Add multitenancy to staging registry

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf

@@ -6,7 +6,16 @@ ProxyPreserveHost On
 RewriteEngine on
 RewriteRule ^/signatures/(.*) /srv/web/registry-signatures/$1 [L]
 
-RewriteRule ^/v2/latest/(.*) /v2/f27/$1 [R,L]
+{% if env == "staging" %}
+RewriteCond %{HTTP_HOST} "registry{{env_suffix}}.fedoraproject.org"
+RewriteRule ^/v2/(.*) /v2/fedora/$1
+
+RewriteCond %{HTTP_HOST} "registry{{env_suffix}}.centos.org"
+RewriteRule ^/v2/(.*) /v2/centos/$1
+{% endif %}
+
+
+RewriteRule ^/v2/fedora/latest/(.*) /v2/fedora/f27/$1 [R,L]
 
 {% if env == "production" %}
 RewriteCond %{HTTP:VIA} !cdn77
@@ -48,8 +57,25 @@ SSLOptions +FakeBasicAuth
   </Limit>
 
   # Write access to docker-deployer only
-  <Limit POST PUT DELETE>
-    Require valid-user
-  </Limit>
+  {% if env == "staging" %}
+  <Location /v2/fedora>
+    <Limit POST PUT DELETE>
+      Require user docker-registry-internal-stg
+    </Limit>
+  </Location>
+
+  <Location /v2/centos>
+    <Limit POST PUT DELETE>
+      Require user docker-registry-centos-stg
+    </Limit>
+  </Location>
+  <Location /v2>
+    Require all denied
+  </Location>
+  {% else %}
+    <Location /v2>
+      require valid-user
+    </Location>
+  {% endif %}
 
 </Location>