diff --git a/manifests/site.pp b/manifests/site.pp
index 9a4c46b863..d3971c446b 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -650,7 +650,7 @@ node /^mirror\..*\.openstack\.org$/ {
   $group = "mirror"
 
   class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80, 8080],
+    iptables_public_tcp_ports => [22, 80, 8080, 8081],
     sysadmins                 => hiera('sysadmins', []),
     afs                       => true,
     afs_cache_size            => 50000000,  # 50GB
diff --git a/modules/openstack_project/templates/mirror.vhost.erb b/modules/openstack_project/templates/mirror.vhost.erb
index 44f9e1d71d..3c69ac88ca 100644
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@@ -8,6 +8,9 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
 Listen 8080
 NameVirtualHost <%= @vhost_name %>:8080
 
+Listen 8081
+NameVirtualHost <%= @vhost_name %>:8081
+
 <VirtualHost <%= @vhost_name %>:<%= @port %>>
     ServerName <%= @srvname %>
     <% if @serveraliases.is_a? Array -%>
@@ -99,9 +102,9 @@ NameVirtualHost <%= @vhost_name %>:8080
       AllowOverride None
     </Directory>
 
-    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_error.log
+    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_error.log
     LogLevel warn
-    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_access.log combined
+    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_access.log combined
     ServerSignature Off
 
     # Caching reverse proxy for things that don't make sense in AFS
@@ -125,3 +128,49 @@ NameVirtualHost <%= @vhost_name %>:8080
     ProxyPass "/rdo/" "https://trunk.rdoproject.org/"
     ProxyPassReverse "/rdo/" "https://trunk.rdoproject.org/"
 </VirtualHost>
+
+<VirtualHost <%= @vhost_name %>:8081>
+    ServerName <%= @srvname %>:8081
+
+    # Disable directory listing by default.
+    <Directory />
+      Order Deny,Allow
+      Deny from all
+      Options None
+      AllowOverride None
+    </Directory>
+
+    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_error.log
+    LogLevel warn
+    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_access.log combined
+    ServerSignature Off
+
+    # Caching reverse proxy for things that don't make sense in AFS
+    #
+    # General cache rules
+    CacheRoot "/opt/apache_cache"
+    CacheDirLevels 5
+    CacheDirLength 3
+    # SSL support
+    SSLProxyEngine on
+    # Prevent thundering herds.
+    CacheLock on
+    CacheLockPath "/tmp/mod_cache-lock"
+    CacheLockMaxAge 5
+    # 100MB
+    CacheMaxFileSize 104857600
+    # Ignore expire headers as the urls use sha256 hashes.
+    CacheIgnoreQueryString On
+    CacheStoreExpired On
+
+    # registry-1.docker.io
+    CacheEnable disk  "/registry-1.docker"
+    ProxyPass "/registry-1.docker/" "https://registry-1.docker.io/"
+    ProxyPassReverse "/registry-1.docker/" "https://registry-1.docker.io/"
+
+    # dseasb33srnrn.cloudfront.net
+    CacheEnable disk "/cloudfront"
+    ProxyPass "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
+    ProxyPassReverse "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
+
+</VirtualHost>