    </RequireAny>
    # Security headers
    Header always set X-Frame-Options "DENY"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Content-Security-Policy "default-src 'self'"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</If>

# Proxy requests to Docker registry
RewriteCond %{HTTP_HOST} ^(www\.)?registry\.kodeuni\.com$ [NC]
RewriteRule ^(.*)$ https://localhost:5005/$1 [P,L]