diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml
index 37e7114d73..63a09c1f67 100644
--- a/playbooks/include/proxies-fedora-web.yml
+++ b/playbooks/include/proxies-fedora-web.yml
@@ -41,6 +41,8 @@
     website: arm.fedoraproject.org
   - role: fedora-web/budget
     website: budget.fedoraproject.org
+  - role: fedora-web/registry
+    website: registry.fedoraproject.org
 
   # Some other static content, not strictly part of "fedora-web" goes below here
   - role: fedora-docs/proxy
diff --git a/roles/fedora-web/registry/tasks/main.yml b/roles/fedora-web/registry/tasks/main.yml
new file mode 100644
index 0000000000..a00331ff4c
--- /dev/null
+++ b/roles/fedora-web/registry/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: Copy over the Fedora Server CA cert
+  copy: src="{{koji_pki_dir}}/fedora-server-ca.cert" dest=/etc/httpd/pki/fedora-server-ca.cert
+        owner=root group=root mode=0644
+  notify:
+  - reload httpd
+  tags:
+  - fedora-web
+  - fedora-web/registry
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index a0ed950458..377fcfc5b6 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -304,7 +304,7 @@ listen osbs 0.0.0.0:10047
 {% if env == "staging" %}
 listen docker-registry 0.0.0.0:10048
     balance hdr(appserver)
-    server docker-registry01 docker-registry01:443 check inter 10s rise 1 fall 2 check ssl verify none
+    server docker-registry01 docker-registry01:5000 check inter 10s rise 1 fall 2
 {% endif %}
 
 {% if env == "staging" %}
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf
new file mode 100644
index 0000000000..e2c65e17c9
--- /dev/null
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf
@@ -0,0 +1,11 @@
+RequestHeader set X-Forwarded-Scheme https early
+RequestHeader set X-Scheme https early
+RequestHeader set X-Forwarded-Proto https early
+ProxyPreserveHost On
+
+ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
+ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
+
+SSLVerifyClient optional
+SSLVerifyDepth 1
+SSLCACertificateFile /etc/httpd/pki/fedora-server-ca.cert