From 8112d01b9be3b42f78d031787042ba5789dff89a Mon Sep 17 00:00:00 2001 From: Per Lundberg Date: Wed, 20 Jun 2018 16:28:10 +0300 Subject: [PATCH 1/3] nginx.md: Add note about potential security isues I thought about this while setting this up, and then found this guide (I was setting it up without the guide first.) The potential security implications are important, so I think we should mention them here on this web page. (We could even go further by outright _warning_ people about this, but perhaps letting people know about it so they can make an informed decision is a better way to go. This can be perfectly fine for certain intranet scenarios.) --- docs/recipes/nginx.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/recipes/nginx.md b/docs/recipes/nginx.md index 73370f7e0..81c448467 100644 --- a/docs/recipes/nginx.md +++ b/docs/recipes/nginx.md @@ -38,6 +38,12 @@ you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself. +> Another important thing to note is that by binding your registry to +> `localhost:5000` without authentication, you open up a potential loophole in +> your Docker Registry security - anyone who can log on to the server where your +> Docker Registry is running can push images to your registry, without +> authentication. This could have potentially devastating effects. + Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra complexity is required. From f89f0867e2ec64ad002b11db7b5617b48362f1ce Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Wed, 2 Jan 2019 08:51:16 -0700 Subject: [PATCH 2/3] Update nginx.md wording --- docs/recipes/nginx.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/recipes/nginx.md b/docs/recipes/nginx.md index 81c448467..1f039f611 100644 --- a/docs/recipes/nginx.md +++ b/docs/recipes/nginx.md @@ -38,11 +38,10 @@ you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself. -> Another important thing to note is that by binding your registry to -> `localhost:5000` without authentication, you open up a potential loophole in -> your Docker Registry security - anyone who can log on to the server where your -> Docker Registry is running can push images to your registry, without -> authentication. This could have potentially devastating effects. +> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without +> authentication. This creates a potential loophole in your Docker Registry security. +> As a result, anyone with access to your Docker Registry can push images without +> authentication. Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra From 43b914b687eaddc1cc8157520b1d292e8d003cb1 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Tue, 22 Jan 2019 16:16:38 -0700 Subject: [PATCH 3/3] Update nginx.md Fixed security warning, changed to "anyone who can log on to the server where your Docker Registry is running" --- docs/recipes/nginx.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/recipes/nginx.md b/docs/recipes/nginx.md index 1f039f611..6673b2a22 100644 --- a/docs/recipes/nginx.md +++ b/docs/recipes/nginx.md @@ -40,8 +40,8 @@ proxy itself. > ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without > authentication. This creates a potential loophole in your Docker Registry security. -> As a result, anyone with access to your Docker Registry can push images without -> authentication. +> As a result, anyone who can log on to the server where your Docker Registry is running +> can push images without authentication. Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra